| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 13/Jan/2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 13/Jan/2005
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) php -> Multiple vulnerabilities in php
(2) httpd -> Multiple vulnerabilities in httpd
===========================================================
* php -> Multiple vulnerabilities in php
===========================================================
More information :
PHP is an HTML-embedded scripting language.
Buffer overflow vulnerabilities have been discovered in the nserialize
and exif_read_data functions of PHP.
Impact :
The vulnerabilities can allow remote attackers to cause a denial of
service and possibly execute arbitrary code.
Affected Products :
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
Solution :
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# zabom -u php4 php4-gd php4-imap php4-ldap php4-manual php4-ming php4-mysql php4-pgsql
[other]
# turbopkg
or
# zabom update php php-gd php-imap php-ldap php-manual php-ming php-mysql php-pgsql
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.8-11.src.rpm
12304115 3cec9c192cb53ab27459a9862efc5d9d
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-4.3.8-11.i586.rpm
5137588 13f6d61aefd07e7674a174e73f95dac1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-debug-4.3.8-11.i586.rpm
6519408 77094cb1256cc9f9b72fa95ffa557961
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-gd-4.3.8-11.i586.rpm
44804 2e5dbdf7a3cd6c4d9d335b9d0454690f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-imap-4.3.8-11.i586.rpm
10763 981373ebead5f89c3ad21849ab64bb9a
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ldap-4.3.8-11.i586.rpm
34436 65670f263735f2645c4126b19a8913ff
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-manual-4.3.8-11.i586.rpm
7502182 65dbe4e60bda685fce0d3ad2f1551457
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ming-4.3.8-11.i586.rpm
45536 98ed5c3c7b22d2496e953d8d074de558
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-mysql-4.3.8-11.i586.rpm
119870 c8c8bf249d106d78a5be7358ff247cf4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-pgsql-4.3.8-11.i586.rpm
68887 8a51ec5a9cd5833c4ae9c43d629ea252
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-7.src.rpm
4179207 9407355f70cbc4c14ea9bfdfac154015
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-7.i586.rpm
2735662 f4dd577a3b8bc5c33cc73cc015cb6584
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-7.i586.rpm
30563 85965bd7a78ad8bf30eb7a9aed065e1f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-7.i586.rpm
9256 e41b9edacac390204979dc7e1f9f2d61
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-7.i586.rpm
23627 0abf252cbe840e040f8ece116631ffd5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-7.i586.rpm
341639 ee222270c41de1653554112bb302ce73
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-7.i586.rpm
30139 cb32cd256566b288640628ca38278dac
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-7.i586.rpm
81109 3f36b87058d8378e6c584920835703ee
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-7.i586.rpm
47675 60777bad904b8014043c8287d3e00e4e
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-24.src.rpm
3596640 4f2aea3ebf6ff00dc2f9ef2185c629e7
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-24.i586.rpm
1632058 776e270a3567b5c2d186544cfd495a6c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-24.i586.rpm
31216 87fbf08da30e4ae58ba7fa46aefecc8b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-24.i586.rpm
9235 d8cf0364ce2faf7b1f26c356629b3acd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
24685 ac6bfe61cadcb49519415c7f6a09f0fd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-24.i586.rpm
341741 3b83b1f9ef2d4ac998cf456a78b7182f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-24.i586.rpm
33237 9e8f23b30be928c175d72e4bb7407f4f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
90789 c10689afe393966cae1fd43911c2f0fd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
35467 ef15fd420e89ab8d8284534b4da8dcc1
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-24.src.rpm
3596640 c49321398dcc7f999d5ec7c459f12954
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-24.i586.rpm
1632174 465f0707e702870b8c68fd69f38cf3bc
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-24.i586.rpm
31232 d65bfbd198da2fa27adb30da07b46cdd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-24.i586.rpm
9234 2751549b7027dd2c5b09a759778d3793
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
24679 895f5387463625de0a5aca57e02de557
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-24.i586.rpm
341765 12d2bd9bf6ca4848b3c41a5f1539ea74
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-24.i586.rpm
33223 1174db9d2d84427a41e67957e4fdea6b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
90840 c4a492770d25472acce0c41f95e75a1f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
35512 9dd622d90b73e1f5fbe979870eaa2172
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-24.src.rpm
3596640 a8c3b99e7674f8a2fe119b427a02e939
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-24.i586.rpm
1603262 5586a4dde1f5acb861d9982a2a057630
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-24.i586.rpm
9236 07b780d86295569b599a6c7467480ad8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
24242 3b1e22d2a11d793f1911da084d6d19b3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-24.i586.rpm
341734 8390e86c4174e52bf7fa69f8b7b693db
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
86660 a12aa6e7ef466d734331faa0cf6dd42d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
35327 1411e61b2aad435eb13207ee2dc3407e
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/php-4.2.3-24.src.rpm
3596640 7f85391671841ef657f3128d924c6c76
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-4.2.3-24.i586.rpm
1602364 9eed8b51ca59989eda6728813717be33
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-imap-4.2.3-24.i586.rpm
9237 1742ab7b7814a3cd61597a32a0c6ebe6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-ldap-4.2.3-24.i586.rpm
24250 223cca0fe750193ba65849379753daaf
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-manual-4.2.3-24.i586.rpm
341732 9cc93603cb0f12480198bfdcf7a4da57
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-mysql-4.2.3-24.i586.rpm
86625 70e412ef96b3e804de8ee34c1a39aa33
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/php-pgsql-4.2.3-24.i586.rpm
34982 64b4fc35c3e1a456862c5ef26d541432
Notice:
After performing the update, it is necessary to restart the httpd daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/httpd restart
or
# /etc/rc.d/init.d/httpd restart
---------------------------------------------
References:
CVE
[CAN-2004-1019]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
[CAN-2004-1065]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065
===========================================================
* httpd -> Multiple vulnerabilities in httpd
===========================================================
More information :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
Please refer to the References section for further information.
Impact :
The vulnerabilities could allow remote attackers to cause a denial of
service and possibly execute arbitrary code.
Affected Products :
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution :
Please use the turbopkg (zabom) tool to apply the update.
----------------------------------------
[Turbolinux 10 Server]
# zabom -u httpd httpd-debug httpd-devel httpd-manual mod_bwshare mod_ssl
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# zabom -u httpd
----------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-8.src.rpm
6842122 6f911bda264f6b7b9989f5c1e81d4ac0
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-2.0.51-8.i586.rpm
1032135 214e7c3d1c27cd45e0791d0f85d0d087
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-debug-2.0.51-8.i586.rpm
3238970 965c8ca35632af6c9bb1360d1fa42e40
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-devel-2.0.51-8.i586.rpm
222848 dde33db66f69d76c1a87edca5298b9d7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-manual-2.0.51-8.i586.rpm
1130005 e931dda35b3bdd4261318ee1435b6f6c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_bwshare-2.0.51-8.i586.rpm
39007 9722beda50813c05b89e85d49da54e11
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_ssl-2.0.51-8.i586.rpm
86975 f949a8b78974c746446467c077b6e604
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-15.src.rpm
6315957 5264ab25976140082ab5310ea8c15ec9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-15.i586.rpm
892409 4f78d678fc9b9da1db1af6779f3627e0
Notice:
After performing the update, it is necessary to restart the httpd daemon.
To do this, run the following command as the root user.
---------------------------------------------
# /etc/init.d/httpd restart
or
# /etc/rc.d/init.d/httpd restart
---------------------------------------------
References:
www.apache.org
[CHANGES_2.0]
http://www.apache.org/dist/httpd/CHANGES_2.0
CVE
[CAN-2004-0488]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
[CAN-2004-0748]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
[CAN-2004-0751]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
[CAN-2004-0809]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809
[CAN-2004-0885]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
[CAN-2004-0942]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
fixed points:
[Turbolinux 10 Server]
CAN-2004-0855, CAN-2004-0942
[Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
CAN-2004-0488, CAN-2004-0748, CAN-2004-0751,
CAN-2004-0809, CAN-2004-0885, CAN-2004-0942
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update/
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB5lBVK0LzjOqIJMwRAh3gAJ0eDL5ovJpmmFRd007WVmxweA2qzgCgtFXq
80Xj8CGykz854sCVQQXql+A=
=BrUw
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists