[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200409161418.26334.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 16/Sep/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 16/Sep/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) krb5 -> Double-free vulnerabilities allow abritrary code execution
(2) php -> Non-filtering of null characters allows processing of dangerous tags
(3) squid -> Vulnerability allowing bypassing of access control lists
(4) samba -> Recently discovered buffer overflow vulnerabilities
(5) cdrtools -> euid program
(6) imlib -> Multiple reported buffer overflow vulnerabilities
(7) httpd -> Two vulnerabilities discovered in httpd
===========================================================
* krb5 -> Double-free vulnerabilities allow abritrary code execution
===========================================================
More information :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.
Double-free vulnerabilities exist in MIT Kerberos 5.
Impact :
Allows remote attackers to execute arbitrary code.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u krb5-devel krb5-libs krb5-server krb5-server
[other]
# turbopkg
or
# zabom update krb5-devel krb5-libs krb5-server krb5-server
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
krb5-1.2.5-15.src.rpm
5517434 ed8f49991f1522edb5bc0a70d8e784c1
Binary Packages
Size : MD5
krb5-devel-1.2.5-15.i586.rpm
538565 4c2a133f8020ce1d496f2a98358f2905
krb5-libs-1.2.5-15.i586.rpm
638443 6f6b12674fcad5cb54f7217710fdab5a
krb5-server-1.2.5-15.i586.rpm
602362 be44d53907e93483422234a8cbca86b4
krb5-workstation-1.2.5-15.i586.rpm
601953 1cbe0486d979fb22cb28667fa173e682
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
krb5-1.2.5-15.src.rpm
5517434 5e5d2206a82188bbc18c4d64d21d79cf
Binary Packages
Size : MD5
krb5-devel-1.2.5-15.i586.rpm
538347 8c5da942c8cce6f96c262e8bb2f01c99
krb5-libs-1.2.5-15.i586.rpm
638600 4caa141b2c6d7a0ab412aaa3436215ea
krb5-server-1.2.5-15.i586.rpm
602767 5610b9e3b3749f9febf04b0c2a517b63
krb5-workstation-1.2.5-15.i586.rpm
601875 1e9b47473730cf84c8e4030bb1a844e1
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/krb5-1.2.5-15.src.rpm
5517434 3b81c31d80f99fa91c3e647fd327337c
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-devel-1.2.5-15.i586.rpm
577318 cb7ef4827cee8789de73c05ee5bf7e73
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-libs-1.2.5-15.i586.rpm
343425 774777d19c467b4a155592193df36acb
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-server-1.2.5-15.i586.rpm
601753 7b73e1c17a36992c2f24079981d53d91
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-workstation-1.2.5-15.i586.rpm
591287 58c3d0ac67c604394c9ac8177231472e
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/krb5-1.2.5-15.src.rpm
5517434 79a0e8ebe4646d2439dff38c61c4697c
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-devel-1.2.5-15.i586.rpm
576177 51e8f5b891bcc849581adbde8260ed61
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-libs-1.2.5-15.i586.rpm
639231 472a5684e98f05f441735814414d1602
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-server-1.2.5-15.i586.rpm
602771 4efde019247ee9e0f07f449424089741
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-workstation-1.2.5-15.i586.rpm
602058 217b68738b9ce8f7a443cbf210336f66
References:
Kerberos: The Network Authentication Protocol
[MIT krb5 Security Advisory 2004-002]
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt
[MIT krb5 Security Advisory 2004-003]
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt
CVE
[CAN-2004-0642]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642
[CAN-2004-0643]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643
[CAN-2004-0644]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644
[CAN-2004-0772]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772
===========================================================
* php -> Non-filtering of null characters allows processing of dangerous tags
===========================================================
More information :
PHP is an HTML-embedded scripting language.
The strip_tags function in PHP, does not filter null (\0) characters
within tag names when restricting input to allowed tags.
This allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari, which ignore null characters; this facilitates the
exploitation of cross-site scripting (XSS) vulnerabilities.
Impact :
Bug allows dangerous tags to be processed by web browsers such as Internet
Explorer and Safari.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update php php-gd php-imap php-ldap php-manual php-mysql php-pgsql
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
php-4.2.3-19.src.rpm
3595053 c5665ad3dfdc9b2c47df0324e328839c
Binary Packages
Size : MD5
php-4.2.3-19.i586.rpm
1631015 77b646a14c8f3ee3f19dac0ad449bb5d
php-gd-4.2.3-19.i586.rpm
30936 41f5017420fe063f3398fa916d80c02d
php-imap-4.2.3-19.i586.rpm
8924 0f6327426c38c905578a517d56cd8c8f
php-ldap-4.2.3-19.i586.rpm
24373 587fb2a24cd98de18b1a3a137245d56b
php-manual-4.2.3-19.i586.rpm
341528 cd81ac7b368b227e2edd1603f9cc5e48
php-ming-4.2.3-19.i586.rpm
32944 1739caa35757dd9b4d3a5d59f5bd256c
php-mysql-4.2.3-19.i586.rpm
90514 190b14a4a296773ab4af7c258aa197c2
php-pgsql-4.2.3-19.i586.rpm
35173 346b240a7e308808e8521fe2ed667b4b
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
php-4.2.3-19.src.rpm
3595053 c8783be19d61d2273c78a9303ef27358
Binary Packages
Size : MD5
php-4.2.3-19.i586.rpm
1631015 cc062d269ab438d266623e0fd699fe06
php-gd-4.2.3-19.i586.rpm
30936 f16e2ee4c1c77842b88a72f84b741ccc
php-imap-4.2.3-19.i586.rpm
8924 26cb4e93c285ffb1b67630b3f8690f21
php-ldap-4.2.3-19.i586.rpm
24373 c0e61dbec891cdcf6068a33b42ac4eeb
php-manual-4.2.3-19.i586.rpm
341528 6cf984f840d4ae781f0e15052ec2c1b6
php-ming-4.2.3-19.i586.rpm
32944 00331f4b38361c4700f5510a67b1ef89
php-mysql-4.2.3-19.i586.rpm
90514 d4d8546a52ca7b25c75066b02c48f99b
php-pgsql-4.2.3-19.i586.rpm
35173 9da7ffe196a63ac4535f8200840d5219
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-18.src.rpm
3594911 b8cfa0df501e49b5b3f0e07129157097
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-18.i586.rpm
1630931 c0931e43f76440e1228c87a845219cf8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
30794 387736b1a1bcae63c15ad2c9a0c22d9c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
8778 5fc23ff382c1c65f78279b8a2cab0aa1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
24242 9dea304cc1189e525cd1663e3135c0f4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
341339 a614767749adab8e73d13de90c87fc1a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
32790 15df856e70940df33b9c0b8eb20d8ad7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
90377 0ac3a2fe05f05f9a18a32f1b46350e73
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
35044 7b9e0325c77e699c07511d4c155f6701
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-18.src.rpm
3594911 53572cc94259f49e5b1431afd60738cf
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-18.i586.rpm
1631918 7de3bbc72e4ec14cc076f40975b576d1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-18.i586.rpm
30750 00d7e52198c52a84bf3b6a01b74ed09e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-18.i586.rpm
8778 f48ba9d576d56ffe1dade4a08c1d69d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
24251 6335de34555ab561591b44932977597b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-18.i586.rpm
341306 1ba564f74da044e2cba3ebca42c0445d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-18.i586.rpm
32765 294b36a3c4fda4678b0d483566489435
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
90390 cf762723f2372ceaae9aafe1d435fefe
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
35006 d893b278914eb9131069c0420d8bd08b
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-18.src.rpm
3594911 cf77d9a9c0f2c2867dea80071db19d66
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-18.i586.rpm
1603039 87887fbe74a6f1fa3fab6871db182850
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
8789 36db776c43e3b28ea5985a359fb9734f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
23812 5faaa8a4a2d9159acb0390054646b86e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
341234 95687623e096bf7560dddab45c9b295b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
86194 5d5c6d7a371159773c76c43ce2ffc57f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
34876 8c87aec01c6a7ac4874d0344aa8707b3
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/php-4.2.3-18.src.rpm
3594911 f30e9ec8cafd458f84ccb4dda299b8e1
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-4.2.3-18.i586.rpm
1602159 07c7d83963a28e69b90ec0d95590acfc
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-imap-4.2.3-18.i586.rpm
8782 5e1eb57bf77ab85142b2a9da349786ae
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-ldap-4.2.3-18.i586.rpm
23800 b076306891335cf0b46f0d8a70d82078
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-manual-4.2.3-18.i586.rpm
341187 259382021ddfe2f0cf13f655c3bc7c6c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-mysql-4.2.3-18.i586.rpm
86170 bcf6637eca00621f9e7cd11a630678a6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-pgsql-4.2.3-18.i586.rpm
34546 a4b2ca701c271ad27a1d553420fd7093
Notice :
After performing the update, it is necessary to restart the httpd daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/httpd restart
or
# /etc/rc.d/init.d/httpd restart
---------------------------------------------
References:
CVE
[CAN-2004-0595]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
===========================================================
* squid -> Vulnerability allowing bypassing of access control lists
===========================================================
More information :
Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional caching
software, Squid handles all requests in a single, non-blocking, I/O-driven
process. Squid contains a bug in the "%xx" URL decoding function.
Impact :
Squid allows users to bypass certain access controls.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop]
# turboupdate
# zabom --update squid
[Other]
# turbopkg
# zabom update squid
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
squid-2.5.STABLE6-9.src.rpm
1537249 adefcef8e5ea06b761c5b24b4625ca17
Binary Packages
Size : MD5
squid-2.5.STABLE6-9.i586.rpm
825027 d89f00274f13f48aed8febbc4d6074da
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
squid-2.5.STABLE6-9.src.rpm
1537249 2b43bbc54587ead378e42fc7741db10b
Binary Packages
Size : MD5
squid-2.5.STABLE6-9.i586.rpm
825233 92cd7330fba772036ffd8133e228a7e8
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
1537103 75a80e22d6114bbaced972e834623bc5
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
825297 349d1ac00a370a4f74dff6561d14af99
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
1537103 442eab27d98907ae17c463e6659f4d75
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
826938 3b2bab2fe5e77f7a69e05081df29f26c
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
1537103 eefd85164d1615bf43aa0cc2e1f03ab6
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
831095 4962a5bd06f88fea0ce9139084c07617
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-7.src.rpm
1537103 95bcaafa47d7362b5d8ea4c823c2d1d4
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-7.i586.rpm
830754 5b85fedb0652e6280dcca9f4a64c6488
Notice :
After performing the update, it is necessary to restart the squid daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/squid restart
or
# /etc/rc.d/init.d/squid restart
---------------------------------------------
References:
www.squid-cache.org
[Squid Proxy Cache Security Update Advisory SQUID-2004:1]
http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
CVE
[CAN-2004-0189]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189
===========================================================
* samba -> Recently discovered buffer overflow vulnerabilities
===========================================================
More information :
Samba is an Open Source/Free Software suite that provides seamless file
and print services to SMB/CIFS clients. Samba is freely available,
unlike other SMB/CIFS implementations, and allows for interoperability
between Linux/Unix servers and Windows-based clients.
Buffer overflow vulnerabilities have been discovered in Samba.
Impact :
The vulnerabilities allow remote attackers to cause a denial of service
of Samba server services.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u samba samba-devel smbfs
[other]
# turbopkg
or
# zabom update samba samba-devel smbfs
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
samba-2.2.7a-9jaJP.src.rpm
7155061 8ca20f8ef7abff0378e156f6e9bfe691
Binary Packages
Size : MD5
samba-2.2.7a-9jaJP.i586.rpm
11138937 732a5963e730fbf32c246e8530454c8d
samba-devel-2.2.7a-9jaJP.i586.rpm
498335 e75b73f05219d89601d9019c3297c67d
smbfs-2.2.7a-9jaJP.i586.rpm
628623 d3c6953e5151682716063c1e24f1b0b9
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
samba-2.2.7a-9jaJP.src.rpm
7155061 24f6ebac45b185817cbe8231971dcd9b
Binary Packages
Size : MD5
samba-2.2.7a-9jaJP.i586.rpm
11156327 6f227785d0b437fca45174e329663fd7
samba-devel-2.2.7a-9jaJP.i586.rpm
498628 bc0bac91bf5c3949de1323f053dd4717
smbfs-2.2.7a-9jaJP.i586.rpm
627672 3126e92cf4a7b362e453bc1f4080d891
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
7155061 8054927fe099982a397ac760ebc58d0c
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
11164913 358acd4f1e0275f790bfa3e35c716a93
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
512109 e7f669d855d34ed44ae6565a6466827e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
639529 829fe8f003115948175e4cae8597ab0c
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
7155061 9c9d4d37608c616e6b57f6c973bb7af5
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
11156883 4b1d3ff6391208bb1deb9fee7684a0ef
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
498741 3ea5d49c2241ac4ea559c03b339e911f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
627730 abe304db0bcccceb7f70103748ced80d
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
7155061 9f06dd9aeef0e728e3306c1437c8986a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
11156590 69ed28551d3d56c8d167afa0c112d3d1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
499299 d10f2ad626244e714896947a4476c36f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
628307 896bf734f803d586e2b4a1a13fcb62fd
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
7155061 c37a745290cc3cfb95f15930851ae7f7
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
11023429 77113ab8d22afcfc293638b28cb1fea2
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
492829 cf806c7080241e15b0fea2900b2e5d50
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
612783 01ec4e0edc4020d2ef99bfa47a2279a8
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/samba-2.2.7a-9jaJP.src.rpm
7155061 d6fec4fc966dcb092ab90ec6b6ecd737
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-2.2.7a-9jaJP.i586.rpm
11025378 bc2912f826163a4bbf0c7d642e2f246f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-devel-2.2.7a-9jaJP.i586.rpm
492071 80ad52dc4b60246b2b54644d62fe41c5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/smbfs-2.2.7a-9jaJP.i586.rpm
612799 40f4bcbd87fb84e7131d3718f94bbcab
References:
samba
[Release Notes for Samba 2.2.11]
http://us1.samba.org/samba/history/samba-2.2.11.html
CVE
[CAN-2004-0186]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
[CAN--2004-0686]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
[CAN-2004-0829]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0829
===========================================================
* cdrtools -> euid program
===========================================================
More information :
cdrtools is a collection of CD/DVD utilities.
cdrecord, which is set-uid root, fails to drop the effective UID (of
root -- euid=0) when it exec()s a program specified by the user via the
$RSH environment variable.
Impact :
Allows local users to gain root privileges.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u cdda2wav cdrtools cdrtools-devel mkisofs
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
cdrtools-2.0-9.src.rpm
2103029 be1b3126c773b8a07a6e078f2c425aa3
Binary Packages
Size : MD5
cdrtools-2.0-9.i586.rpm
672260 4f04c73f06d9a1c524806a48c59795a4
cdrtools-devel-2.0-9.i586.rpm
496602 f0dc69e2525aef9be1b677ef32a5ea89
mkisofs-2.0-9.i586.rpm
478674 de3ae493f085d7e841d8336f61b66cf1
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
cdrtools-2.0-9.src.rpm
2103029 f28d29b94dc9517406a59fd8d934c7f9
Binary Packages
Size : MD5
cdrtools-2.0-9.i586.rpm
671704 30173aba8f73337bf875fc095c855979
cdrtools-devel-2.0-9.i586.rpm
496706 3c6fdc57dbd94f28736fae3fa4f74853
mkisofs-2.0-9.i586.rpm
478790 0b0c20e1c5f84e670e211164fc8efe70
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cdrtools-2.0-9.src.rpm
2103029 aa0d05ec9760f08ca21ba230e73112d9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdda2wav-2.0-9.i586.rpm
166032 ff43311dc4cb87048a59e6147c6105a5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-2.0-9.i586.rpm
666550 5a77cc19f9cf1f58fa5dc51f04ceb18b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cdrtools-devel-2.0-9.i586.rpm
497339 de65b8f21cdf636408cddc04f0f3ef1b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/mkisofs-2.0-9.i586.rpm
479449 a4a719a4a593cff75eb62ec5a337f1a9
References:
CVE
[CAN-2004-0806]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806
===========================================================
* imlib -> Multiple reported buffer overflow vulnerabilities
===========================================================
More information :
Imlib is a display depth-independent image loading and rendering library.
Multiple buffer overflow vulnerabilities are reported to exist in Imlib.
Impact :
Allows remote attackers to execute arbitrary code via malformed image files.
Affected Products :
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u imlib imlib-cfgeditor imlib-devel
[other]
# turbopkg
or
# zabom update imlib imlib-cfgeditor imlib-devel
---------------------------------------------
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-7.src.rpm
667541 c6570195df630130e797228163e60ba1
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-7.i586.rpm
157239 4f4b0f9757fa7b11fa608f9d9a87d25d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-cfgeditor-1.9.14-7.i586.rpm
235906 05d6ac550ca3abcbf21137189d338325
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-7.i586.rpm
227003 d1fbaf39ccfa41b93d1f493cf2d43ec8
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-9.src.rpm
833109 575a131cbe10f1d933b3e1c780a15601
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-9.i586.rpm
137593 52a6dda17e323dcb18c7e66d994562d8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-9.i586.rpm
234711 15c1295d9864f3901aa8e36c381cabb4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-9.i586.rpm
226984 431e9a2e3d3f00911183568cd7a48405
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-9.src.rpm
833109 57e15f0fea366bb012dba49452c14951
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-9.i586.rpm
137511 a20c57441ad495d7c3b91b2bef7940d4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-9.i586.rpm
234724 b7aa88e28e92c2e309f98187d39ba65e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-9.i586.rpm
226902 9461360152ccf484753308f99b1f2e04
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-6.src.rpm
791546 a8827407f4f9ed8d9c29634b4a67fdb4
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-6.i586.rpm
127948 2cd3d05c20c7750020d511ece886a8b6
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-6.i586.rpm
218376 d2b032fa3d5cf635b2ae41cce32a2a7c
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-6.src.rpm
791546 46d8da2102c16ab8969fcaf9d20e9c6a
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-6.i586.rpm
127902 52a2ed6a20bfcff99538b8ac491c928d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-6.i586.rpm
233270 9aa7e9b4f8ad959bd94ce8dca56fdc4c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-6.i586.rpm
218378 a828b365f4954a2811a60911f378c200
References:
CVE
[CAN-2004-0817]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817
===========================================================
* httpd -> Two vulnerabilities discovered in httpd
===========================================================
More information :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
The identified vulnerability is in the apr-util library.
The buffer overflow occurs when expanding ${ENVVAR} constructs in
.htaccess or httpd.conf files.
Impact :
Allows remote attackers to cause a denial of service of the Apache server.
Affected Products :
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u httpd httpd-devel httpd-manual mod_ssl
---------------------------------------------
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-6.src.rpm
6349140 5f7d07ffed7377c7742d6a12985d5464
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-6.i586.rpm
891145 9a87f6912acfc584752b9436b5023493
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-devel-2.0.48-6.i586.rpm
304443 ca0b114156d1224560fff651c89a6bfd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-manual-2.0.48-6.i586.rpm
914827 782a5e709b19f37ce0333ed73fad0aed
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/mod_ssl-2.0.48-6.i586.rpm
76883 9a35f890210fb547b32a983e33416d8a
References:
CVE
[CAN-2004-0747]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
[CAN-2004-0786]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBSSIVK0LzjOqIJMwRAuQNAKC6dotXPPOvgLm/J2BkHTn01I1EMQCfZaGd
uGd34EbV5PsMKo+nshlPkGQ=
=qyd7
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists