lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307231446.30486.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 23/Jul/2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 23/Jul/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) ypserv -> Ypserv denial of service attack


===========================================================
* nfs-utils ->  nfs-utils xlog() off-by-one bug
===========================================================

 More information :
    The nfs-utils package provides a daemon for the kernel NFS server and related tools.
    The logging code in nfs-utils contains an off-by-one buffer overrun
    when adding a newline to the string being logged.

 Impact :
    This vulnerability may allow an attacker to execute arbitrary code or
    cause a denial of service condition by sending certain RPC requests.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   nfs-utils-0.3.1-5.src.rpm
       301972 be1815824c75a18fac57c7fd51de68f9

   Binary Packages
   Size : MD5

   nfs-utils-0.3.1-5.i586.rpm
       167987 e7f2f56bc6ede4c00604eb57aba483e7

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   nfs-utils-0.3.1-5.src.rpm
       301972 8b974af4125a75bbbee1f4e700581861

   Binary Packages
   Size : MD5

   nfs-utils-0.3.1-5.i586.rpm
       168119 992595dc1892e26ed980c0b09c6acad6

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   nfs-utils-0.3.1-5.src.rpm
       301972 0ebe00517b5dd438cc21089a02de882c

   Binary Packages
   Size : MD5

   nfs-utils-0.3.1-5.i586.rpm
       166847 7e0caf9f28efd87012f99e3e1698e6b7

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   nfs-utils-0.3.1-5.src.rpm
       301972 16a086dd6c70bfd0d231102a63cee6aa

   Binary Packages
   Size : MD5

   nfs-utils-0.3.1-5.i586.rpm
       166931 1149eb56423ec66c5d30fa2e8fa7799a

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   nfs-utils-0.2.1-10.src.rpm
       293899 2b85ea4e58b198bd1f33549b0371c997

   Binary Packages
   Size : MD5

   nfs-utils-0.2.1-10.i386.rpm
       182779 bce0fefb732e69fbf976d09cb789ea0f

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   nfs-utils-0.2.1-10.src.rpm
       293899 7823e2a533c91a30d9deaeecce2cf402

   Binary Packages
   Size : MD5

   nfs-utils-0.2.1-10.i386.rpm
       182723 88a0bd90e5c177f45d465ffb9e2b9ff7

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   nfs-utils-0.2.1-10.src.rpm
       293899 a2606b07141f0c61eda40b268e2e9d24

   Binary Packages
   Size : MD5

   nfs-utils-0.2.1-10.i386.rpm
       182624 d860de56917633f8cebb582fe8618b01

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   nfs-utils-0.2.1-10.src.rpm
       293899 07428e4989ad861e53b1a697e0c5acd2

   Binary Packages
   Size : MD5

   nfs-utils-0.2.1-10.i386.rpm
       182697 d7c5d6d52dcd6a7ea86a2266d0ea71ea


 References :

 CVE
   [CAN-2003-0252]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/HiEiK0LzjOqIJMwRAnrCAJ4lQKLxle+jiboY41TWLs4CzDXTBACgg2dz
9f1CdgxbUwHRNJlxk4zHFNI=
=sgTK
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ