Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 544245

Summary: CVE-2009-3585 rt3: session hijack
Product: [Fedora] Fedora EPEL Reporter: Ralf Corsepius <rc040203>
Component: rt3Assignee: Xavier Bachelot <xavier>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: el5CC: mmahut, perl-devel, rc040203, vdanen, xavier
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://fedoraproject.org/wiki/Security/TrackingBugs
Whiteboard:
Fixed In Version: 3.6.10-1.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 543977 Environment:
Last Closed: 2009-12-31 06:55:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ralf Corsepius 2009-12-04 11:19:13 UTC 
Clone bug for el5. I'll take care about the FC10-rawhide versions, but will not touch RHEL5.

+++ This bug was initially created as a clone of Bug #543977 +++

This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

bug #543962:
CVE-2009-3585 rt3: session hijack

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=543962

Please note: this issue affects multiple supported versions of Fedora.  Only one tracking bug has been filed; please only close it when all affected versions are fixed.

For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs
Comment 1 Fedora Update System 2009-12-04 21:54:07 UTC 
rt3-3.6.10-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/rt3-3.6.10-1.el5
Comment 2 Fedora Update System 2009-12-07 06:31:36 UTC 
rt3-3.6.10-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rt3'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0981
Comment 3 Fedora Update System 2009-12-31 06:54:45 UTC 
rt3-3.6.10-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.