[Fedora-directory-announce] Security vulnerability in fedora-ds-admin (April 22, 2008)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities:

   * CVE-2008-0892 Directory Server: shell command injection in CGI
     replication monitor -
   * CVE-2008-0893 Directory Server: unrestricted access to CGI scripts
     - https://bugzilla.redhat.com/show_bug.cgi?id=437320

The new package is fedora-ds-admin-1.1.4-1 This package is available from the Fedora yum repository for F-7 and later, or from the dirsrv yum repo on Fedora 6 and EL5. See Install_Guide <http://directory.fedoraproject.org/wiki/Install_Guide> for information about how to use these yum repositories for your platform.

There are also updates to the adminutil (new version 1.1.6) and to some of the other packages. These updates are recommended.

*NOTE for Fedora 8 and later users:* all of the packages are now in the standard Fedora repos. Please remove your /etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files before you install or upgrade. See Install_Guide <http://directory.fedoraproject.org/wiki/Install_Guide> for more information.

*NOTE for Fedora 6, 7 and EL5 users:* You may get an error about a missing dependency fedora-admin-console when upgrading. If you get this error, remove the old fedora-ds package (yum erase fedora-ds) and upgrade again.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Fedora-directory-announce mailing list

[Index of Archives]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux