| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200410052230.26079.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 05/Oct/2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 05/Oct/2004
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) squid -> DoS vulnerability in squid
(2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
===========================================================
* squid -> DoS vulnerability in squid
===========================================================
More information :
Squid is a high-performance proxy caching server for web clients, supporting
FTP, gopher, and HTTP data objects. Unlike traditional caching software,
Squid handles all requests in a single, non-blocking, I/O-driven process.
A vulnerability in the NTLM helpers in squid.
Impact :
The vulnerabilities allow remote attackers to cause a denial of service of sauid server services.
Affected Products :
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u squid
[other]
# turbopkg
or
# zabom update squid
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
squid-2.5.STABLE6-11.src.rpm
1538211 ff3e34c4b8c71d250f2781179ceec73a
Binary Packages
Size : MD5
squid-2.5.STABLE6-11.i586.rpm
825195 85c3b583674e0ac0695c4cbf0404e586
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
squid-2.5.STABLE6-11.src.rpm
1538211 6b6d400ee15ee97ac6f7e98fbea26e50
Binary Packages
Size : MD5
squid-2.5.STABLE6-11.i586.rpm
825663 bed921f91e657975cc6c72d2ea8f29d4
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 b28eeeb88347c668fdb9938c4c1cd438
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
825370 335f0fe78cfb204c86ff5b05d12bfd34
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 181d72c2668f72b6e50190f784421bed
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
825810 5e52e49f4be6e555f57b38ffb241c455
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 45fd66fc13713b40beb996f664460f0e
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
829880 e2a6cf6b67a7c74249b23bce5a4adedf
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
1538211 191eab57b2adcecf91ceb4b34c94de09
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
830034 d6142042afcd410376e5a875c5436bc9
Notice :
After performing the update, it is necessary to restart the squid daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/squid restart
or
# /etc/rc.d/init.d/squid restart
---------------------------------------------
References:
CVE
[CAN-2004-0832]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832
===========================================================
* ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
===========================================================
More information :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
Photo CD image file formats.
Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
attackers to execute arbitrary code via a malformed image or video file.
Impact :
These vulnerabilities may allow remote attackers to execute arbitrary
code via a malformed image or video file in AVI or BMP formats.
Affected Products :
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Desktop, Turbolinux 10 F...]
# zabom -u ImageMagick ImageMagick-devel
[other]
# turbopkg
or
# zabom update ImageMagick ImageMagick-devel
---------------------------------------------
<Turbolinux 10 Desktop, Turbolinux 10 F...>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm
5274681 6a9d3c1b208049830e7086b9aae75fe7
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm
2397224 dea16cf3ee2ce38381e3d2679ad8fa3c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm
555804 840cc5d2ec79afd5cfdbf4223f625195
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm
3614849 bb43185f084dd6e32f10694f35fb513d
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm
3207676 6839799de74d7439334a875a097b6049
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm
1392173 d0af80e68a129fd41d301b7ec3469ff5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm
855821 be80bb2b23c8b87ab831bb99201b85c8
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm
60163 1281a234915115227a2bb2fa5071d6c7
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm
3665019 ae1a64cf87ea0e6598ca147abd3349e4
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm
3668565 d065de9b0d5a58b6393cc4805e0eb405
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-3.i586.rpm
971835 df0dda9a20ad43b2a8b3ee7a5313f6a8
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
3656626 6197f1b2ff6d1a831d532a3fce210f94
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
3038600 0276001bdf52d75ab65dcac7ff4ebb49
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
1267440 9e21404db4bf10a005a89f974fd8558e
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
3656626 084f8247af6313928f5dcdae20ed9713
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
1267050 a3e0ef2ac5bd589f453f5ab529981fab
References:
CVE
[CAN-2004-0827]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5
D6e2lOCXUmCWuYNVxpgAvWY=
=qIgj
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists