The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities: * CVE-2008-0892 Directory Server: shell command injection in CGI replication monitor - https://bugzilla.redhat.com/show_bug.cgi?id=437301 * CVE-2008-0893 Directory Server: unrestricted access to CGI scripts - https://bugzilla.redhat.com/show_bug.cgi?id=437320The new package is fedora-ds-admin-1.1.4-1 This package is available from the Fedora yum repository for F-7 and later, or from the dirsrv yum repo on Fedora 6 and EL5. See Install_Guide <http://directory.fedoraproject.org/wiki/Install_Guide> for information about how to use these yum repositories for your platform.
There are also updates to the adminutil (new version 1.1.6) and to some of the other packages. These updates are recommended.
*NOTE for Fedora 8 and later users:* all of the packages are now in the standard Fedora repos. Please remove your /etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files before you install or upgrade. See Install_Guide <http://directory.fedoraproject.org/wiki/Install_Guide> for more information.
*NOTE for Fedora 6, 7 and EL5 users:* You may get an error about a missing dependency fedora-admin-console when upgrading. If you get this error, remove the old fedora-ds package (yum erase fedora-ds) and upgrade again.
Description: S/MIME Cryptographic Signature
-- Fedora-directory-announce mailing list Fedora-directory-announce@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-announce