An updated adminutil package that fixes a security issue is now available
for Red Hat Directory Server 8.0.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Red Hat Directory Server is an LDAPv3-compliant server. The adminutil packages is collection of function libraries used to administer directory servers, usually in conjunction with the Administration Server. The Directory Server Administration Express web interface incorrectly parsed %-escaped user provided values. A remote attacker could use this flaw to conduct cross-site scripting attacks against directory server administrators using the Administration Express web interface. (CVE-2008-2929) All users of Red Hat Directory Server should upgrade to this updated adminutil packages, which resolve this issue.