Red Hat Product Errata RHSA-2007:1095 - Security Advisory

Issued:: 2007-12-03
Updated:: 2007-12-03

RHSA-2007:1095 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: htdig security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated htdig packages that resolve a security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.

A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause a user's Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)

Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 399561 - CVE-2007-6110 htdig htsearch XSS vulnerability

CVEs

CVE-2007-6110

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
x86_64
htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 88d2969c52c0da4a7822d7c8c7687acb20914d42107adf52bd451f47eadbe998
htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 12be40a6156d173d8c86df8f0d0a5e3f5cf51a150b73b7293f6085f10fb33d0d
ia64
htdig-3.2.0b6-9.0.1.el5_1.ia64.rpm	SHA-256: 25a40ccfe487047ba47676736cda02b8334dbd91bd8a20b6a4ee44c2c35cf5db
htdig-web-3.2.0b6-9.0.1.el5_1.ia64.rpm	SHA-256: 3790c63aa3a36242344522f00fa69de6d49bb7b44fb3b81992b0549cfd4474d7
i386
htdig-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 25445d30090d510c082d3179463f9f2a75127c7b83a8c110c528a51723962dea
htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 0815d5db3a993fe12ca065ee7578f254baf324f3d79502e5ee076271e1ae0777

Red Hat Enterprise Linux Server 4

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
x86_64
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
ia64
htdig-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: 5db68aed1f0b29965f20633551bcf08d47332a8d47920f105d7cf77140a9e2a6
htdig-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: 5db68aed1f0b29965f20633551bcf08d47332a8d47920f105d7cf77140a9e2a6
htdig-web-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: c8cfa567bbbc71754c1e1ceb16087e0e3574aea5226f133ee2dcdf51383790f6
htdig-web-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: c8cfa567bbbc71754c1e1ceb16087e0e3574aea5226f133ee2dcdf51383790f6
i386
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
x86_64
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
ia64
htdig-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: 5db68aed1f0b29965f20633551bcf08d47332a8d47920f105d7cf77140a9e2a6
htdig-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: 5db68aed1f0b29965f20633551bcf08d47332a8d47920f105d7cf77140a9e2a6
htdig-web-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: c8cfa567bbbc71754c1e1ceb16087e0e3574aea5226f133ee2dcdf51383790f6
htdig-web-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: c8cfa567bbbc71754c1e1ceb16087e0e3574aea5226f133ee2dcdf51383790f6
i386
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f

Red Hat Enterprise Linux Workstation 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
x86_64
htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 88d2969c52c0da4a7822d7c8c7687acb20914d42107adf52bd451f47eadbe998
htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 12be40a6156d173d8c86df8f0d0a5e3f5cf51a150b73b7293f6085f10fb33d0d
i386
htdig-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 25445d30090d510c082d3179463f9f2a75127c7b83a8c110c528a51723962dea
htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 0815d5db3a993fe12ca065ee7578f254baf324f3d79502e5ee076271e1ae0777

Red Hat Enterprise Linux Workstation 4

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
x86_64
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
ia64
htdig-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: 5db68aed1f0b29965f20633551bcf08d47332a8d47920f105d7cf77140a9e2a6
htdig-web-3.2.0b6-4.el4_6.ia64.rpm	SHA-256: c8cfa567bbbc71754c1e1ceb16087e0e3574aea5226f133ee2dcdf51383790f6
i386
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f

Red Hat Enterprise Linux Desktop 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
x86_64
htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 88d2969c52c0da4a7822d7c8c7687acb20914d42107adf52bd451f47eadbe998
i386
htdig-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 25445d30090d510c082d3179463f9f2a75127c7b83a8c110c528a51723962dea

Red Hat Enterprise Linux Desktop 4

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
x86_64
htdig-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: ca91e45c4102bd34cd07975f9b900b7d3de731624a07b81b9caf79905284d5d6
htdig-web-3.2.0b6-4.el4_6.x86_64.rpm	SHA-256: 4635fe53de61b209604843ca4b2fa6c204fe64f3c9141789830377f201b22342
i386
htdig-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 4dea55d488dcd1a69d47041ceef85dbfb7770e990308004dffd7380bddbe5008
htdig-web-3.2.0b6-4.el4_6.i386.rpm	SHA-256: 11f2b0a2cb62a4df175f30d8eb69bc6b01919731d124a1e12832b785b07cda9f

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
s390x
htdig-3.2.0b6-9.0.1.el5_1.s390x.rpm	SHA-256: d0f65e980f93a2c325ab904c962749cd66af03c726651ddab6d56ae6296992cc
htdig-web-3.2.0b6-9.0.1.el5_1.s390x.rpm	SHA-256: 74363dac355efc7fbac91738292c691a41b17d9ed016a6cf8b824d5c2f7ab7a9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
s390x
htdig-3.2.0b6-4.el4_6.s390x.rpm	SHA-256: a530836ccd86a083309cda634b8487c969f1de17371766f7ab7c7ff7a0d399b7
htdig-web-3.2.0b6-4.el4_6.s390x.rpm	SHA-256: 9944999369799738a7f2db5010e336f44553ab5d8a119bc85abde3ee19e7ee8f
s390
htdig-3.2.0b6-4.el4_6.s390.rpm	SHA-256: 67a460816919c2be9479f362c24d8c692d9c8fd599fb2dbd2ad7df799ba14648
htdig-web-3.2.0b6-4.el4_6.s390.rpm	SHA-256: cd273385cd85c25eaf6915389d12abc54d67334546746c62e56d7280373151cc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
s390x
htdig-3.2.0b6-4.el4_6.s390x.rpm	SHA-256: a530836ccd86a083309cda634b8487c969f1de17371766f7ab7c7ff7a0d399b7
htdig-web-3.2.0b6-4.el4_6.s390x.rpm	SHA-256: 9944999369799738a7f2db5010e336f44553ab5d8a119bc85abde3ee19e7ee8f
s390
htdig-3.2.0b6-4.el4_6.s390.rpm	SHA-256: 67a460816919c2be9479f362c24d8c692d9c8fd599fb2dbd2ad7df799ba14648
htdig-web-3.2.0b6-4.el4_6.s390.rpm	SHA-256: cd273385cd85c25eaf6915389d12abc54d67334546746c62e56d7280373151cc

Red Hat Enterprise Linux for Power, big endian 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
ppc
htdig-3.2.0b6-9.0.1.el5_1.ppc.rpm	SHA-256: 46857158b1df31f1d3bfc1c9b2d1e02f8598b77f7bb503cb0bd6d66c541e47e4
htdig-web-3.2.0b6-9.0.1.el5_1.ppc.rpm	SHA-256: dcb5583aeee56469a0678ab72b16bab8372b5f121572daaabb3e9fa466d7e4b7

Red Hat Enterprise Linux for Power, big endian 4

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
ppc
htdig-3.2.0b6-4.el4_6.ppc.rpm	SHA-256: 3b64bdd0cd0a59dfa94cfe4d953c012983e1cc8ef1e7008e84cd16d51a5cc515
htdig-web-3.2.0b6-4.el4_6.ppc.rpm	SHA-256: c0ec3ca88a07d180c93d036b240ea0fd43f5634d0e152b02a5c013ccd30a56d2

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
htdig-3.2.0b6-4.el4_6.src.rpm	SHA-256: 3b3f2df84f259e08b9718da9e35dab6f64ba2b90d75c677487908826e72f7cb5
ppc
htdig-3.2.0b6-4.el4_6.ppc.rpm	SHA-256: 3b64bdd0cd0a59dfa94cfe4d953c012983e1cc8ef1e7008e84cd16d51a5cc515
htdig-web-3.2.0b6-4.el4_6.ppc.rpm	SHA-256: c0ec3ca88a07d180c93d036b240ea0fd43f5634d0e152b02a5c013ccd30a56d2

Red Hat Enterprise Linux Server from RHUI 5

SRPM
htdig-3.2.0b6-9.0.1.el5_1.src.rpm	SHA-256: 6975343f104d4636cf3bb18aad14b9cbc64a2b2182845c1dd916ad9de871314b
x86_64
htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 88d2969c52c0da4a7822d7c8c7687acb20914d42107adf52bd451f47eadbe998
htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm	SHA-256: 12be40a6156d173d8c86df8f0d0a5e3f5cf51a150b73b7293f6085f10fb33d0d
i386
htdig-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 25445d30090d510c082d3179463f9f2a75127c7b83a8c110c528a51723962dea
htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm	SHA-256: 0815d5db3a993fe12ca065ee7578f254baf324f3d79502e5ee076271e1ae0777

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.