lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 16/Sep/2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 16/Sep/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) krb5 -> Double-free vulnerabilities allow abritrary code execution
 (2) php -> Non-filtering of null characters allows processing of dangerous tags
 (3) squid -> Vulnerability allowing bypassing of access control lists
 (4) samba -> Recently discovered buffer overflow vulnerabilities
 (5) cdrtools -> euid program
 (6) imlib -> Multiple reported buffer overflow vulnerabilities
 (7) httpd -> Two vulnerabilities discovered in httpd

===========================================================
* krb5 -> Double-free vulnerabilities allow abritrary code execution
===========================================================

 More information :
    Kerberos V5 is a trusted-third-party network authentication system,
    which can improve your network's security by eliminating the insecure
    practice of cleartext passwords.

    Double-free vulnerabilities exist in MIT Kerberos 5.

 Impact :
    Allows remote attackers to execute arbitrary code.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u krb5-devel krb5-libs krb5-server krb5-server

 [other]
 # turbopkg
 or
 # zabom update krb5-devel krb5-libs krb5-server krb5-server
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   krb5-1.2.5-15.src.rpm
      5517434 ed8f49991f1522edb5bc0a70d8e784c1

   Binary Packages
   Size : MD5

   krb5-devel-1.2.5-15.i586.rpm
       538565 4c2a133f8020ce1d496f2a98358f2905
   krb5-libs-1.2.5-15.i586.rpm
       638443 6f6b12674fcad5cb54f7217710fdab5a
   krb5-server-1.2.5-15.i586.rpm
       602362 be44d53907e93483422234a8cbca86b4
   krb5-workstation-1.2.5-15.i586.rpm
       601953 1cbe0486d979fb22cb28667fa173e682

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   krb5-1.2.5-15.src.rpm
      5517434 5e5d2206a82188bbc18c4d64d21d79cf

   Binary Packages
   Size : MD5

   krb5-devel-1.2.5-15.i586.rpm
       538347 8c5da942c8cce6f96c262e8bb2f01c99
   krb5-libs-1.2.5-15.i586.rpm
       638600 4caa141b2c6d7a0ab412aaa3436215ea
   krb5-server-1.2.5-15.i586.rpm
       602767 5610b9e3b3749f9febf04b0c2a517b63
   krb5-workstation-1.2.5-15.i586.rpm
       601875 1e9b47473730cf84c8e4030bb1a844e1

 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/krb5-1.2.5-15.src.rpm
      5517434 3b81c31d80f99fa91c3e647fd327337c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-devel-1.2.5-15.i586.rpm
       577318 cb7ef4827cee8789de73c05ee5bf7e73
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-libs-1.2.5-15.i586.rpm
       343425 774777d19c467b4a155592193df36acb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-server-1.2.5-15.i586.rpm
       601753 7b73e1c17a36992c2f24079981d53d91
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-workstation-1.2.5-15.i586.rpm
       591287 58c3d0ac67c604394c9ac8177231472e

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/krb5-1.2.5-15.src.rpm
      5517434 79a0e8ebe4646d2439dff38c61c4697c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-devel-1.2.5-15.i586.rpm
       576177 51e8f5b891bcc849581adbde8260ed61
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-libs-1.2.5-15.i586.rpm
       639231 472a5684e98f05f441735814414d1602
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-server-1.2.5-15.i586.rpm
       602771 4efde019247ee9e0f07f449424089741
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-workstation-1.2.5-15.i586.rpm
       602058 217b68738b9ce8f7a443cbf210336f66


 References:

 Kerberos: The Network Authentication Protocol
   [MIT krb5 Security Advisory 2004-002]
   http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt
   [MIT krb5 Security Advisory 2004-003]
   http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt

 CVE
   [CAN-2004-0642]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642
   [CAN-2004-0643]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643
   [CAN-2004-0644]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644
   [CAN-2004-0772]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772


===========================================================
* php -> Non-filtering of null characters allows processing of dangerous tags
===========================================================

 More information :
    PHP is an HTML-embedded scripting language.
    The strip_tags function in PHP, does not filter null (\0) characters
    within tag names when restricting input to allowed tags.

    This allows dangerous tags to be processed by web browsers such as Internet
    Explorer and Safari, which ignore null characters; this facilitates the
    exploitation of cross-site scripting (XSS) vulnerabilities.

 Impact :
    Bug allows dangerous tags to be processed by web browsers such as Internet
    Explorer and Safari.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update php php-gd php-imap php-ldap php-manual php-mysql php-pgsql
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   php-4.2.3-19.src.rpm
      3595053 c5665ad3dfdc9b2c47df0324e328839c

   Binary Packages
   Size : MD5

   php-4.2.3-19.i586.rpm
      1631015 77b646a14c8f3ee3f19dac0ad449bb5d
   php-gd-4.2.3-19.i586.rpm
        30936 41f5017420fe063f3398fa916d80c02d
   php-imap-4.2.3-19.i586.rpm
         8924 0f6327426c38c905578a517d56cd8c8f
   php-ldap-4.2.3-19.i586.rpm
        24373 587fb2a24cd98de18b1a3a137245d56b
   php-manual-4.2.3-19.i586.rpm
       341528 cd81ac7b368b227e2edd1603f9cc5e48
   php-ming-4.2.3-19.i586.rpm
        32944 1739caa35757dd9b4d3a5d59f5bd256c
   php-mysql-4.2.3-19.i586.rpm
        90514 190b14a4a296773ab4af7c258aa197c2
   php-pgsql-4.2.3-19.i586.rpm
        35173 346b240a7e308808e8521fe2ed667b4b

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   php-4.2.3-19.src.rpm
      3595053 c8783be19d61d2273c78a9303ef27358

   Binary Packages
   Size : MD5

   php-4.2.3-19.i586.rpm
      1631015 cc062d269ab438d266623e0fd699fe06
   php-gd-4.2.3-19.i586.rpm
        30936 f16e2ee4c1c77842b88a72f84b741ccc
   php-imap-4.2.3-19.i586.rpm
         8924 26cb4e93c285ffb1b67630b3f8690f21
   php-ldap-4.2.3-19.i586.rpm
        24373 c0e61dbec891cdcf6068a33b42ac4eeb
   php-manual-4.2.3-19.i586.rpm
       341528 6cf984f840d4ae781f0e15052ec2c1b6
   php-ming-4.2.3-19.i586.rpm
        32944 00331f4b38361c4700f5510a67b1ef89
   php-mysql-4.2.3-19.i586.rpm
        90514 d4d8546a52ca7b25c75066b02c48f99b
   php-pgsql-4.2.3-19.i586.rpm
        35173 9da7ffe196a63ac4535f8200840d5219

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 b8cfa0df501e49b5b3f0e07129157097

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-18.i586.rpm
      1630931 c0931e43f76440e1228c87a845219cf8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
        30794 387736b1a1bcae63c15ad2c9a0c22d9c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8778 5fc23ff382c1c65f78279b8a2cab0aa1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        24242 9dea304cc1189e525cd1663e3135c0f4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341339 a614767749adab8e73d13de90c87fc1a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
        32790 15df856e70940df33b9c0b8eb20d8ad7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        90377 0ac3a2fe05f05f9a18a32f1b46350e73
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        35044 7b9e0325c77e699c07511d4c155f6701

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 53572cc94259f49e5b1431afd60738cf

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-18.i586.rpm
      1631918 7de3bbc72e4ec14cc076f40975b576d1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
        30750 00d7e52198c52a84bf3b6a01b74ed09e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8778 f48ba9d576d56ffe1dade4a08c1d69d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        24251 6335de34555ab561591b44932977597b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341306 1ba564f74da044e2cba3ebca42c0445d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
        32765 294b36a3c4fda4678b0d483566489435
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        90390 cf762723f2372ceaae9aafe1d435fefe
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        35006 d893b278914eb9131069c0420d8bd08b

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 cf77d9a9c0f2c2867dea80071db19d66

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-18.i586.rpm
      1603039 87887fbe74a6f1fa3fab6871db182850
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8789 36db776c43e3b28ea5985a359fb9734f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        23812 5faaa8a4a2d9159acb0390054646b86e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341234 95687623e096bf7560dddab45c9b295b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        86194 5d5c6d7a371159773c76c43ce2ffc57f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        34876 8c87aec01c6a7ac4874d0344aa8707b3

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/php-4.2.3-18.src.rpm
      3594911 f30e9ec8cafd458f84ccb4dda299b8e1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-4.2.3-18.i586.rpm
      1602159 07c7d83963a28e69b90ec0d95590acfc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
         8782 5e1eb57bf77ab85142b2a9da349786ae
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
        23800 b076306891335cf0b46f0d8a70d82078
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
       341187 259382021ddfe2f0cf13f655c3bc7c6c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
        86170 bcf6637eca00621f9e7cd11a630678a6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
        34546 a4b2ca701c271ad27a1d553420fd7093


 Notice :
    After performing the update, it is necessary to restart the httpd daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/httpd restart
 or
 # /etc/rc.d/init.d/httpd restart
 ---------------------------------------------

 References:

 CVE
   [CAN-2004-0595]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595


===========================================================
* squid -> Vulnerability allowing bypassing of access control lists
===========================================================

 More information :
    Squid is a high-performance proxy caching server for web clients,
    supporting FTP, gopher, and HTTP data objects.  Unlike traditional caching
    software, Squid handles all requests in a single, non-blocking, I/O-driven
    process.  Squid contains a bug in the "%xx" URL decoding function.

 Impact :
    Squid allows users to bypass certain access controls.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update.
 ---------------------------------------------
 [Turbolinux 10 Desktop]
 # turboupdate
 # zabom --update squid

 [Other]
 # turbopkg
 # zabom update squid
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   squid-2.5.STABLE6-9.src.rpm
      1537249 adefcef8e5ea06b761c5b24b4625ca17

   Binary Packages
   Size : MD5

   squid-2.5.STABLE6-9.i586.rpm
       825027 d89f00274f13f48aed8febbc4d6074da

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   squid-2.5.STABLE6-9.src.rpm
      1537249 2b43bbc54587ead378e42fc7741db10b

   Binary Packages
   Size : MD5

   squid-2.5.STABLE6-9.i586.rpm
       825233 92cd7330fba772036ffd8133e228a7e8

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
      1537103 75a80e22d6114bbaced972e834623bc5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
       825297 349d1ac00a370a4f74dff6561d14af99

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
      1537103 442eab27d98907ae17c463e6659f4d75

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
       826938 3b2bab2fe5e77f7a69e05081df29f26c

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
      1537103 eefd85164d1615bf43aa0cc2e1f03ab6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
       831095 4962a5bd06f88fea0ce9139084c07617

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
      1537103 95bcaafa47d7362b5d8ea4c823c2d1d4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
       830754 5b85fedb0652e6280dcca9f4a64c6488


 Notice :
    After performing the update, it is necessary to restart the squid daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/squid restart
 or
 # /etc/rc.d/init.d/squid restart
 ---------------------------------------------

 References:

 www.squid-cache.org
   [Squid Proxy Cache Security Update Advisory SQUID-2004:1]
   http://www.squid-cache.org/Advisories/SQUID-2004_1.txt

 CVE
   [CAN-2004-0189]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189


===========================================================
* samba -> Recently discovered buffer overflow vulnerabilities
===========================================================

 More information :
    Samba is an Open Source/Free Software suite that provides seamless file
    and print services to SMB/CIFS clients.  Samba is freely available,
    unlike other SMB/CIFS implementations, and allows for interoperability
    between Linux/Unix servers and Windows-based clients.

    Buffer overflow vulnerabilities have been discovered in Samba.

 Impact :
    The vulnerabilities allow remote attackers to cause a denial of service
    of Samba server services.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u samba samba-devel smbfs

 [other]
 # turbopkg
 or
 # zabom update samba samba-devel smbfs
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   samba-2.2.7a-9jaJP.src.rpm
      7155061 8ca20f8ef7abff0378e156f6e9bfe691

   Binary Packages
   Size : MD5

   samba-2.2.7a-9jaJP.i586.rpm
     11138937 732a5963e730fbf32c246e8530454c8d
   samba-devel-2.2.7a-9jaJP.i586.rpm
       498335 e75b73f05219d89601d9019c3297c67d
   smbfs-2.2.7a-9jaJP.i586.rpm
       628623 d3c6953e5151682716063c1e24f1b0b9

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   samba-2.2.7a-9jaJP.src.rpm
      7155061 24f6ebac45b185817cbe8231971dcd9b

   Binary Packages
   Size : MD5

   samba-2.2.7a-9jaJP.i586.rpm
     11156327 6f227785d0b437fca45174e329663fd7
   samba-devel-2.2.7a-9jaJP.i586.rpm
       498628 bc0bac91bf5c3949de1323f053dd4717
   smbfs-2.2.7a-9jaJP.i586.rpm
       627672 3126e92cf4a7b362e453bc1f4080d891

 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
      7155061 8054927fe099982a397ac760ebc58d0c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
     11164913 358acd4f1e0275f790bfa3e35c716a93
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
       512109 e7f669d855d34ed44ae6565a6466827e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
       639529 829fe8f003115948175e4cae8597ab0c

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
      7155061 9c9d4d37608c616e6b57f6c973bb7af5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
     11156883 4b1d3ff6391208bb1deb9fee7684a0ef
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
       498741 3ea5d49c2241ac4ea559c03b339e911f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
       627730 abe304db0bcccceb7f70103748ced80d

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
      7155061 9f06dd9aeef0e728e3306c1437c8986a

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
     11156590 69ed28551d3d56c8d167afa0c112d3d1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
       499299 d10f2ad626244e714896947a4476c36f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
       628307 896bf734f803d586e2b4a1a13fcb62fd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
      7155061 c37a745290cc3cfb95f15930851ae7f7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
     11023429 77113ab8d22afcfc293638b28cb1fea2
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
       492829 cf806c7080241e15b0fea2900b2e5d50
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
       612783 01ec4e0edc4020d2ef99bfa47a2279a8

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
      7155061 d6fec4fc966dcb092ab90ec6b6ecd737

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
     11025378 bc2912f826163a4bbf0c7d642e2f246f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
       492071 80ad52dc4b60246b2b54644d62fe41c5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
       612799 40f4bcbd87fb84e7131d3718f94bbcab


 References:

 samba
   [Release Notes for Samba 2.2.11]
   http://us1.samba.org/samba/history/samba-2.2.11.html

 CVE
   [CAN-2004-0186]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
   [CAN--2004-0686]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
   [CAN-2004-0829]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0829


===========================================================
* cdrtools -> euid program
===========================================================

 More information :
    cdrtools is a collection of CD/DVD utilities.

    cdrecord, which is set-uid root, fails to drop the effective UID (of
    root -- euid=0) when it exec()s a program specified by the user via the
    $RSH environment variable.

 Impact :
    Allows local users to gain root privileges.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u cdda2wav cdrtools cdrtools-devel mkisofs
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   cdrtools-2.0-9.src.rpm
      2103029 be1b3126c773b8a07a6e078f2c425aa3

   Binary Packages
   Size : MD5

   cdrtools-2.0-9.i586.rpm
       672260 4f04c73f06d9a1c524806a48c59795a4
   cdrtools-devel-2.0-9.i586.rpm
       496602 f0dc69e2525aef9be1b677ef32a5ea89
   mkisofs-2.0-9.i586.rpm
       478674 de3ae493f085d7e841d8336f61b66cf1

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   cdrtools-2.0-9.src.rpm
      2103029 f28d29b94dc9517406a59fd8d934c7f9

   Binary Packages
   Size : MD5

   cdrtools-2.0-9.i586.rpm
       671704 30173aba8f73337bf875fc095c855979
   cdrtools-devel-2.0-9.i586.rpm
       496706 3c6fdc57dbd94f28736fae3fa4f74853
   mkisofs-2.0-9.i586.rpm
       478790 0b0c20e1c5f84e670e211164fc8efe70

 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cdrtools-2.0-9.src.rpm
      2103029 aa0d05ec9760f08ca21ba230e73112d9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdda2wav-2.0-9.i586.rpm
       166032 ff43311dc4cb87048a59e6147c6105a5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-2.0-9.i586.rpm
       666550 5a77cc19f9cf1f58fa5dc51f04ceb18b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-devel-2.0-9.i586.rpm
       497339 de65b8f21cdf636408cddc04f0f3ef1b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/mkisofs-2.0-9.i586.rpm
       479449 a4a719a4a593cff75eb62ec5a337f1a9


 References:

 CVE
   [CAN-2004-0806]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806


===========================================================
* imlib -> Multiple reported buffer overflow vulnerabilities
===========================================================

 More information :
    Imlib is a display depth-independent image loading and rendering library.

    Multiple buffer overflow vulnerabilities are reported to exist in Imlib.

 Impact :
    Allows remote attackers to execute arbitrary code via malformed image files.

 Affected Products :
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u imlib imlib-cfgeditor imlib-devel

 [other]
 # turbopkg
 or
 # zabom update imlib imlib-cfgeditor imlib-devel
 ---------------------------------------------


 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-7.src.rpm
       667541 c6570195df630130e797228163e60ba1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-7.i586.rpm
       157239 4f4b0f9757fa7b11fa608f9d9a87d25d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-cfgeditor-1.9.14-7.i586.rpm
       235906 05d6ac550ca3abcbf21137189d338325
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-7.i586.rpm
       227003 d1fbaf39ccfa41b93d1f493cf2d43ec8

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-9.src.rpm
       833109 575a131cbe10f1d933b3e1c780a15601

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-9.i586.rpm
       137593 52a6dda17e323dcb18c7e66d994562d8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-9.i586.rpm
       234711 15c1295d9864f3901aa8e36c381cabb4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-9.i586.rpm
       226984 431e9a2e3d3f00911183568cd7a48405

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-9.src.rpm
       833109 57e15f0fea366bb012dba49452c14951

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-9.i586.rpm
       137511 a20c57441ad495d7c3b91b2bef7940d4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-9.i586.rpm
       234724 b7aa88e28e92c2e309f98187d39ba65e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-9.i586.rpm
       226902 9461360152ccf484753308f99b1f2e04

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-6.src.rpm
       791546 a8827407f4f9ed8d9c29634b4a67fdb4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-6.i586.rpm
       127948 2cd3d05c20c7750020d511ece886a8b6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-6.i586.rpm
       218376 d2b032fa3d5cf635b2ae41cce32a2a7c

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-6.src.rpm
       791546 46d8da2102c16ab8969fcaf9d20e9c6a

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-6.i586.rpm
       127902 52a2ed6a20bfcff99538b8ac491c928d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-6.i586.rpm
       233270 9aa7e9b4f8ad959bd94ce8dca56fdc4c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-6.i586.rpm
       218378 a828b365f4954a2811a60911f378c200


 References:

 CVE
   [CAN-2004-0817]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817


===========================================================
* httpd -> Two vulnerabilities discovered in httpd
===========================================================

 More information :
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server.  Apache is also the most popular Web server on the Internet.

    The identified vulnerability is in the apr-util library.

    The buffer overflow occurs when expanding ${ENVVAR} constructs in
    .htaccess or httpd.conf files.

 Impact :
    Allows remote attackers to cause a denial of service of the Apache server.


 Affected Products :
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u httpd httpd-devel httpd-manual mod_ssl
 ---------------------------------------------


 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-6.src.rpm
      6349140 5f7d07ffed7377c7742d6a12985d5464

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-6.i586.rpm
       891145 9a87f6912acfc584752b9436b5023493
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-devel-2.0.48-6.i586.rpm
       304443 ca0b114156d1224560fff651c89a6bfd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-manual-2.0.48-6.i586.rpm
       914827 782a5e709b19f37ce0333ed73fad0aed
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/mod_ssl-2.0.48-6.i586.rpm
        76883 9a35f890210fb547b32a983e33416d8a


 References:

 CVE
   [CAN-2004-0747]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
   [CAN-2004-0786]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBSSIVK0LzjOqIJMwRAuQNAKC6dotXPPOvgLm/J2BkHTn01I1EMQCfZaGd
uGd34EbV5PsMKo+nshlPkGQ=
=qyd7
-----END PGP SIGNATURE-----





Powered by blists - more mailing lists