MDKSA-2005:063 - Updated htdig packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: htdig
Advisory ID: MDKSA-2005:063
Date: March 31st, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A cross-site scripting vulnerability in ht://dig was discovered by
Michael Krax. The updated packages have been patched to correct this
issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0085
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
6228437a3ee59911e0473bb587182722 10.0/RPMS/htdig-3.2.0-0.8.1.100mdk.i586.rpm
9e2e6d19c955675b902867ebd4a532ac
10.0/RPMS/htdig-devel-3.2.0-0.8.1.100mdk.i586.rpm
9d2c9514b9f841e29d355f2231fbf2bf
10.0/RPMS/htdig-web-3.2.0-0.8.1.100mdk.i586.rpm
99444f90c5fd587b25a4a22c1766dbf5 10.0/SRPMS/htdig-3.2.0-0.8.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8dda857b8c800baad5829e9967da79cf
amd64/10.0/RPMS/htdig-3.2.0-0.8.1.100mdk.amd64.rpm
a0fc783208512e499dfb35313fae0542
amd64/10.0/RPMS/htdig-devel-3.2.0-0.8.1.100mdk.amd64.rpm
29e335343d2ff49d8ec6114dd575be82
amd64/10.0/RPMS/htdig-web-3.2.0-0.8.1.100mdk.amd64.rpm
99444f90c5fd587b25a4a22c1766dbf5
amd64/10.0/SRPMS/htdig-3.2.0-0.8.1.100mdk.src.rpm
Mandrakelinux 10.1:
a0409063ca738742cad98d32180982cf 10.1/RPMS/htdig-3.2.0-0.8.1.101mdk.i586.rpm
976234e520943c0ce3218dd22a86663e
10.1/RPMS/htdig-devel-3.2.0-0.8.1.101mdk.i586.rpm
84e9b288b4508cfff0b9cabb729818cc
10.1/RPMS/htdig-web-3.2.0-0.8.1.101mdk.i586.rpm
b1939ad4e0ab56c625953a96add55759 10.1/SRPMS/htdig-3.2.0-0.8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ce24c06a0ac118969fd944ae917e3e72
x86_64/10.1/RPMS/htdig-3.2.0-0.8.1.101mdk.x86_64.rpm
c32ff976cb9445350ef5763ae8ab0adb
x86_64/10.1/RPMS/htdig-devel-3.2.0-0.8.1.101mdk.x86_64.rpm
1631e0ced4511d6f66cd118bf0a53ddb
x86_64/10.1/RPMS/htdig-web-3.2.0-0.8.1.101mdk.x86_64.rpm
b1939ad4e0ab56c625953a96add55759
x86_64/10.1/SRPMS/htdig-3.2.0-0.8.1.101mdk.src.rpm
Corporate Server 2.1:
940eb22faad5b37005a2045030014ca3
corporate/2.1/RPMS/htdig-3.2.0-0.7.1.C21mdk.i586.rpm
0c4292b7c83c327568dc3fc87eb65daa
corporate/2.1/RPMS/htdig-devel-3.2.0-0.7.1.C21mdk.i586.rpm
259bb9d4924855da71f188e5a1c9e48e
corporate/2.1/RPMS/htdig-web-3.2.0-0.7.1.C21mdk.i586.rpm
c3706f63bdd0d924f5e6582f16097c40
corporate/2.1/SRPMS/htdig-3.2.0-0.7.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b60111b0cccd21d0219e56943872954d
x86_64/corporate/2.1/RPMS/htdig-3.2.0-0.7.1.C21mdk.x86_64.rpm
2234c1266e831e9a907bd905cfafe988
x86_64/corporate/2.1/RPMS/htdig-devel-3.2.0-0.7.1.C21mdk.x86_64.rpm
60a05a4fa98a0ed0615d14a966997878
x86_64/corporate/2.1/RPMS/htdig-web-3.2.0-0.7.1.C21mdk.x86_64.rpm
c3706f63bdd0d924f5e6582f16097c40
x86_64/corporate/2.1/SRPMS/htdig-3.2.0-0.7.1.C21mdk.src.rpm
Corporate 3.0:
6c581ad824ed274ecbfa95d3cb4b3f21
corporate/3.0/RPMS/htdig-3.2.0-0.8.1.C30mdk.i586.rpm
8c1e110d09016bbebc6a8705c63b3c52
corporate/3.0/RPMS/htdig-devel-3.2.0-0.8.1.C30mdk.i586.rpm
effe6251329eedb8aaaefa16852737a5
corporate/3.0/RPMS/htdig-web-3.2.0-0.8.1.C30mdk.i586.rpm
e2d122279a783d148c7535b6e69f1914
corporate/3.0/SRPMS/htdig-3.2.0-0.8.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
5c643cf858ab77ef76c50c156b4c97f8
x86_64/corporate/3.0/RPMS/htdig-3.2.0-0.8.1.C30mdk.x86_64.rpm
6a2bb83857fdfcf7e88de032bbb36722
x86_64/corporate/3.0/RPMS/htdig-devel-3.2.0-0.8.1.C30mdk.x86_64.rpm
ae1d1d19a94c5ab808033794499a7d2f
x86_64/corporate/3.0/RPMS/htdig-web-3.2.0-0.8.1.C30mdk.x86_64.rpm
e2d122279a783d148c7535b6e69f1914
x86_64/corporate/3.0/SRPMS/htdig-3.2.0-0.8.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCTE/+mqjQ0CJFipgRAhSdAJ9Kf6Da7X81ecnkgkn1baamoFxPhACgxoWd
ARg/qKG813fFsBSUXuQy4ug=
=PaRZ
-----END PGP SIGNATURE-----