Bug 206510 (CVE-2006-2658)
| Summary: | CVE-2006-2658: xsp directory traversal vulnerability | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <scop> |
| Component: | xsp | Assignee: | Paul F. Johnson <paul> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5 | CC: | extras-qa, fedora-security-list |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-09-14 20:54:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ville Skyttä
2006-09-14 19:40:11 UTC
I've looked at this report and by the looks of it, yes the FE xsp/mod_mono will come under the same umberella (built from the same sources). I've asked on the mono-developers list if there is a patch available and if there is, I shall apply it quickly. Could you please advise what to do in the meantime? Should I put an advisory out on the FE list alerting people to the issue? I wouldn't go so far as to send an advisory. This is currently classified as a low-risk vulnerability so I'd suggest simply patching it ASAP. You may be able to extract the fix from the SUSE package if you can find it. Just been advised that it only relates to the 1.1.14 version of mod_mono not 1.1.17 (which is packaged for both FE5 and rawhide) Closing the bug. Thanks for the advice :-) |