Bug Fix Advisory htdig bug fix update

Advisory: RHBA-2007:0026-4
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2007-06-11
Last updated on: 2007-06-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1191

Details

An updated htdig package that fix various bugs is now available.

The htdig system is a complete world wide web indexing and searching
system for a small domain or intranet. This system is not meant to replace
the need for powerful internet-wide search systems like Lycos, Infoseek,
Webcrawler and AltaVista. Instead it is meant to cover the search needs for
a single company, campus, or even a particular sub section of a web site. As
opposed to some WAIS-based or web-server based search engines, htdig can
span several web servers at a site. The type of these different web servers
doesn't matter as long as they understand the HTTP 1.0 protocol.
htdig is also used by KDE to search KDE's HTML documentation.

Bugs fixed in this update include:

* rundig script (/usr/bin/rundig) missed "$opts" on two calls to htfuzzy.

* htfuzzy segfaulted when database is empty.

* htdig was unable to open empty database on 64bits.

* htdig showed full path to configuration file when accessed from the web.

Users should upgrade to this updated package, which resolves these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
htdig-3.1.6-7.el3.src.rpm     f3350ba74d0ef1ea3daa01112debd3ad
 
IA-32:
htdig-3.1.6-7.el3.i386.rpm     b5734b59f291aed71c2f93fe4f8850f1
 
x86_64:
htdig-3.1.6-7.el3.x86_64.rpm     f4d7a20c58a7a6d65249c0dcd2ad8b77
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
htdig-3.1.6-7.el3.src.rpm     f3350ba74d0ef1ea3daa01112debd3ad
 
IA-32:
htdig-3.1.6-7.el3.i386.rpm     b5734b59f291aed71c2f93fe4f8850f1
 
IA-64:
htdig-3.1.6-7.el3.ia64.rpm     894a06fce9b1356d15f47ed6ebf7ae2e
 
PPC:
htdig-3.1.6-7.el3.ppc.rpm     1bc0bc1901c1bbda78d173611210625b
 
s390:
htdig-3.1.6-7.el3.s390.rpm     034908708822a88546771678cb4c6f46
 
s390x:
htdig-3.1.6-7.el3.s390x.rpm     93a7d67fc2792eeca26db98c59869d8e
 
x86_64:
htdig-3.1.6-7.el3.x86_64.rpm     f4d7a20c58a7a6d65249c0dcd2ad8b77
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
htdig-3.1.6-7.el3.src.rpm     f3350ba74d0ef1ea3daa01112debd3ad
 
IA-32:
htdig-3.1.6-7.el3.i386.rpm     b5734b59f291aed71c2f93fe4f8850f1
 
IA-64:
htdig-3.1.6-7.el3.ia64.rpm     894a06fce9b1356d15f47ed6ebf7ae2e
 
x86_64:
htdig-3.1.6-7.el3.x86_64.rpm     f4d7a20c58a7a6d65249c0dcd2ad8b77
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
htdig-3.1.6-7.el3.src.rpm     f3350ba74d0ef1ea3daa01112debd3ad
 
IA-32:
htdig-3.1.6-7.el3.i386.rpm     b5734b59f291aed71c2f93fe4f8850f1
 
IA-64:
htdig-3.1.6-7.el3.ia64.rpm     894a06fce9b1356d15f47ed6ebf7ae2e
 
x86_64:
htdig-3.1.6-7.el3.x86_64.rpm     f4d7a20c58a7a6d65249c0dcd2ad8b77
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

130528 - /usr/bin/rundig is missing "$opts" on two calls to htfuzzy
133840 - htdig will not run
218715 - CVE-2000-1191 htdig configuration file path disclosure flaw


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1191

Keywords

64, CVE, htdig, htfuzzy, opts, segfault

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/