| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200408112139.47278.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 11/Aug/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 11/Aug/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) libpng -> Multiple vulnerabilities in libpng
===========================================================
* libpng -> Multiple vulnerabilities in libpng
===========================================================
More information :
The libpng package contains a library of functions for creating and manipulating
PNG (Portable Network Graphics) image format files.
Multiple buffer overflows and a potential NULL pointer dereference in libpng
allow remote attackers to execute arbitrary code via malformed PNG images.
Impact :
This may allow remote attackers to execute arbitrary code via malformed PNG images.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u libpng libpng-devel
[other]
# turbopkg
or
# zabom update libpng libpng-devel
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
libpng-1.2.4-6.src.rpm
401986 2bf547749b4db01ab735a0b3339e20a3
Binary Packages
Size : MD5
libpng-1.2.4-6.i586.rpm
136121 615e4c84f4de23730382719da42ef395
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
libpng-1.2.4-6.src.rpm
401986 925ef8cd5b5a5c9dc57c77051992cdf3
Binary Packages
Size : MD5
libpng-1.2.4-6.i586.rpm
136024 caae4fd1f5323ffe5a6ee20912de973b
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-1.2.5-7.src.rpm
391811 46947a527b4cd5dc78aadf2b4d2c7261
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 7e816499cadf8a06bf3149caceb8affd
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-1.2.5-7.i586.rpm
135362 06f452d92b8301195daad8dd50c0c3c8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm
126147 8d2d31880d517b9e6bf745bccc54e7c9
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm
152774 ed6258e00a3f5bbf53238a1b3844bffa
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-devel-1.2.5-7.i586.rpm
162732 8678def943d3c96fff879aa28fc261e3
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-1.2.4-6.src.rpm
401986 5fe0de02a33914de99aebd6cb6dd9df0
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 61d1560e4ef8fed88d692ad25d6b478a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-1.2.4-6.i586.rpm
136010 4dd58ba3496bca4b8a0638fc55faf3c8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm
127719 20db3be96e43ba614e995df4d79e24ff
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm
151400 439f3944ebe2d933a87a3ac30efc4c2a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-devel-1.2.4-6.i586.rpm
159730 a20019b49ccd938c2b81cc68caf68bbc
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libpng-1.2.4-6.src.rpm
401986 9636976c4d16dde18a3e19ffcc6d16fd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 9ff5dba68cb734cfb88187532539efca
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-1.2.4-6.i586.rpm
136088 74e0096821f3aad31636b2016a18b65f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm
127742 8729afed9d2cd422854c8277d6bca9cf
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm
151353 f81f7f670176bad83257925e72b14dee
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-devel-1.2.4-6.i586.rpm
159786 091c305cbb0aadb972081d647f584321
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 e0036bead06655145ef106b4489edc05
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 7ce207084cc91d347270d1f700ad2a91
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-1.0.12-8.i586.rpm
125642 c3be47770f71d9e4067ce5f37f2e21a2
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm
125091 91936d2c9c0ce3c1d3b665eb21c1a965
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm
147172 63464e9aeb6f2d0a3b3bb4feb5bde307
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-devel-1.0.12-8.i586.rpm
147675 ed408da221957bb46762f621e1a3cb72
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 b07298e0b9701c81803a4d2f10e1e741
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 398fb603d8c1078dd56c97a19d59b322
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-1.0.12-8.i586.rpm
125613 5728ec3dfaa5a653487cd87744520c2d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm
125079 6c34fd616c40dc75283beb58a8df5712
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm
147175 82102e85a964ac1563ff70f59f238e91
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-devel-1.0.12-8.i586.rpm
147694 d17ebd83a5ae8574c4eb88f9c6752d12
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 ca1eea769ffbe109c051f3f8cd105968
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 444468d366d7bb30a9fdfecacbaa1cde
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-1.0.12-8.i386.rpm
144367 98110bc536097acaab38eed9adf5d11e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm
143881 befa6e8acd037ea624f7188d563f5269
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm
152987 354d4e08a4e08e9bcc396601664edbf5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm
153432 3e14277128f2a201f74474d76f298cb2
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 8803c8355a6455d09c5ada4fa3581c44
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 fb3726afb87ff38c6885a3401f5ebeb8
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm
144363 aa3ef79ecfccdbeb20a8059a0bada612
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm
143879 5660c9e168c7bdc57851b5d68086522d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm
152976 c1033e23f76070ff405e4df8802adf37
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm
153421 174b1e6d5c8b520027f229bc24098f7f
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 0eebef54db455d8d0c1a14346346058d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 ba42645d8aa46c7e91e5d0888267b47a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm
144364 4b1c38cf1c273676c44ef0c2aa6c70a8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm
143886 363ccae231ed36f175e11c87a6563062
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm
152977 bbe83b121327fe679bd4df8600e698e0
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm
153423 6b8a7c06f13cc0a549e7e8450b4d478f
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm
493276 7c5a305386c2f73d98fc2379755d590c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm
492223 560ee4ef0a19df23a0ddef7f5a72a9a5
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm
144365 1c34fa1b01fff277c24f8394673580d2
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm
143897 198fe93fe05b378e0933724418e6bdc5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm
152972 c95f1d7871543154b5ddbcca110956e9
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm
153426 44ec500a63d287c7f1f61bda9e1ab43e
References:
CVE
[CAN-2004-0421]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
[CAN-2004-0597]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
[CAN-2004-0598]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
[CAN-2004-0599]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBGhORK0LzjOqIJMwRAsyBAJ98h5FukVq2TkUjqSmUUJPUOWbbvgCfZUEv
PEKcLdiJ0cKiB6lSYy3WB4M=
=Kb4P
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists