FrSIRT - Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting

Title : Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting
Advisory ID : FrSIRT/ADV-2007-3269
CVE ID : CVE-2007-4465
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-26

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Two vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary scripting code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f2d7130ea550e25331f14cff26066fbc9a978abd SRPMS/httpd-2.2.6-1.fc6.src.rpm
f2d7130ea550e25331f14cff26066fbc9a978abd noarch/httpd-2.2.6-1.fc6.src.rpm
2194fc3927adaf1b9784bcadcfeaee941a419f8b ppc/debug/httpd-debuginfo-2.2.6-1.fc6.ppc.rpm
49f865e0fc193b89590202b5ca66a012ccc3fc4f ppc/httpd-devel-2.2.6-1.fc6.ppc.rpm
3db0e4f54f9d9cab85243d6c134a97ce748f9688 ppc/mod_ssl-2.2.6-1.fc6.ppc.rpm
566e7527c04b7358f99f800412a669ebcb0c5438 ppc/httpd-2.2.6-1.fc6.ppc.rpm
5af15e960f40607bbe6b62f63d979278b360b4c1 ppc/httpd-manual-2.2.6-1.fc6.ppc.rpm
2b0502d4915d3fab6417963d971f484c7215b419 x86_64/debug/httpd-debuginfo-2.2.6-1.fc6.x86_64.rpm
c3f8001e0c99f8847f286d48abb76461e77bc80d x86_64/httpd-manual-2.2.6-1.fc6.x86_64.rpm
761c0ce29a2e40191f3f1b0f0575d507c0e61b7a x86_64/httpd-devel-2.2.6-1.fc6.x86_64.rpm
897dda6971bc3c1fa65cb61acf0f370b3c6743ad x86_64/mod_ssl-2.2.6-1.fc6.x86_64.rpm
13224b1e1e34639fbe61778db72e36896937752c x86_64/httpd-2.2.6-1.fc6.x86_64.rpm
ea0c36272d58058375243fd083baa4cf7cdd1410 i386/httpd-manual-2.2.6-1.fc6.i386.rpm
9309193f84872e474773559dd588f1c96fa6b72e i386/debug/httpd-debuginfo-2.2.6-1.fc6.i386.rpm
a219ca1f181e2a0d5161423ad5226ff37770cec0 i386/httpd-devel-2.2.6-1.fc6.i386.rpm
d1cd17eeef15e89ea514d6795a408452092ae552 i386/mod_ssl-2.2.6-1.fc6.i386.rpm
f60adf43a42115b4a3c3f4ae1e65eb1fc08c5de9 i386/httpd-2.2.6-1.fc6.i386.rpm

ChangeLog

2007-09-26 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability

	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)
	Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)
	Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)
	Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues