FrSIRT - Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting / Exploit

French Security Incident Response Team

Français

English

Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting

Date de Publication : 2007-09-26 © FrSIRT.COM
Titre : Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting
Identifiant : FrSIRT/AVIS-2007-3269
CVE ID : CVE-2007-4465
Risque : Bas (1/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Plusieurs vulnérabilités ont été identifiées dans Fedora, elles pourraient être exploitées par des attaquants afin de causer un déni de service ou exécuter un code JavaScript malicieux coté client [...]

Solution

Installer les mises à jour :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f2d7130ea550e25331f14cff26066fbc9a978abd SRPMS/httpd-2.2.6-1.fc6.src.rpm
f2d7130ea550e25331f14cff26066fbc9a978abd noarch/httpd-2.2.6-1.fc6.src.rpm
2194fc3927adaf1b9784bcadcfeaee941a419f8b ppc/debug/httpd-debuginfo-2.2.6-1.fc6.ppc.rpm
49f865e0fc193b89590202b5ca66a012ccc3fc4f ppc/httpd-devel-2.2.6-1.fc6.ppc.rpm
3db0e4f54f9d9cab85243d6c134a97ce748f9688 ppc/mod_ssl-2.2.6-1.fc6.ppc.rpm
566e7527c04b7358f99f800412a669ebcb0c5438 ppc/httpd-2.2.6-1.fc6.ppc.rpm
5af15e960f40607bbe6b62f63d979278b360b4c1 ppc/httpd-manual-2.2.6-1.fc6.ppc.rpm
2b0502d4915d3fab6417963d971f484c7215b419 x86_64/debug/httpd-debuginfo-2.2.6-1.fc6.x86_64.rpm
c3f8001e0c99f8847f286d48abb76461e77bc80d x86_64/httpd-manual-2.2.6-1.fc6.x86_64.rpm
761c0ce29a2e40191f3f1b0f0575d507c0e61b7a x86_64/httpd-devel-2.2.6-1.fc6.x86_64.rpm
897dda6971bc3c1fa65cb61acf0f370b3c6743ad x86_64/mod_ssl-2.2.6-1.fc6.x86_64.rpm
13224b1e1e34639fbe61778db72e36896937752c x86_64/httpd-2.2.6-1.fc6.x86_64.rpm
ea0c36272d58058375243fd083baa4cf7cdd1410 i386/httpd-manual-2.2.6-1.fc6.i386.rpm
9309193f84872e474773559dd588f1c96fa6b72e i386/debug/httpd-debuginfo-2.2.6-1.fc6.i386.rpm
a219ca1f181e2a0d5161423ad5226ff37770cec0 i386/httpd-devel-2.2.6-1.fc6.i386.rpm
d1cd17eeef15e89ea514d6795a408452092ae552 i386/mod_ssl-2.2.6-1.fc6.i386.rpm
f60adf43a42115b4a3c3f4ae1e65eb1fc08c5de9 i386/httpd-2.2.6-1.fc6.i386.rpm

Historique

2007-09-26 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari for Windows Remote Code Execution Vulnerability
	Apple Mac OS X Command Execution Vulnerabilities

	Mozilla Products Remote Code Execution Vulnerabilities
	Mozilla Firefox Unspecified Remote Command Execution Vulnerability
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities
	Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability
	Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities
	Sun Java System Calendar Server Denial of Service Vulnerability
	Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability