lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200501131941.27927.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 13/Jan/2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 13/Jan/2005
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) php -> Multiple vulnerabilities in php
 (2) httpd -> Multiple vulnerabilities in httpd

===========================================================
* php -> Multiple vulnerabilities in php
===========================================================

 More information :
    PHP is an HTML-embedded scripting language.

    Buffer overflow vulnerabilities have been discovered in the nserialize
    and exif_read_data functions of PHP.

 Impact :
    The vulnerabilities can allow remote attackers to cause a denial of
    service and possibly execute arbitrary code.

 Affected Products :
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # zabom -u php4 php4-gd php4-imap php4-ldap php4-manual php4-ming php4-mysql php4-pgsql

 [other]
 # turbopkg
 or
 # zabom update php php-gd php-imap php-ldap php-manual php-ming php-mysql php-pgsql
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.8-11.src.rpm
     12304115 3cec9c192cb53ab27459a9862efc5d9d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-4.3.8-11.i586.rpm
      5137588 13f6d61aefd07e7674a174e73f95dac1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-debug-4.3.8-11.i586.rpm
      6519408 77094cb1256cc9f9b72fa95ffa557961
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-gd-4.3.8-11.i586.rpm
        44804 2e5dbdf7a3cd6c4d9d335b9d0454690f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-imap-4.3.8-11.i586.rpm
        10763 981373ebead5f89c3ad21849ab64bb9a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ldap-4.3.8-11.i586.rpm
        34436 65670f263735f2645c4126b19a8913ff
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-manual-4.3.8-11.i586.rpm
      7502182 65dbe4e60bda685fce0d3ad2f1551457
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ming-4.3.8-11.i586.rpm
        45536 98ed5c3c7b22d2496e953d8d074de558
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-mysql-4.3.8-11.i586.rpm
       119870 c8c8bf249d106d78a5be7358ff247cf4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-pgsql-4.3.8-11.i586.rpm
        68887 8a51ec5a9cd5833c4ae9c43d629ea252

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-7.src.rpm
      4179207 9407355f70cbc4c14ea9bfdfac154015

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-7.i586.rpm
      2735662 f4dd577a3b8bc5c33cc73cc015cb6584
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-7.i586.rpm
        30563 85965bd7a78ad8bf30eb7a9aed065e1f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-7.i586.rpm
         9256 e41b9edacac390204979dc7e1f9f2d61
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-7.i586.rpm
        23627 0abf252cbe840e040f8ece116631ffd5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-7.i586.rpm
       341639 ee222270c41de1653554112bb302ce73
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-7.i586.rpm
        30139 cb32cd256566b288640628ca38278dac
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-7.i586.rpm
        81109 3f36b87058d8378e6c584920835703ee
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-7.i586.rpm
        47675 60777bad904b8014043c8287d3e00e4e

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-24.src.rpm
      3596640 4f2aea3ebf6ff00dc2f9ef2185c629e7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-24.i586.rpm
      1632058 776e270a3567b5c2d186544cfd495a6c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-24.i586.rpm
        31216 87fbf08da30e4ae58ba7fa46aefecc8b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-24.i586.rpm
         9235 d8cf0364ce2faf7b1f26c356629b3acd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
        24685 ac6bfe61cadcb49519415c7f6a09f0fd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-24.i586.rpm
       341741 3b83b1f9ef2d4ac998cf456a78b7182f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-24.i586.rpm
        33237 9e8f23b30be928c175d72e4bb7407f4f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
        90789 c10689afe393966cae1fd43911c2f0fd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
        35467 ef15fd420e89ab8d8284534b4da8dcc1

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-24.src.rpm
      3596640 c49321398dcc7f999d5ec7c459f12954

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-24.i586.rpm
      1632174 465f0707e702870b8c68fd69f38cf3bc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-24.i586.rpm
        31232 d65bfbd198da2fa27adb30da07b46cdd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-24.i586.rpm
         9234 2751549b7027dd2c5b09a759778d3793
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
        24679 895f5387463625de0a5aca57e02de557
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-24.i586.rpm
       341765 12d2bd9bf6ca4848b3c41a5f1539ea74
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-24.i586.rpm
        33223 1174db9d2d84427a41e67957e4fdea6b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
        90840 c4a492770d25472acce0c41f95e75a1f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
        35512 9dd622d90b73e1f5fbe979870eaa2172

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-24.src.rpm
      3596640 a8c3b99e7674f8a2fe119b427a02e939

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-24.i586.rpm
      1603262 5586a4dde1f5acb861d9982a2a057630
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-24.i586.rpm
         9236 07b780d86295569b599a6c7467480ad8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
        24242 3b1e22d2a11d793f1911da084d6d19b3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-24.i586.rpm
       341734 8390e86c4174e52bf7fa69f8b7b693db
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
        86660 a12aa6e7ef466d734331faa0cf6dd42d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
        35327 1411e61b2aad435eb13207ee2dc3407e

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/php-4.2.3-24.src.rpm
      3596640 7f85391671841ef657f3128d924c6c76

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-4.2.3-24.i586.rpm
      1602364 9eed8b51ca59989eda6728813717be33
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-imap-4.2.3-24.i586.rpm
         9237 1742ab7b7814a3cd61597a32a0c6ebe6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
        24250 223cca0fe750193ba65849379753daaf
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-manual-4.2.3-24.i586.rpm
       341732 9cc93603cb0f12480198bfdcf7a4da57
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
        86625 70e412ef96b3e804de8ee34c1a39aa33
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
        34982 64b4fc35c3e1a456862c5ef26d541432


 Notice:
    After performing the update, it is necessary to restart the httpd daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/httpd restart
 or
 # /etc/rc.d/init.d/httpd restart
 ---------------------------------------------

 References:

 CVE
   [CAN-2004-1019]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
   [CAN-2004-1065]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065


===========================================================
* httpd -> Multiple vulnerabilities in httpd
===========================================================

 More information :
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server.  Apache is also the most popular Web server on the Internet.

    Please refer to the References section for further information.

 Impact :
    The vulnerabilities could allow remote attackers to cause a denial of
    service and possibly execute arbitrary code.

 Affected Products :
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ----------------------------------------
 [Turbolinux 10 Server]
 # zabom -u httpd httpd-debug httpd-devel httpd-manual mod_bwshare mod_ssl

 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # zabom -u httpd
 ----------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-8.src.rpm
      6842122 6f911bda264f6b7b9989f5c1e81d4ac0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-2.0.51-8.i586.rpm
      1032135 214e7c3d1c27cd45e0791d0f85d0d087
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-debug-2.0.51-8.i586.rpm
      3238970 965c8ca35632af6c9bb1360d1fa42e40
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-devel-2.0.51-8.i586.rpm
       222848 dde33db66f69d76c1a87edca5298b9d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-manual-2.0.51-8.i586.rpm
      1130005 e931dda35b3bdd4261318ee1435b6f6c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_bwshare-2.0.51-8.i586.rpm
        39007 9722beda50813c05b89e85d49da54e11
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_ssl-2.0.51-8.i586.rpm
        86975 f949a8b78974c746446467c077b6e604

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-15.src.rpm
      6315957 5264ab25976140082ab5310ea8c15ec9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-15.i586.rpm
       892409 4f78d678fc9b9da1db1af6779f3627e0


 Notice:
    After performing the update, it is necessary to restart the httpd daemon.
    To do this, run the following command as the root user.
 ---------------------------------------------
 # /etc/init.d/httpd restart
 or
 # /etc/rc.d/init.d/httpd restart
 ---------------------------------------------

 References:

 www.apache.org
   [CHANGES_2.0]
   http://www.apache.org/dist/httpd/CHANGES_2.0

 CVE
   [CAN-2004-0488]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
   [CAN-2004-0748]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
   [CAN-2004-0751]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
   [CAN-2004-0809]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809
   [CAN-2004-0885]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
   [CAN-2004-0942]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942

 fixed points:

   [Turbolinux 10 Server]
   CAN-2004-0855, CAN-2004-0942

   [Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
   CAN-2004-0488, CAN-2004-0748, CAN-2004-0751,
   CAN-2004-0809, CAN-2004-0885, CAN-2004-0942


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update/

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB5lBVK0LzjOqIJMwRAh3gAJ0eDL5ovJpmmFRd007WVmxweA2qzgCgtFXq
80Xj8CGykz854sCVQQXql+A=
=BrUw
-----END PGP SIGNATURE-----





Powered by blists - more mailing lists