Correction to the below notice. The link is broken. It should be
http://directory.fedora.redhat.com/sources/adminserver10to101.patch
And the md5sum is not correct. It should be
1a18195b3bf057139e04852f6f3c0be9 adminserver10to101.patch
I apologize for any inconvenience or confusion.
---------------------------------------------------------------------
Fedora Directory Server Update Notification
2005-12-07
---------------------------------------------------------------------
Product : Fedora Directory Server
Name : Admin Server
Version : 1.0
Release : 1
Summary : The Admin Server httpd administrative engine.
Description :
The Admin Server component of Fedora Directory Server is an httpd
server which uses Apache 2 to serve up web pages and execute
CGIs used to administer the Fedora Directory Server. This package
is included with Fedora Directory Server.
---------------------------------------------------------------------
Update Information:
Fixed bug #174837 (CVE-2005-3630)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
Frank Reppin discovered a flaw in the default Apache configuration for
Fedora DS. By default clients are allowed to read everything under the
document root, which can reveal sensitive information to a remote user.
This update modifies this behavior, only allowing read access to
specific files and directories under the document root.
---------------------------------------------------------------------
This update is a patch file available for download from:
http://directory.fedora.redhat.com/download/adminserver10to101.patch
2d7553a300551ef2a19b1b89a017e5ff adminserver20051205.patch
To install the patch:
cd /opt/fedora-ds
patch -p0 < adminserver10to101.patch
./restart-admin