| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200401221535.15606.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 22/Jan/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 22/Jan/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) lftp-> Buffer overflow
(2) tcpdump -> Multiple vulnerabilities in tcpdump
===========================================================
* lftp-> Buffer overflow
===========================================================
More information :
The lftp is a shell-like command line ftp client.
A buffer overflow vulnerability was discovered in the lftp FTP client
when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels"
command on specially prepared directory.
Impact :
The attacker could execute arbitrary code on the users machine.
Affected Products :
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
[Turbolinux 10 Desktop]
# zabom -u lftp
[other]
# zabom update lftp
---------------------------------------------
<Turbolinux 10 Desktop>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 02afd2811a68d6d2aaf35060b3424bde
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/lftp-2.6.11-1.i586.rpm
992246 44dc20c2e19421872f53d6d662b83036
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 18d409d022849172aa87fe212d079533
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
811850 32310dab35b76e007960a6200dd9bf75
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 e5be1ebe9aa810eecc1ca2a5e8e7eded
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
812242 50b63e5c20288850a03b01ac776382bd
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 75ed3f49328c0becd433220bbe61723f
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
855835 3fb2038e18b0d625021cc6293afb1111
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 7fbc000da3485af428a3f4e4a49b7a55
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
856189 2ab8dc55cdeb716cc258a827a4cb9956
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 08d35dd856f4fc20d7ab6bceef4078c0
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055172 f8e83b25ab05101fd0174c9a9b8cb50a
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 5e42a619b6062c174e090d0e489c1c8f
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055177 859b5330881c0cc82a6cc3f9b1dd2a62
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 a49c3938c3e3f092e8f003ab2acb8e46
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055167 9e172eea0c66a78bba547814cdf63e00
References :
CVE
[CAN-2003-0963]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0963
===========================================================
* tcpdump -> Multiple vulnerabilities in tcpdump
===========================================================
More information :
Tcpdump is a tool designed to prints out the headers of packets on a network interface.
The buffer overflow vulnerabilities were discovered in the ISAKMP and RADIUS
decoding routines of tcpdump.
Impact :
Remote attackers could potentially exploit these issues by sending
carefully-crafted packets to a victim.
Affected Products :
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
[Turbolinux 10 Desktop]
# zabom -u tcpdump
[other]
# zabom update tcpdump
---------------------------------------------
<Turbolinux 10 Desktop>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 658d11df7263293b7d766f7ffc866ccc
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
258006 a0594a9d6fbc92401a2dc24376310a2b
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 c9ce45a6207351c44cc36a67a420369e
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260371 55ea9ee44cfaddffaf00185b3742c22e
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 23f4f97ca13382a50a7e6ddff74f15d0
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
260353 3129568a7958617a3d62c31417e81c86
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 4b7f12431243188bfc6f5f4f0c4f31bd
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254797 76965cac8c2a72e977b15d4c89b3e70a
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 3c794815c4ed1d59f9e049f18cb182e3
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
254840 fa1749b1872fb1ee4d691fe013901e0d
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 9cc994e105372927bb073fc08ec873a5
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 531cfec072bfe787250491d9f40dd26b
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 fee82ff4bf36960d651662b0eb4df445
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248989 18b4d244206f975580aec81cd0c29da7
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 b77ec7657d1f7023a4c23c4e5e36f9dd
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248953 e2966bbcbd4b1dbca887aefa68bed918
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
533354 decc8749c84db2f28b5f3029653aa148
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
248963 cce7a0508f7741046ec1e1103ef80102
References :
CVE
[CAN-2003-0989]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
[CAN-2004-0055]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
[CAN-2004-0057]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
Turbolinux Security Advisory
[TLSA-2003-14]
http://www.turbolinux.com/security/TLSA-2003-14.txt
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAD28eK0LzjOqIJMwRAjh9AKCEJybQKDFq++Sfdx3uutXc0ABWggCcD631
u0P8hToeuySCKqtJxYdX0jg=
=zK+N
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists