Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Производитель ПО
Наименование ПО
request-tracker3.4
(any)
request-tracker3.6
(any)
rt3.4-apache
(any)
rt3.4-apache2
(any)
rt3.4-clients
(any)
rt3.6-apache
(any)
rt3.6-apache2
(any)
rt3.6-clients
(any)
rt3.6-db-mysql
(any)
rt3.6-db-postgresql
(any)
rt3.6-db-sqlite
(any)
Описание
Уведомление безопасности об уязвимостях rt3.6-db-sqlite, request-tracker3.4, rt3.6-db-postgresql, rt3.4-clients, rt3.4-apache, rt3.6-apache2, rt3.4-apache2, rt3.6-db-mysql, rt3.6-apache, request-tracker3.6, rt3.6-clients
Как исправить
Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:
Debian GNU/Linux 4:
noarch:
rt3.6-apache2 - 3.6.1-4+etch1
rt3.6-apache - 3.6.1-4+etch1
rt3.4-clients - 3.4.5-2+etch1
request-tracker3.4 - 3.4.5-2+etch1
rt3.4-apache - 3.4.5-2+etch1
request-tracker3.6 - 3.6.1-4+etch1
rt3.6-clients - 3.6.1-4+etch1
rt3.4-apache2 - 3.4.5-2+etch1
Debian GNU/Linux 5:
noarch:
rt3.6-db-mysql - 3.6.7-5+lenny3
rt3.6-db-sqlite - 3.6.7-5+lenny3
rt3.6-apache2 - 3.6.7-5+lenny3
rt3.6-db-postgresql - 3.6.7-5+lenny3
request-tracker3.6 - 3.6.7-5+lenny3
rt3.6-clients - 3.6.7-5+lenny3
Debian GNU/Linux 4:
noarch:
rt3.6-apache2 - 3.6.1-4+etch1
rt3.6-apache - 3.6.1-4+etch1
rt3.4-clients - 3.4.5-2+etch1
request-tracker3.4 - 3.4.5-2+etch1
rt3.4-apache - 3.4.5-2+etch1
request-tracker3.6 - 3.6.1-4+etch1
rt3.6-clients - 3.6.1-4+etch1
rt3.4-apache2 - 3.4.5-2+etch1
Debian GNU/Linux 5:
noarch:
rt3.6-db-mysql - 3.6.7-5+lenny3
rt3.6-db-sqlite - 3.6.7-5+lenny3
rt3.6-apache2 - 3.6.7-5+lenny3
rt3.6-db-postgresql - 3.6.7-5+lenny3
request-tracker3.6 - 3.6.7-5+lenny3
rt3.6-clients - 3.6.7-5+lenny3
Ссылки
http://www.debian.org/security/dsa-1944/
Источник: CVE
Наименование: CVE-2009-3585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3585
Источник: CVE
Наименование: CVE-2009-3585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3585