[SECURITY] Fedora 9 Update: adminutil-1.1.7-1.fc9

updates at fedoraproject.org updates at fedoraproject.org
Wed Sep 10 07:18:20 UTC 2008

Fedora Update Notification
2008-09-05 10:34:23

Name        : adminutil
Product     : Fedora 9
Version     : 1.1.7
Release     : 1.fc9
URL         : http://directory.fedoraproject.org/wiki/AdminUtil
Summary     : Utility library for directory server administration
Description :
adminutil is libraries of functions used to administer directory
servers, usually in conjunction with the admin server.  adminutil is
broken into two libraries - libadminutil contains the basic
functionality, and libadmsslutil contains SSL versions and wrappers
around the basic functions.  The PSET functions allow applications to
store their preferences and configuration parameters in LDAP, without
having to know anything about LDAP.  The configuration is cached in a
local file, allowing applications to function even if the LDAP server
is down.  The other code is typically used by CGI programs used for
directory server management, containing GET/POST processing code as
well as resource handling (ICU ures API).

Update Information:

Fixes these bugs:    - CVE-2008-2928 - buffer overflow in Accept-Language
parsing    413531 Web browser accepted languages configuration causes dsgw CGI
binaries to segfault    - improved fix for CVE-2008-2929 XSS issues (originally
addressed in 1.1.6), that does not introduce heap overflow in parsing %-encoded
inputs (CVE-2008-2932)    245248 dsgw doesn't escape filename in error message
454060 ViewLog CGI crash with new adminutil 1.1.6

* Wed Aug 27 2008 Rich Megginson <rmeggins at redhat.com> - 1.1.7-1
- Resolves bug 454060   -  ViewLog CGI crash with new adminutil
- Resolves bug 413531   -  Web browser accepted languages configuration causes dsgw CGI binaries to segfault

  [ 1 ] Bug #454662 - CVE-2008-2932 Directory Server: adminutil / CGI heap overflow
  [ 2 ] Bug #453916 - CVE-2008-2928 Directory Server: CGI accept language buffer overflow
  [ 3 ] Bug #454621 - CVE-2008-2929 Directory Server: multiple XSS issues

This update can be installed with the "yum" update program.  Use 
su -c 'yum update adminutil' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the Fedora-package-announce mailing list