htdig security update
Security Advisory: Moderate
Updated htdig packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red Hat
Security Response Team.
The ht://Dig system is a Web search and indexing system for a small domain
or intranet.
Michael Krax reported a cross-site scripting bug affecting htdig. An
attacker could construct a carefully crafted URL which can cause a web
browser to execute malicious script once visited. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-0085
to this issue.
Users of htdig should upgrade to these updated packages, which contain a
backported patch, and are not vulnerable to this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
(none)