[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309182325.16780.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 18/Sep/2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 18/Sep/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) sendmail -> Buffer overflows
===========================================================
* sendmail -> Buffer overflows
===========================================================
More information :
Sendmail is a Mail Transport Agent, which is the program that moves mail
from one machine to another.
The potential buffer overflows are in ruleset parsing and address parsing for sendmail.
Impact :
This vulnerability may allow a remote attacker to execute arbitrary code.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/sendmail-8.12.10-1.src.rpm
1912561 f7de782020dc1ce8a6b76eb0d6b114cf
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-8.12.10-1.i586.rpm
441242 be71fac781809586926a078457bccff1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-cf-8.12.10-1.i586.rpm
146120 bc430c2b4c47f37c5e3edfe37fd77e88
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-doc-8.12.10-1.i586.rpm
428389 de0745c6048b392fd6048eec781da44e
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/sendmail-8.11.6-12.src.rpm
1415614 f54e38d2351635612b774c1907498437
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-8.11.6-12.i586.rpm
261197 bdf774ab5c2bb9dc5a5e27e5f87e7cc7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
118439 9675379be59da47084944b402f490cd7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm
338246 426198e8d6a5dae9ddcf0907656ff874
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/sendmail-8.11.6-12.src.rpm
1415614 3d088103e72d63c39481eaed958292e3
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-8.11.6-12.i586.rpm
258812 fc4c6b30a2efdc8f54c3a9e5c6dde079
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
118054 d86e31c8713b487ea6aa090a98c2286e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm
338227 0ed048d1534aa1bb2544505d40145e3d
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/sendmail-8.11.6-12.src.rpm
1415614 fc3a162b40b92dff1c7361dce7ac0c00
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-8.11.6-12.i586.rpm
258758 e3a97ce6aea99dc9e780d5d23ba4f230
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
117933 8b0024d5a447f9ba9a1946c0c1beb590
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm
338224 f3bda4e76bf9dea86d8ddd3005315a65
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/sendmail-8.9.3-31.src.rpm
1157319 429a3c57c35dc8fbeb9de0139080fe5a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-8.9.3-31.i386.rpm
224979 84149cc950674b0de6b27b21b6d0546b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm
113601 62c1ef254d301d98d29504536a163016
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm
496648 b8b205e809562fa8ea6b7811e5907661
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm
1157319 cb753b03b23c2c6af8a0d89852f231dc
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm
224978 0c7c597e4bfd54171b92437a5ac350ae
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm
113630 37020febb00065ca3d43a01180ff3f21
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm
496668 65dde27ccd36fcb288e8ff7b9a131f3a
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm
1157319 052b73cf7f20401e2b32a3c1e9d8381a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm
224973 3d43adb320abf82d6c7a9e8c1d2b37fc
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm
113608 8e67e1541ccdd7f8aafa2014045f03cf
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm
496644 beaffcfc9ef02f8dd80aec49a762e4eb
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm
1157319 d7928ec559b68bd180fb5e89aaf0b62c
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm
224957 f0536d676dba91389866197b29bc8210
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm
113500 4e26f52c7eb1584118bda2a8ded7ea6b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm
496649 78e5050bb4bbd14572eab0bfea6b6b75
Notice :
After performing the update, it is necessary to restart the sendmail daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/sendmail restart
or
# /etc/rc.d/init.d/sendmail restart
---------------------------------------------
References :
sendmail.org
[Sendmail 8.12.10]
http://www.sendmail.org/8.12.10.html
CVE
[CAN-2003-0681]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681
[CAN-2003-0694]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
--------------------------------------------------------------------------
Revision History
18 Sep 2003 Initial release
--------------------------------------------------------------------------
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/acBEK0LzjOqIJMwRAsobAJ0cexJLb7NKWBRG79QGWDsfzrsKsQCcDZIN
BlE22pvM/GU4CO7lFVvi9+4=
=3k5M
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists