Updated htdig packages that resolve a security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.
A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an
unsuspecting user, could cause a user's Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)
Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.