RHSA-2008:0261: Moderate: Red Hat Network Satellite Server security update
First published: Tue May 20 2008(Updated: )
During an internal security review, a cross-site scripting flaw was found<br>that affected the Red Hat Network channel search feature. (CVE-2007-5961)<br>This release also corrects several security vulnerabilities in various<br>components shipped as part of the Red Hat Network Satellite Server. In a<br>typical operating environment, these components are not exposed to users of<br>Satellite Server in a vulnerable manner. These security updates will reduce<br>risk in unique Satellite Server environments.<br>Multiple flaws were fixed in the Apache HTTPD server. These flaws could<br>result in a cross-site scripting, denial-of-service, or information<br>disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,<br>CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)<br>A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)<br>A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)<br>Multiple cross-site scripting flaws were fixed in the image map feature in<br>the JFreeChart package. (CVE-2007-6306)<br>Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,<br>CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)<br>Two arbitrary code execution flaws were fixed in the OpenMotif package.<br>(CVE-2005-3964, CVE-2005-0605)<br>A flaw which could result in weak encryption was fixed in the<br>perl-Crypt-CBC package. (CVE-2006-0898)<br>Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,<br>CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,<br>CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,<br>CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)<br>Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to<br>5.0.2, which resolves these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0261
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness