lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200405281655.42627.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 28/May/2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 28/May/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) cvs -> Two issues have been discovered in cvs
 (2) tcpdump -> Two issues have been discovered in tcpdump
 (3) apache -> Multiple vulnerabilities in apache

===========================================================
* cvs -> Two issues have been discovered in cvs
===========================================================

 More information :
    CVS is a front end to the rcs(1) revision control system which extends
    the notion of revision control from a collection of files in a single
    directory to a hierarchical collection of directories consisting of
    revision controlled files.

    - The client for CVS allows a remote malicious CVS server to create arbitrary files using
      certain RCS diff files that use absolute pathnames during checkouts or updates.

    - CVS contains a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached.
      This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. 

 Impact :
    This vulnerability may allow attackers to cause the CVS server to create directories or
    files in your system.
    An attacker that has access to a CVS server could use this flaw to execute arbitrary code
    under the UID which the CVS server is executing.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use the turbopkg (zabom) tool to apply the update.
 ---------------------------------------------
 [Turbolinux 10 Desktop]
 # turboupdate
 # zabom --update cvs

 [Other]
 # turbopkg
 # zabom update cvs
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   cvs-1.12.8-1.src.rpm
      2544223 b833bb39e41f301afe3e96c62e32af6f

   Binary Packages
   Size : MD5

   cvs-1.12.8-1.i586.rpm
      1033658 66144d4082879e66ad7ab80fa5df5d58

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   cvs-1.12.8-1.src.rpm
      2544223 e08ecd7234b78097fed5f5e1c789d10d

   Binary Packages
   Size : MD5

   cvs-1.12.8-1.i586.rpm
      1033420 542602cb4b70b59c1304c3337d3373da

 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 1d8dcc792ce2f99e0a187ad2a530f704

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cvs-1.12.8-1.i586.rpm
      1040140 38d3ad9525bbaaacf775eb1d5aafbb75

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 6ac72c0a561b10b0d254f19ff3ec1fa3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cvs-1.12.8-1.i586.rpm
      1033625 f36bce658669efc451d722accc6e8ffb

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 ae92dd21e05a28885d5de0bc5a61bf65

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cvs-1.12.8-1.i586.rpm
      1033405 52eee7509020fa428b2d8b0ed1cb2549

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 7edbab723dadd1d48eec3ecc3c5c1f4b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/cvs-1.12.8-1.i586.rpm
      1019809 2b16a9e657d95c382306da81c2ac6022

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 b88e4b2fc37ed34a6a7b8cf8cdc7d6fe

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/cvs-1.12.8-1.i586.rpm
      1020848 d117a8cb93d81a2a72ff1450ebbe6674

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 ce5cc9114a8f4ad349a41ab774cb69e6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/cvs-1.12.8-1.i386.rpm
      1170600 1dad34925cae29640b1aa924a85ec76d

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 98bd94de8a644f96a7aef01427cc7cde

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
      1170553 49a5485e9969d532139e560c34802171

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 82d2dcdb1d81bfdcc9733d3c8f23410e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
      1170583 45b87a71d99db6ed43c03a6860bfad14

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
      2544223 eae06ac1884c65f3064691529bb3e7c3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
      1170505 ddc031af995b018c6f64ba6c63252027


 References:

 US-CERT
   [TA04-147A -- CVS Heap Overflow Vulnerability]
   http://www.us-cert.gov/cas/techalerts/TA04-147A.html

 CVE
   [CAN-2004-0180]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
   [CAN-2004-0396]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396


===========================================================
* tcpdump -> Two issues have been discovered in tcpdump
===========================================================

 More information :
    Tcpdump is a tool designed to prints out the headers of packets on a network interface.
    The buffer overflow vulnerabilities were discovered in the ISAKMP decoding routines of tcpdump.

 Impact :
    Remote attackers could potentially exploit these issues by sending
    carefully-crafted packets to a victim. 

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use the turbopkg (zabom) tool to apply the update.
 ---------------------------------------------
 [Turbolinux 10 Desktop]
 # turboupdate
 # zabom --update tcpdump

 [Other]
 # turbopkg
 # zabom update tcpdump
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   tcpdump-3.8.3-2.src.rpm
       575692 8f1b579e91197e680af0360a7315bc14

   Binary Packages
   Size : MD5

   tcpdump-3.8.3-2.i586.rpm
       264777 1f628764c02f67b895d9086c223b9cef

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   tcpdump-3.8.3-2.src.rpm
       575692 366921eb1f3e003de8a36a1850c4ac38

   Binary Packages
   Size : MD5

   tcpdump-3.8.3-2.i586.rpm
       264648 5f5fe7e9f496db2a890c3203c26833e7

 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 b2ab652f74f5f2405865bbbf1e6c0c6c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
       261771 451fd494f2ca01d0d5ada6e41381a2e4

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 e8b9bdfe0e122864d0603817489785a9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
       264667 8afae3502fac1e2e2eccc04f36e6bbb6

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 0c1926cf613e0f568b430cb693f10a09

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
       264642 2fe5be2bd5c5abda40c5e8bf7b0ec266

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 d0fb472490f6b6f1e2134ef1b28ecc30

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
       258792 cb855384260230be84d1fecff5131efa

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 8b5e63401066837e68e34365c95dc4cc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
       258706 23bcbca7994890a841b9fd0bd0a251ef

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 29bc899b80e97dcc76d65070c53d7c06

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
       253215 1861c58d856e5cb379bef561cac665af

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 d1fe5c778d45483c256048facd94495a

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
       253211 a18f5fa2b39bdd16a36a9751e35ff47e

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 11c3ca0ddedbcae2f719c6190f385c06

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
       253225 5be638ba8dea675e9205d7d1087b9841

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
       575692 2cdc5649cd60871d57e0425b71ed39a9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
       253229 382c6909a47ebe6164fe19b93647ee2c


 Reiferences :

 www.tcpdump.org
   [tcpdump-changes]
   http://www.tcpdump.org/tcpdump-changes.txt

 CVE
   [CAN-2004-0183]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183
   [CAN-2004-0184]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184


===========================================================
* apache -> Multiple vulnerabilities in apache
===========================================================

 More information :
    Apache is a powerful, full-featured, efficient, and freely-available Web server.

    - Apache does not filter terminal escape sequences from its error logs,
      which could make it easier for attackers to insert those sequences
      into terminal emulators containing vulnerabilities related to escape sequences.

    - mod_digest for Apache does not properly verify the nonce of a client response by
      using a AuthNonce secret.

 Impact :
    A third party may gain unauthorized access to a web server. 

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update apache apache-devel apache-manual mod_ssl
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   apache-1.3.27-23.src.rpm
      3104221 c62c1249139f17852aba2a4f8e976700

   Binary Packages
   Size : MD5

   apache-1.3.27-23.i586.rpm
       501592 61a908c8f6b325b34e18782a5623ebab
   apache-devel-1.3.27-23.i586.rpm
        94278 74a131e6990c18cd86a86655cec91099
   mod_ssl-2.8.14-23.i586.rpm
       181149 b17be2efd850d43668c1ace32a80b076

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   apache-1.3.27-23.src.rpm
      3104221 a3a4b02dd3079169ddfed1c73e11fd4e

   Binary Packages
   Size : MD5

   apache-1.3.27-23.i586.rpm
       501539 df2a88cb00e7c315995dc12dd2ad9298
   apache-devel-1.3.27-23.i586.rpm
        94096 71c5c5bf97c8d76e6851cfbdc62eb112
   mod_ssl-2.8.14-23.i586.rpm
       181120 4bcf9b8a5622f275a000901fdd65041c

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 fae6385e7dd7b5d2206078c119e59955

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-23.i586.rpm
       501380 ba8a8b856724b0c40fc9d93b417b8090
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94116 fefbb5128a71f48bc1b479bfd9e2f964
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850102 894ab60db4c481e657cb2070df7ccfb6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       181001 5a140863eec56d160e6ac0201859c7fc

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 8c69532031a4db7c9e26dc5d2300cee9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-1.3.27-23.i586.rpm
       501428 2ca754a87193d855e0eec0208db7656f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94141 b72f561542781658bceaa318a7cce4ec
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850361 7b026bd15eeb5d540dacddec9e88ae33
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       180937 64d6422dad738b7492c2d4dfe75e02f1

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 e8888ee7ad0be1f1f2d340eab4d2e282

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-1.3.27-23.i586.rpm
       487526 7ce095cabb03c8f9a3685d4e0a903d12
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94158 07a772f8a2946a44f85536c8ef9be9d0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850325 7a3f80c26378c56e892b0532b1dac542
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       178538 6e38f124e06aeeedd724ec19ad640c69

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 eda5f2c70c693059619ae779ef7e5e32

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-1.3.27-23.i586.rpm
       487425 ee3f380641a272cea36c29112ac48945
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94165 94d4ea71797f204177f608df49a18e06
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850245 d24632ebdfd6282d7a4ca3188a8a3392
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       178704 47ebafb153d886d6d6fc1eab0de304a8

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 bb8185361df260baa1f82e2fb00238c4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-1.3.27-23.i386.rpm
       574103 345b50f95b4dcf5e157ce42544e5257b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110319 72a5a542c40fb13e7655e262bb90020f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1088349 d4dc2892b7bd051f10548f3469c3f399
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191829 7d73f18b30b3b66338ae54f242becc95

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 ab48dbcecff93759e28937238333d17d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574418 b23e9d600c8c238f816c5bd0384a5a3f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110279 40edfbf79b0281dac916b9047b32ada7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089057 5d71326057b45bbc8720ff2fdd5fdcf3
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191898 3603df1c0badb941fe8222876246ad47

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 118886ebb423bbc369db26cad739a2ae

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574226 616250d1c67bdfb3c4fc1936c3e22b25
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110287 b41abb5ba773549a986caf0a00fc21b1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089381 f2c34f7bc06fd381ecfa424992323e21
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191864 b35b6e929225c85170d24a32c6566754

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 f4874cf86944e7292f9410e66b3e57d1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574148 d10b21fa6e652e7f5963ae30d638d3f0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110308 6c8cd18830f592259706af09fb547dcb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089368 b3e894e3d0eebdcc8286da19d0612b72


 References:

 The Apache HTTP Server Project
   [Changes with Apache 1.3.31]
   http://www.apache.org/dist/httpd/CHANGES_1.3

 CVE
   [CAN-2003-0020]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
   [CAN-2003-0987]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
   [CAN-2003-0993]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
   [CAN-2004-0174]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtvB6K0LzjOqIJMwRAu4FAJ9wHFvFIHhN259LAd+IxGZfYydavgCaAvuj
nRmNe7MBYyfvapH9xG8Euec=
=OztO
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ