Synopsis

htdig security update

Type/Severity

Security Advisory: Moderate

Topic

Updated htdig packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Description

The ht://Dig system is a Web search and indexing system for a small domain
or intranet.

Michael Krax reported a cross-site scripting bug affecting htdig. An
attacker could construct a carefully crafted URL which can cause a web
browser to execute malicious script once visited. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-0085
to this issue.

Users of htdig should upgrade to these updated packages, which contain a
backported patch, and are not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

• BZ - 144261 - CAN-2005-0085 XSS vulnerability in htdig 3.2.0b6
• BZ - 145649 - htdig packaging cleanups

CVEs

• CVE-2005-0085

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
htdig-3.2.0b6-3.40.1.src.rpm	SHA-256: 16da9f45dafaf3cc015db5084eed0ab5804c6938561d926224f68a4a651b7f47
x86_64
htdig-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: a3f87126f12073f8d02d074a87fcc84a86121445beb587ef1e328b756afd6b4a
htdig-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: a3f87126f12073f8d02d074a87fcc84a86121445beb587ef1e328b756afd6b4a
htdig-web-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: 2d575619b34f45338de0ca6c9864a7e28c4107d68a0634268c92e38d63f1a74d
htdig-web-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: 2d575619b34f45338de0ca6c9864a7e28c4107d68a0634268c92e38d63f1a74d
ia64
htdig-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 134ec895225c4575758580dce6505f107542854c30c30d04acb7d82cfbb6c12f
htdig-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 134ec895225c4575758580dce6505f107542854c30c30d04acb7d82cfbb6c12f
htdig-web-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 46d872450ae739f3905e5d2be11fcfb1eac0c74d905a072d9f7ededfac553fc6
htdig-web-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 46d872450ae739f3905e5d2be11fcfb1eac0c74d905a072d9f7ededfac553fc6
i386
htdig-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2cebc376cad44d95a783c661f121a452907f981c3efb249d43ffdbd1f7a3c3f3
htdig-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2cebc376cad44d95a783c661f121a452907f981c3efb249d43ffdbd1f7a3c3f3
htdig-web-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2a72ddf31eba83394472095ecb7de34e4a3c03fbf0c5775feb06b6705466dec2
htdig-web-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2a72ddf31eba83394472095ecb7de34e4a3c03fbf0c5775feb06b6705466dec2

Red Hat Enterprise Linux Workstation 4

SRPM
htdig-3.2.0b6-3.40.1.src.rpm	SHA-256: 16da9f45dafaf3cc015db5084eed0ab5804c6938561d926224f68a4a651b7f47
x86_64
htdig-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: a3f87126f12073f8d02d074a87fcc84a86121445beb587ef1e328b756afd6b4a
htdig-web-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: 2d575619b34f45338de0ca6c9864a7e28c4107d68a0634268c92e38d63f1a74d
ia64
htdig-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 134ec895225c4575758580dce6505f107542854c30c30d04acb7d82cfbb6c12f
htdig-web-3.2.0b6-3.40.1.ia64.rpm	SHA-256: 46d872450ae739f3905e5d2be11fcfb1eac0c74d905a072d9f7ededfac553fc6
i386
htdig-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2cebc376cad44d95a783c661f121a452907f981c3efb249d43ffdbd1f7a3c3f3
htdig-web-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2a72ddf31eba83394472095ecb7de34e4a3c03fbf0c5775feb06b6705466dec2

Red Hat Enterprise Linux Desktop 4

SRPM
htdig-3.2.0b6-3.40.1.src.rpm	SHA-256: 16da9f45dafaf3cc015db5084eed0ab5804c6938561d926224f68a4a651b7f47
x86_64
htdig-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: a3f87126f12073f8d02d074a87fcc84a86121445beb587ef1e328b756afd6b4a
htdig-web-3.2.0b6-3.40.1.x86_64.rpm	SHA-256: 2d575619b34f45338de0ca6c9864a7e28c4107d68a0634268c92e38d63f1a74d
i386
htdig-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2cebc376cad44d95a783c661f121a452907f981c3efb249d43ffdbd1f7a3c3f3
htdig-web-3.2.0b6-3.40.1.i386.rpm	SHA-256: 2a72ddf31eba83394472095ecb7de34e4a3c03fbf0c5775feb06b6705466dec2

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
htdig-3.2.0b6-3.40.1.src.rpm	SHA-256: 16da9f45dafaf3cc015db5084eed0ab5804c6938561d926224f68a4a651b7f47
s390x
htdig-3.2.0b6-3.40.1.s390x.rpm	SHA-256: c79ab8fe99124a506140ddf17cfb469d08b4e9944a274fc4f674d29949154328
htdig-web-3.2.0b6-3.40.1.s390x.rpm	SHA-256: 724dd1fe39dfa66a8c12c1335a6c22661669f2cad8d30a1cc7d6975f5236a29f
s390
htdig-3.2.0b6-3.40.1.s390.rpm	SHA-256: a4042053e5ef765f3b68b9d2fd931cfeb6c95732ba1b5c6c0c9a288b763c56f2
htdig-web-3.2.0b6-3.40.1.s390.rpm	SHA-256: cad5a3cd2ed76f9a071692fc145ca25b986d23d91eb927b03f21d131f1accfb1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
htdig-3.2.0b6-3.40.1.src.rpm	SHA-256: 16da9f45dafaf3cc015db5084eed0ab5804c6938561d926224f68a4a651b7f47
ppc
htdig-3.2.0b6-3.40.1.ppc.rpm	SHA-256: f0331140741a2cceb54cb3887c238f56ff5f3ccbeb5683e9187a8831fe3ccdee
htdig-web-3.2.0b6-3.40.1.ppc.rpm	SHA-256: ebb0aa025e5b2b8d30ffe73b8c8304c69fb808eca692e3f153b1944cda6768be