The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities:
* CVE-2008-0892 Directory Server: shell command injection in CGI
replication monitor -
https://bugzilla.redhat.com/show_bug.cgi?id=437301
* CVE-2008-0893 Directory Server: unrestricted access to CGI scripts
- https://bugzilla.redhat.com/show_bug.cgi?id=437320
The new package is fedora-ds-admin-1.1.4-1 This package is available
from the Fedora yum repository for F-7 and later, or from the dirsrv yum
repo on Fedora 6 and EL5. See Install_Guide
<http://directory.fedoraproject.org/wiki/Install_Guide> for information
about how to use these yum repositories for your platform.
There are also updates to the adminutil (new version 1.1.6) and to some of the other packages. These updates are recommended.
*NOTE for Fedora 8 and later users:* all of the packages are now in the standard Fedora repos. Please remove your /etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files before you install or upgrade. See Install_Guide <http://directory.fedoraproject.org/wiki/Install_Guide> for more information.
*NOTE for Fedora 6, 7 and EL5 users:* You may get an error about a missing dependency fedora-admin-console when upgrading. If you get this error, remove the old fedora-ds package (yum erase fedora-ds) and upgrade again.
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
