| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308271932.57663.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 27/Aug/2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 27/Aug/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) gdm -> Multiple vulnerabilities in gdm
(2) perl -> Cross-site scripting vulnerability
===========================================================
* gdm -> Multiple vulnerabilities in gdm
===========================================================
More information :
Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm,
the X Display Manager.
GDM contains a bug where GDM will run as root when examining the
~/.xsession-errors file when using the "examine session errors" feature,
allowing local users the ability to read any text file on the system by
creating a symlink.
The vulnerability in the XDMCP ( X Display Manager Control Protocol)
support for GDM allows attackers to cause a denial of service.
The XDMCP is disabled by default
Impact :
These vulnerabilities may allow local users to read arbitrary files
on the system by creating a symlink and allow an attacker to create
a DoS condition on the GDM.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
gdm-2.2.0-8.src.rpm
839151 2745751916d7d6a0c6497cc1d4623f99
Binary Packages
Size : MD5
gdm-2.2.0-8.i586.rpm
292402 8109780f85b19b6e4189cf225e1b2c38
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
gdm-2.2.0-8.src.rpm
839151 8c61ac0da13c4c995719847f482a5c22
Binary Packages
Size : MD5
gdm-2.2.0-8.i586.rpm
292384 6cbfaf701d9b7d350d26b0d9c508e12b
<Turbolinux 7 Server>
Source Packages
Size : MD5
gdm-2.2.0-8.src.rpm
839151 02bda77040bb605843c8aaf66f1e2a75
Binary Packages
Size : MD5
gdm-2.2.0-8.i586.rpm
289789 189fc1febae0810d8883e8542f86a299
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
gdm-2.2.0-8.src.rpm
839151 2f2a9b8e33ed92fecfeab0aa5ddf2085
Binary Packages
Size : MD5
gdm-2.2.0-8.i586.rpm
290002 19e30a0035b272225d4c2b59e1258431
<Turbolinux Server 6.5>
Source Packages
Size : MD5
gdm-2.0beta4-26.src.rpm
413935 d91de875c999c2a2e3f3467d421299ea
Binary Packages
Size : MD5
gdm-2.0beta4-26.i386.rpm
160220 38244a585d0202b6ee52c382ebadb811
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
gdm-2.0beta4-26.src.rpm
413935 88c4a62750a21df37c4d4a9ada946c49
Binary Packages
Size : MD5
gdm-2.0beta4-26.i386.rpm
160239 deba6007079ecca771564fe224cef472
<Turbolinux Server 6.1>
Source Packages
Size : MD5
gdm-2.0beta4-26.src.rpm
413935 0dd49d4c79840727bb66d15c6f1c44ec
Binary Packages
Size : MD5
gdm-2.0beta4-26.i386.rpm
160260 5beea74732e7730db54d975ea44ce4a6
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
gdm-2.0beta4-26.src.rpm
413935 344ad57f0d9eb057a03107f9b2d5eace
Binary Packages
Size : MD5
gdm-2.0beta4-26.i386.rpm
160172 719323f6e65acd14f808831a1666e6a3
References :
CVE
[CAN-2003-0547]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0547
[CAN-2003-0548]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0548
--------------------------------------------------------------------------
Revision History
27 Aug 2003 Initial release
--------------------------------------------------------------------------
===========================================================
* perl -> Cross-site scripting vulnerability
===========================================================
More information :
Perl is a high-level programming language with roots in C, sed, awk and shell scripting.
A cross-site scripting vulnerability exists in the start_form() function from CGI.pm
Impact :
This vulnerability may allow an attacker to execute arbitrary web script
within the context of the generated page.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 161122e722aa4b12f493a280f5ffae5b
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6136602 dad9a80f98ea3e6b9863064b308dd6e0
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 12062a758554d2f15f11c9ae00fec8f0
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6138917 8c3f2f1aa9aa7db37ea3ee26614473b9
<Turbolinux 7 Server>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 9a79eb0b0f9c3ae0aa5c36d8669fc14d
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6144484 51f6034c17d857ae205133c4f8a4dc24
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 78604c309ecf01cb534c4bc8e7a0a618
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6143560 32de01ffd3b43e0d0310560c5a62ed58
<Turbolinux Server 6.5>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 1c948e0b20cc3b5275f67e78026a2cc2
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5001209 06cce83129d2e0726df16ad8ab1cad58
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 534ac5e7390a1a1e65d0460cc4e1b433
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5001282 80e8a1034dcf7571ffc3dc765659db64
<Turbolinux Server 6.1>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 a48e668417213d17b8e2505261de124a
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5002105 ada00e70a55c05e04368bd0456ebf93b
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 e59332920321d362c5409499ba863140
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
3817193 ee9799db6e988aa888b5912402a88989
References :
CVE
[CAN-2003-0615]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
--------------------------------------------------------------------------
Revision History
27 Aug 2003 Initial release
--------------------------------------------------------------------------
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/TIjVK0LzjOqIJMwRAs08AKClvYsnMbJbxSIOJBInVNfiX0DeIACfUz8n
Q/8nP7VKL4Z9ufS60yFmZjQ=
=oOrJ
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists