-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-32
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 09 Sep 2008
Last revised: 09 Sep 2008
Package: cgiwrap
Summary: Cross-site scripting (XSS) vulnerability
More information:
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML
forms without compromising the security of the http server.
Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer
based browser is used, allows remote attackers to inject arbitrary web script or HTML
via unspecified vectors related to failure to set the charset in error messages. (CVE-2008-2852)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux Appliance Server 2.0
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
cgiwrap-3.9-7.src.rpm
151699 79c1d07b1ac282610cbe355de7905a77
turbolinux-tlas-3.0-20070411TL5.src.rpm
17616 93a1a9f4e964466ed69fe367e5e998fd
Binary Packages
Size: MD5
cgiwrap-3.9-7.x86_64.rpm
47808 a5080fc36536e6fc001cae6077d169df
turbolinux-tlas-capstone-3.0-20070411TL5.noarch.rpm
9347 99c0f9a2869ae14a42b9460d9f49bf3e
turbolinux-tlas-glue-3.0-20070411TL5.noarch.rpm
11839 0e96979f89381839f1b26822d5c24498
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
cgiwrap-3.9-7.src.rpm
151699 79c1d07b1ac282610cbe355de7905a77
Binary Packages
Size: MD5
cgiwrap-3.9-7.i686.rpm
46143 076009f67e6012ab091302a166527c2f
<Turbolinux Appliance Server 2.0>
Source Packages
Size: MD5
cgiwrap-3.9-7.src.rpm
151699 8c822157ed2e8ad3e7bd4354a4339be8
Binary Packages
Size: MD5
cgiwrap-3.9-7.i586.rpm
44974 c8c4d6a447686ab76c9013340792ad9f
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
cgiwrap-3.9-7.src.rpm
151699 2d33dbd84c783f7344ca93e79a16b8bd
Binary Packages
Size: MD5
cgiwrap-3.9-7.i586.rpm
41607 6630501a5ed74a990f8cb2b78b6c89e7
References:
CVE
[CVE-2008-2852]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2852
--------------------------------------------------------------------------
Revision History
09 Sep 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjGUHgACgkQK0LzjOqIJMxpPQCfQOp74WQrW1xnkMIEUzWU01sK
me4AoLJl58Pfa78jQplSHl5PIlnay+Sp
=AfZ1
-----END PGP SIGNATURE-----