-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-5 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 28 Jan 2007 Last revised: 28 Jan 2007 Package: httpd Summary: Cross-site scripting (XSS) vulnerabilities More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. The Multiple cross-site scripting vulnerabilities exist in httpd. Impact: This vulnerabilities can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm 4770478 43cc94884710f6713e4c8009bc13cc8e Binary Packages Size: MD5 httpd-2.2.6-8.x86_64.rpm 1248348 50da0d7e23917d0dbafd8d376e86d15f httpd-devel-2.2.6-8.x86_64.rpm 153058 32e998bfa6bbbd0a3d0bd79b0f6fbc5e httpd-manual-2.2.6-8.x86_64.rpm 859352 01361da97499c944836b16b936797806 mod_ssl-2.2.6-8.x86_64.rpm 89658 c72ddaea571070dc37cba8ba35830257 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-8.src.rpm 4770478 f3da0e7aa7062cba0e8cd6312a20695a Binary Packages Size: MD5 httpd-2.2.6-8.i686.rpm 1176880 9b523bcfbf9abef68277521bfec5ef9b httpd-devel-2.2.6-8.i686.rpm 153408 45dac1d8384666820fc35d86277b7930 httpd-manual-2.2.6-8.i686.rpm 858588 cadde127cd3dd9a8e4769dc85c757ff2 mod_ssl-2.2.6-8.i686.rpm 85358 c7ec94c102fc44df38467818f050e5a4 Source Packages Size: MD5 httpd-2.0.51-35.src.rpm 6858623 47212add106398346b5d432b6922a4f1 Binary Packages Size: MD5 httpd-2.0.51-35.i586.rpm 1033845 58883058ff379660fa269124a22811ba httpd-devel-2.0.51-35.i586.rpm 225514 72b6507f46aa55c9614380e7e9efc79e httpd-manual-2.0.51-35.i586.rpm 1132971 605d06f537f5dc44db1a8061a55eade5 mod_bwshare-2.0.51-35.i586.rpm 41674 27e675ac33117394ae5c0f6be0b65cad mod_ssl-2.0.51-35.i586.rpm 89616 242ea7747de344647873a44ef0f40f53 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-21.src.rpm 7624643 a71265885b03c6d5bdef84a290fede4c Binary Packages Size: MD5 httpd-2.0.54-21.i686.rpm 1266572 bb94f6cba63f623f290a0c76d22c1e5f httpd-devel-2.0.54-21.i686.rpm 277155 8c47f7a5cead63ce4518fa6e8afb99fd Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm 6858623 048b7bd476b2b449169cb6f628f17108 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-35.x86_64.rpm 1144086 ba937d6d1cf34ea0fabf8218ceef92a8 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-35.x86_64.rpm 3534820 4281168ebc668c1f212443e3baba1d30 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-35.x86_64.rpm 225526 f62d934a3a73fa8314b0f51d8d339612 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-35.x86_64.rpm 1133963 083326e547eb92f412f61c1180c38b38 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-35.x86_64.rpm 42412 0e363f7fc1467d4ed4841e5490f5a015 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-35.x86_64.rpm 97213 bf07993ade5ba631ca6088d15ddad66a Source Packages Size: MD5 apache-1.3.27-44.src.rpm 3117812 b38442e3eaff5336d97ca43de1d4d388 Binary Packages Size: MD5 apache-1.3.27-44.i586.rpm 538734 92c97be339f9ef172bd1c4d532f04be6 apache-devel-1.3.27-44.i586.rpm 95903 697807d64bfbfdbdcd5ea710010a91c7 mod_ssl-2.8.14-44.i586.rpm 183386 3f0c8eed6b0cc47842f88a28cd6f75b7 Source Packages Size: MD5 apache-1.3.27-44.src.rpm 3117812 df39b77c25ce07194f61a2a012289a51 Binary Packages Size: MD5 apache-1.3.27-44.i586.rpm 503956 29607656d80312befe94f6802887574a apache-devel-1.3.27-44.i586.rpm 96220 1c48ea5f1212e3eb16d83f0ed0d12073 mod_ssl-2.8.14-44.i586.rpm 183517 1dfca53a5a7f13fb7612351882da29c0 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-35.src.rpm 6858623 47212add106398346b5d432b6922a4f1 Binary Packages Size: MD5 httpd-2.0.51-35.i586.rpm 1033845 58883058ff379660fa269124a22811ba httpd-debug-2.0.51-35.i586.rpm 3540524 c13a1d148a64f95dcfa6f0f64f97ac31 httpd-devel-2.0.51-35.i586.rpm 225514 72b6507f46aa55c9614380e7e9efc79e httpd-manual-2.0.51-35.i586.rpm 1132971 605d06f537f5dc44db1a8061a55eade5 mod_bwshare-2.0.51-35.i586.rpm 41674 27e675ac33117394ae5c0f6be0b65cad mod_ssl-2.0.51-35.i586.rpm 89616 242ea7747de344647873a44ef0f40f53 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-23.src.rpm 6326945 88b325ab81d50263c070783066d062f5 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-23.i586.rpm 893313 f2ea498155f16a57f9d29942e8d7c11b References: CVE [CVE-2007-4465] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 [CVE-2007-6388] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 [CVE-2007-6421] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 [CVE-2007-6422] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 [CVE-2008-0005] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 -------------------------------------------------------------------------- Revision History 28 Jan 2008 Initial release -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEYEARECAAYFAkedbiEACgkQK0LzjOqIJMyH9wCfXU2fX+ifwiEcEDxmYmwmbotQ FOQAn0UvOwfGCWVqa6Dekze2COtEKPyR =NTHD -----END PGP SIGNATURE-----