|
ID: |
TLSA-2008-5 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Di, 29. Januar 2008, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-5
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 28 Jan 2007
Last revised: 28 Jan 2007
Package: httpd
Summary: Cross-site scripting (XSS) vulnerabilities
More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
The Multiple cross-site scripting vulnerabilities exist in httpd.
Impact:
This vulnerabilities can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm
4770478 43cc94884710f6713e4c8009bc13cc8e
Binary Packages
Size: MD5
httpd-2.2.6-8.x86_64.rpm
1248348 50da0d7e23917d0dbafd8d376e86d15f
httpd-devel-2.2.6-8.x86_64.rpm
153058 32e998bfa6bbbd0a3d0bd79b0f6fbc5e
httpd-manual-2.2.6-8.x86_64.rpm
859352 01361da97499c944836b16b936797806
mod_ssl-2.2.6-8.x86_64.rpm
89658 c72ddaea571070dc37cba8ba35830257
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm
4770478 f3da0e7aa7062cba0e8cd6312a20695a
Binary Packages
Size: MD5
httpd-2.2.6-8.i686.rpm
1176880 9b523bcfbf9abef68277521bfec5ef9b
httpd-devel-2.2.6-8.i686.rpm
153408 45dac1d8384666820fc35d86277b7930
httpd-manual-2.2.6-8.i686.rpm
858588 cadde127cd3dd9a8e4769dc85c757ff2
mod_ssl-2.2.6-8.i686.rpm
85358 c7ec94c102fc44df38467818f050e5a4
Source Packages
Size: MD5
httpd-2.0.51-35.src.rpm
6858623 47212add106398346b5d432b6922a4f1
Binary Packages
Size: MD5
httpd-2.0.51-35.i586.rpm
1033845 58883058ff379660fa269124a22811ba
httpd-devel-2.0.51-35.i586.rpm
225514 72b6507f46aa55c9614380e7e9efc79e
httpd-manual-2.0.51-35.i586.rpm
1132971 605d06f537f5dc44db1a8061a55eade5
mod_bwshare-2.0.51-35.i586.rpm
41674 27e675ac33117394ae5c0f6be0b65cad
mod_ssl-2.0.51-35.i586.rpm
89616 242ea7747de344647873a44ef0f40f53
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-21.src.rpm
7624643 a71265885b03c6d5bdef84a290fede4c
Binary Packages
Size: MD5
httpd-2.0.54-21.i686.rpm
1266572 bb94f6cba63f623f290a0c76d22c1e5f
httpd-devel-2.0.54-21.i686.rpm
277155 8c47f7a5cead63ce4518fa6e8afb99fd
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm
6858623 048b7bd476b2b449169cb6f628f17108
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-35.x86_64.rpm
1144086 ba937d6d1cf34ea0fabf8218ceef92a8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-35.x86_64.rpm
3534820 4281168ebc668c1f212443e3baba1d30
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-35.x86_64.rpm
225526 f62d934a3a73fa8314b0f51d8d339612
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-35.x86_64.rpm
1133963 083326e547eb92f412f61c1180c38b38
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-35.x86_64.rpm
42412 0e363f7fc1467d4ed4841e5490f5a015
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-35.x86_64.rpm
97213 bf07993ade5ba631ca6088d15ddad66a
Source Packages
Size: MD5
apache-1.3.27-44.src.rpm
3117812 b38442e3eaff5336d97ca43de1d4d388
Binary Packages
Size: MD5
apache-1.3.27-44.i586.rpm
538734 92c97be339f9ef172bd1c4d532f04be6
apache-devel-1.3.27-44.i586.rpm
95903 697807d64bfbfdbdcd5ea710010a91c7
mod_ssl-2.8.14-44.i586.rpm
183386 3f0c8eed6b0cc47842f88a28cd6f75b7
Source Packages
Size: MD5
apache-1.3.27-44.src.rpm
3117812 df39b77c25ce07194f61a2a012289a51
Binary Packages
Size: MD5
apache-1.3.27-44.i586.rpm
503956 29607656d80312befe94f6802887574a
apache-devel-1.3.27-44.i586.rpm
96220 1c48ea5f1212e3eb16d83f0ed0d12073
mod_ssl-2.8.14-44.i586.rpm
183517 1dfca53a5a7f13fb7612351882da29c0
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm
6858623 47212add106398346b5d432b6922a4f1
Binary Packages
Size: MD5
httpd-2.0.51-35.i586.rpm
1033845 58883058ff379660fa269124a22811ba
httpd-debug-2.0.51-35.i586.rpm
3540524 c13a1d148a64f95dcfa6f0f64f97ac31
httpd-devel-2.0.51-35.i586.rpm
225514 72b6507f46aa55c9614380e7e9efc79e
httpd-manual-2.0.51-35.i586.rpm
1132971 605d06f537f5dc44db1a8061a55eade5
mod_bwshare-2.0.51-35.i586.rpm
41674 27e675ac33117394ae5c0f6be0b65cad
mod_ssl-2.0.51-35.i586.rpm
89616 242ea7747de344647873a44ef0f40f53
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-23.src.rpm
6326945 88b325ab81d50263c070783066d062f5
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-23.i586.rpm
893313 f2ea498155f16a57f9d29942e8d7c11b
References:
CVE
[CVE-2007-4465]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
[CVE-2007-6388]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
[CVE-2007-6421]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
[CVE-2007-6422]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
[CVE-2008-0005]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
--------------------------------------------------------------------------
Revision History
28 Jan 2008 Initial release
--------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iEYEARECAAYFAkedbiEACgkQK0LzjOqIJMyH9wCfXU2fX+ifwiEcEDxmYmwmbotQ
FOQAn0UvOwfGCWVqa6Dekze2COtEKPyR
=NTHD
-----END PGP SIGNATURE-----
|