[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307231446.30486.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 23/Jul/2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 23/Jul/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) ypserv -> Ypserv denial of service attack
===========================================================
* nfs-utils -> nfs-utils xlog() off-by-one bug
===========================================================
More information :
The nfs-utils package provides a daemon for the kernel NFS server and related tools.
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged.
Impact :
This vulnerability may allow an attacker to execute arbitrary code or
cause a denial of service condition by sending certain RPC requests.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
nfs-utils-0.3.1-5.src.rpm
301972 be1815824c75a18fac57c7fd51de68f9
Binary Packages
Size : MD5
nfs-utils-0.3.1-5.i586.rpm
167987 e7f2f56bc6ede4c00604eb57aba483e7
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
nfs-utils-0.3.1-5.src.rpm
301972 8b974af4125a75bbbee1f4e700581861
Binary Packages
Size : MD5
nfs-utils-0.3.1-5.i586.rpm
168119 992595dc1892e26ed980c0b09c6acad6
<Turbolinux 7 Server>
Source Packages
Size : MD5
nfs-utils-0.3.1-5.src.rpm
301972 0ebe00517b5dd438cc21089a02de882c
Binary Packages
Size : MD5
nfs-utils-0.3.1-5.i586.rpm
166847 7e0caf9f28efd87012f99e3e1698e6b7
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
nfs-utils-0.3.1-5.src.rpm
301972 16a086dd6c70bfd0d231102a63cee6aa
Binary Packages
Size : MD5
nfs-utils-0.3.1-5.i586.rpm
166931 1149eb56423ec66c5d30fa2e8fa7799a
<Turbolinux Server 6.5>
Source Packages
Size : MD5
nfs-utils-0.2.1-10.src.rpm
293899 2b85ea4e58b198bd1f33549b0371c997
Binary Packages
Size : MD5
nfs-utils-0.2.1-10.i386.rpm
182779 bce0fefb732e69fbf976d09cb789ea0f
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
nfs-utils-0.2.1-10.src.rpm
293899 7823e2a533c91a30d9deaeecce2cf402
Binary Packages
Size : MD5
nfs-utils-0.2.1-10.i386.rpm
182723 88a0bd90e5c177f45d465ffb9e2b9ff7
<Turbolinux Server 6.1>
Source Packages
Size : MD5
nfs-utils-0.2.1-10.src.rpm
293899 a2606b07141f0c61eda40b268e2e9d24
Binary Packages
Size : MD5
nfs-utils-0.2.1-10.i386.rpm
182624 d860de56917633f8cebb582fe8618b01
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
nfs-utils-0.2.1-10.src.rpm
293899 07428e4989ad861e53b1a697e0c5acd2
Binary Packages
Size : MD5
nfs-utils-0.2.1-10.i386.rpm
182697 d7c5d6d52dcd6a7ea86a2266d0ea71ea
References :
CVE
[CAN-2003-0252]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/HiEiK0LzjOqIJMwRAnrCAJ4lQKLxle+jiboY41TWLs4CzDXTBACgg2dz
9f1CdgxbUwHRNJlxk4zHFNI=
=sgTK
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists