During an internal security review, a cross-site scripting flaw was found
that affected the Red Hat Network channel search feature. (CVE-2007-5961)
This release also corrects several security vulnerabilities in various
components shipped as part of the Red Hat Network Satellite Server. In a
typical operating environment, these components are not exposed to users of
Satellite Server in a vulnerable manner. These security updates will reduce
risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache HTTPD server. These flaws could
result in a cross-site scripting, denial-of-service, or information
disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,
CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,
CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
Two arbitrary code execution flaws were fixed in the OpenMotif package.
(CVE-2005-3964, CVE-2005-0605)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,
CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,
CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to
5.0.2, which resolves these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | rhn-modjk-ap13 | < 1.2.23-2rhn.rhel4 | rhn-modjk-ap13-1.2.23-2rhn.rhel4.i386.rpm |
RedHat | any | i386 | rhn-apache | < 1.3.27-36.rhn.rhel4 | rhn-apache-1.3.27-36.rhn.rhel4.i386.rpm |
RedHat | any | i386 | jabberd | < 2.0s10-3.38.rhn | jabberd-2.0s10-3.38.rhn.i386.rpm |
RedHat | any | noarch | jfreechart | < 0.9.20-3.rhn | jfreechart-0.9.20-3.rhn.noarch.rpm |
RedHat | any | i386 | rhn-modssl | < 2.8.12-8.rhn.10.rhel4 | rhn-modssl-2.8.12-8.rhn.10.rhel4.i386.rpm |
RedHat | any | noarch | tomcat5 | < 5.0.30-0jpp_10rh | tomcat5-5.0.30-0jpp_10rh.noarch.rpm |
RedHat | 4 | i386 | java-1.4.2-ibm | < 1.4.2.10-1jpp.2.el4 | java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm |
RedHat | 4 | i386 | java-1.4.2-ibm-devel | < 1.4.2.10-1jpp.2.el4 | java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm |
RedHat | any | i386 | openmotif21 | < 2.1.30-11.RHEL4.6 | openmotif21-2.1.30-11.RHEL4.6.i386.rpm |
RedHat | 4 | noarch | perl-crypt-cbc | < 2.24-1.el4 | perl-Crypt-CBC-2.24-1.el4.noarch.rpm |