VUPEN Security - Fedora Security Update Fixes htdig Cross Site Scripting Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes htdig Cross Site Scripting Vulnerability

Title : Fedora Security Update Fixes htdig Cross Site Scripting Vulnerability
VUPEN ID : VUPEN/ADV-2007-4078
CVE ID : CVE-2007-6110
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-04

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an error in htdig. For additional information, see : VUPEN/ADV-2007-4038

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

4c01f361c75b43854acd481db0a1ae83104809c3 SRPMS/htdig-3.2.0b6-9.fc6.src.rpm
4c01f361c75b43854acd481db0a1ae83104809c3 noarch/htdig-3.2.0b6-9.fc6.src.rpm
0e02226549bdd2f4bfd5e17cf8277def82bda71d ppc/htdig-web-3.2.0b6-9.fc6.ppc.rpm
5f7d01a19e00d65a5b8dd445939733a2a36df4e5 ppc/debug/htdig-debuginfo-3.2.0b6-9.fc6.ppc.rpm
177827abb753e2b788c550a43b19506201a9d5d7 ppc/htdig-3.2.0b6-9.fc6.ppc.rpm
b412abb0a334987d8cace2278bdc789001821591 x86_64/htdig-web-3.2.0b6-9.fc6.x86_64.rpm
905f4ce2b3e5b2af2ea1a8c9cceee5a0d3071d1c x86_64/debug/htdig-debuginfo-3.2.0b6-9.fc6.x86_64.rpm
3d2d55ae4d4dc9f12869bddd05af1d933bb9c881 x86_64/htdig-3.2.0b6-9.fc6.x86_64.rpm
b78ae5f51ba6feb5b7dddf7f771df938b19df8a6 i386/debug/htdig-debuginfo-3.2.0b6-9.fc6.i386.rpm
8f4f5e4d7265113443692f260ec0111d8e53e3cc i386/htdig-web-3.2.0b6-9.fc6.i386.rpm
3fd2e4055f6190947217d602af36dc33c56b3e4d i386/htdig-3.2.0b6-9.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/4078
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html

ChangeLog

2007-12-04 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations