10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
This release corrects several security vulnerabilities in various
components shipped as part of the Red Hat Network Satellite Server 4.2. In
a typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache HTTPD server. These flaws could
result in a cross-site scripting, denial-of-service, or information
disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,
CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,
CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,
CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,
CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,
CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to
4.2.3, which resolves these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | rhn-modperl | < 1.29-16.rhel3 | rhn-modperl-1.29-16.rhel3.i386.rpm |
RedHat | any | noarch | jfreechart | < 0.9.20-3.rhn | jfreechart-0.9.20-3.rhn.noarch.rpm |
RedHat | 4 | i386 | java-1.4.2-ibm | < 1.4.2.10-1jpp.2.el4 | java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm |
RedHat | any | i386 | openmotif21 | < 2.1.30-11.RHEL4.6 | openmotif21-2.1.30-11.RHEL4.6.i386.rpm |
RedHat | 3 | i386 | java-1.4.2-ibm | < 1.4.2.10-1jpp.2.el3 | java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm |
RedHat | any | i386 | rhn-modperl | < 1.29-16.rhel4 | rhn-modperl-1.29-16.rhel4.i386.rpm |
RedHat | any | i386 | openmotif21 | < 2.1.30-9.RHEL3.8 | openmotif21-2.1.30-9.RHEL3.8.i386.rpm |
RedHat | any | i386 | rhn-modjk-ap13 | < 1.2.23-2rhn.rhel4 | rhn-modjk-ap13-1.2.23-2rhn.rhel4.i386.rpm |
RedHat | any | noarch | tomcat5 | < 5.0.30-0jpp_10rh | tomcat5-5.0.30-0jpp_10rh.noarch.rpm |
RedHat | 3 | noarch | perl-crypt-cbc | < 2.24-1.el3 | perl-Crypt-CBC-2.24-1.el3.noarch.rpm |