Plattformen: |
Turbolinux Client 2008, Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-34
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 18 Sep 2008
Last revised: 18 Sep 2008
Package: httpd
Summary: Cross-site scripting (XSS) vulnerability
More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module
in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in
Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary
web script or HTML via a wildcard in the last directory component in the pathname
in an FTP URI. (CVE-2008-2939)
Affected Products:
- Turbolinux Client 2008
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal
Source Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/httpd-2.2.6-10.src.rpm
4776718 5b5cdcd203ced7cc9e5bdd190c0aa41d
Binary Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-2.2.6-10.i586.rpm
1232148 3d67295de4fa3477b87755c905fce93f
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-devel-2.2.6-10.i586.rpm
148740 3c4e55459b21d274f0a29df736fae492
Source Packages
Size: MD5
httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691
Binary Packages
Size: MD5
httpd-2.2.6-10.x86_64.rpm
1249458 86daa821650cdaf21479572c0dd74e4c
httpd-manual-2.2.6-10.x86_64.rpm
859031 8913f45ff4d9361b7cac18d268ccae24
httpd-rootsrv-2.2.6-10.x86_64.rpm
230037 faf1d57f2ef3672fe63dd9b15f0fc4c8
mod_ssl-2.2.6-10.x86_64.rpm
89708 5a5ebccfe29ed2076643de0ce71eb250
Source Packages
Size: MD5
httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691
Binary Packages
Size: MD5
httpd-2.2.6-10.i686.rpm
1177558 75f6c47cc25eccce3c87943d41746d53
httpd-manual-2.2.6-10.i686.rpm
858875 76d04221d155557759f5c8a208cc081b
httpd-rootsrv-2.2.6-10.i686.rpm
216647 7d7e002de353deb9947894e0317ed8e3
mod_ssl-2.2.6-10.i686.rpm
85565 3d9e5f9e8e7d64e469f00c8d219919f8
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691
Binary Packages
Size: MD5
httpd-2.2.6-10.x86_64.rpm
1249458 86daa821650cdaf21479572c0dd74e4c
httpd-devel-2.2.6-10.x86_64.rpm
153169 f0cbf32797f2bff7194f51e9eae260c8
httpd-manual-2.2.6-10.x86_64.rpm
859031 8913f45ff4d9361b7cac18d268ccae24
mod_ssl-2.2.6-10.x86_64.rpm
89708 5a5ebccfe29ed2076643de0ce71eb250
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691
Binary Packages
Size: MD5
httpd-2.2.6-10.i686.rpm
1177558 75f6c47cc25eccce3c87943d41746d53
httpd-devel-2.2.6-10.i686.rpm
153815 45b3045146fd0b71e32234fbf7234354
httpd-manual-2.2.6-10.i686.rpm
858875 76d04221d155557759f5c8a208cc081b
mod_ssl-2.2.6-10.i686.rpm
85565 3d9e5f9e8e7d64e469f00c8d219919f8
Source Packages
Size: MD5
httpd-2.0.51-37.src.rpm
6859863 a5fc776ad33967968604c0c09697bd0b
Binary Packages
Size: MD5
httpd-2.0.51-37.i586.rpm
1033210 2df72789c4eeb281407b090908f308a8
httpd-devel-2.0.51-37.i586.rpm
225599 39642f98e411cdc570d1709b4e8ec3e5
httpd-manual-2.0.51-37.i586.rpm
1133919 331ba82dfde87bbcf260b4a4daa8165c
mod_bwshare-2.0.51-37.i586.rpm
41830 0e5dc163c80325308002cd39dac3ab56
mod_ssl-2.0.51-37.i586.rpm
89774 dd58a30d3c8f2704e06b4adb57084636
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-23.src.rpm
7625833 6da89085b3ef3767b60c55cf84305b29
Binary Packages
Size: MD5
httpd-2.0.54-23.i686.rpm
1266820 572764e31beac54e5f95603f9595251e
httpd-devel-2.0.54-23.i686.rpm
276783 536dce88edc52ccdf1076454b876987e
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-37.src.rpm
6859863 86f2cb2c8069dc8f7e6a9013affa63de
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-37.x86_64.rpm
1144126 ee207355cba106c32b3911688a471bef
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-37.x86_64.rpm
3534454 5fea25ab4f67909850b5f73b7c2d70a6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-37.x86_64.rpm
225621 6170d6d5d2035ac7a14f0ab1ce4eb804
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-37.x86_64.rpm
1133835 4d207056a48e94fd3f92e9f59bfc8cec
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-37.x86_64.rpm
42563 c59c911bd4849689d67c5aaba1961a72
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-37.x86_64.rpm
97411 1aad117df22a1c892474f5c776bc5630
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-37.src.rpm
6859863 a5fc776ad33967968604c0c09697bd0b
Binary Packages
Size: MD5
httpd-2.0.51-37.i586.rpm
1033210 2df72789c4eeb281407b090908f308a8
httpd-debug-2.0.51-37.i586.rpm
3542082 fdbde072e9a85b2246167023f28bc694
httpd-devel-2.0.51-37.i586.rpm
225599 39642f98e411cdc570d1709b4e8ec3e5
httpd-manual-2.0.51-37.i586.rpm
1133919 331ba82dfde87bbcf260b4a4daa8165c
mod_bwshare-2.0.51-37.i586.rpm
41830 0e5dc163c80325308002cd39dac3ab56
mod_ssl-2.0.51-37.i586.rpm
89774 dd58a30d3c8f2704e06b4adb57084636
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-25.src.rpm
6328038 f41706615f4c90774a269c472cebbe4f
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-25.i586.rpm
893308 aa1effc96d0cb0ae52a548d32b1cb63a
References:
CVE
[CVE-2008-2939]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
--------------------------------------------------------------------------
Revision History
18 Sep 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjSC+UACgkQK0LzjOqIJMzgJwCgieZt3RUmBOpef8PWPkE0EpSk
rtgAniq0r/+aCrW0cxWvRvGlQc556Jns
=2Msj
-----END PGP SIGNATURE-----
|