lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501201536.01355.security-announce@turbolinux.co.jp> From: security-announce at turbolinux.co.jp (Turbolinux) Subject: [TURBOLINUX SECURITY INFO] 20/Jan/2005 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 20/Jan/2005 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) xpdf -> Buffer overflow (2) libtiff -> Multiple vulnerabilities in libtiff (3) XFree86 -> Multiple vulnerabilities in libXpm (4) imlib -> Two vulnerabilities discovered in imlib =========================================================== * xpdf -> Buffer overflow =========================================================== More information: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. The buffer overflow was found in the Gfx::doImage function in Gfx.cc in xpdf version 3.00. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed PDF files. Affected Products: - Turbolinux 10 Server Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom -u xpdf --------------------------------------------- <Turbolinux 10 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/xpdf-3.00-5.src.rpm 4604490 d33abd903ee32d277260d1c230dcfe70 References: CVE [CAN-2004-1125] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 =========================================================== * libtiff -> Multiple vulnerabilities in libtiff =========================================================== More information: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. Multiple issues exist in libtiff: - Multiple vulnerabilities in libtiff's RLE (run length encoding) decoders - Vulnerability in tif_dirread.c - Multiple integer overflows - Integer overflow in tif_dirread.c and tif_fax3.c Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed TIFF image files. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u libtiff [other] # turbopkg or # zabom update libtiff --------------------------------------------- <Turbolinux Appliance Server 1.0 Hosting Edition> Source Packages Size: MD5 libtiff-3.5.7-7.src.rpm 972878 ed8bd0ef2bf2a1931610e91713a8d7c4 Binary Packages Size: MD5 libtiff-3.5.7-7.i586.rpm 316109 2653e065f0c5fbc95c850a1dbf8ce385 <Turbolinux Appliance Server 1.0 Workgroup Edition> Source Packages Size: MD5 libtiff-3.5.7-7.src.rpm 972878 0fd2512f0caa91f27d80619bdd246d51 Binary Packages Size: MD5 libtiff-3.5.7-7.i586.rpm 316422 00d6b827b50c02990eec3768ae92d4c9 <Turbolinux 10 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libtiff-3.6.1-4.src.rpm 1093717 362993a9fe4c86ebe19b244210a2b6cf Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-3.6.1-4.i586.rpm 232659 0f1d0d2fb52c72d38cd9a4964d50ba25 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-debug-3.6.1-4.i586.rpm 256539 3dfa5531c4c29444b7ee939f97ad8f35 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-devel-3.6.1-4.i586.rpm 509454 8c312bee14f08dca7f2dde75766ab191 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libtiff-3.5.7-7.src.rpm 972878 ad86cfa9f29064a6457eae596dbe0020 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-3.5.7-7.i586.rpm 222710 7e3dc3844942811aee6aea8c405e3628 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm 469753 4918c1f7b75335f9bfe3d96d322a0961 <Turbolinux 8 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libtiff-3.5.7-7.src.rpm 972878 ecea2012e0d8eaea72d27141e3b112bf Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-3.5.7-7.i586.rpm 316627 cad5ce73c1d9e515f390461cf4a72126 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm 595504 13bcf43c5208b27d485eb6e096cca14b <Turbolinux 8 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libtiff-3.5.5-7.src.rpm 918710 d507119975f6299adf197181f4eda89a Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-3.5.5-7.i586.rpm 738427 a3bc600c346754b83b8e5932908955e7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm 632579 6ab0c04ac7ef41df03073e56d622da8f <Turbolinux 7 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm 918710 9fd2675fa8d5146faf3bffab02ae08ab Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm 702575 958636e2ddf39b68b77f346671c7d10c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm 621763 05e2d24f8f16e3f10c690b03929db76f <Turbolinux 7 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm 918710 b0b307c92d092a8dec1f5bb58ba81802 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm 702616 616c97ff0678e34a646f2d18b2f0b0d9 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm 622017 4c1e95f277cc72f9dadc76e10da85eb8 References: CVE [CAN-2004-0803] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 [CAN-2004-0804] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 [CAN-2004-0886] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 [CAN-2004-1183] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183 [CAN-2004-1308] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 =========================================================== * XFree86 -> Multiple vulnerabilities in libXpm =========================================================== More information: XFree86 is an implementation of the X Window System, providing a core graphical user interface and video drivers. Multiple vulnerabilities have been discovered in the handling of libXpm for XFree86. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed XPM image files. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xvfb XFree86-contrib XFree86-cyrillic-fonts \ XFree86-debug XFree86-devel XFree86-fonts XFree86-libs XFree86-twm XFree86-xcursor XFree86-xcursor-devel \ XFree86-xf86config XFree86-xfs XFree86-xft XFree86-xft-devel [other] # turbopkg or # zabom update XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-contrib \ XFree86-cyrillic-fonts XFree86-devel XFree86-libs XFree86-xfs --------------------------------------------- <Turbolinux 10 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm 56924470 eb845b3be235bb21aa0278a180623083 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm 12437623 ee386b128dc366a57b040bc805438605 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm 17914136 7a51c84fdfeb84728ee8e34aa3b90bc3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm 10767930 1b4168835146c84115251d0fd8464ba3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm 1767856 5df330993a65405eb845be1f1b6b12cd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm 466061 52cc4b83c716d6e79b9061868450f88f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm 411823 5e81e96d9381c62f207442df6da45423 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-debug-4.3.0-77.i586.rpm 1377048 aceb6c284ec571f145c482eedfbaef78 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm 5019869 cdc364bf982fad2ef0e6de217f3abd3d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm 8769483 0da5b1474b099bb2bf3d01edda792603 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm 2647941 0f28d2cffc3e1e84126d46262725f9e6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm 117532 63709419ef668e12eae1520c55a767aa ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm 50393 025e2a0e8ed4569c0b3ba36621eb426b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm 47685 633730af58c2ec7aea3fb1579aeef630 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm 317697 9df69cf1936d3ed833ca5acae1c403d7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm 83290 c432d53f1cf1328521457d754022c6f4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm 79480 80aabaa94ec8fc20f54acc2193d017b4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm 65413 99eba2b51bb1a97a70fd5b168a41aa30 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm 56924470 eb845b3be235bb21aa0278a180623083 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm 12437426 b9111393e5ebdb113c6289988e18d5f3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm 17895556 defec85ce43edc9fc38da3178a5a81c5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm 10768171 0cc075e2c541b18e0b03c246aa733778 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm 1770857 7303649f87334a166053f79daa58ea7e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm 468946 f8b101e81546e121bff3b66580e0abca ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm 411831 bde2193dbe541209df9db215e0e7af46 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm 5044863 800299b8040b044bcc98ea4a584958f9 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm 8769933 adf97005250306846b5043ab4d20b91e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm 2650733 29503d891efdd23d4338453c8586f613 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm 117791 63d4137b167576f8d1d9160aa68e270e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm 50522 317efcf80d9c80d4ee07e63c744f9508 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm 43701 a0fc3b3c692b2df34cd0f1f01062e7d4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm 319370 f382c487a8bec7dfc474d0ba0d8b42d3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm 83644 db73fa54d5c7bd5505014ccf09b6cf1f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm 79556 bc989ac39f0aee3e90c78fa098e2057e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm 65526 cc883a49cc3094ec848e625619a533b2 <Turbolinux 8 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm 59402584 d2d88c18b1130b86927152ff03ece881 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm 12400410 34d10be76f54acc21491a00899a71702 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm 22743452 2d46d8869809b4cf4057073aa1424691 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm 10731375 ba1de2759dcc7147e2db62b03e6c88ec ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm 308144 45b5035ce028061f85307e523e744ca4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm 397538 716c536d56b62bfd0d01d36da3e6e84b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm 4614429 9c36dca86bf64abb155fa69bfcf862a6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm 2130130 71c9879567f941b333ef9357f0923b2e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm 71877 5d4624ac221daa59fa0be17667fa1402 <Turbolinux 8 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm 59402584 d2d88c18b1130b86927152ff03ece881 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm 12400862 55aca027c4a93336f441b2f97edebc38 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm 22742661 8078bd1063760502eacaff6b2a624f17 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm 10731374 57a913169b1210046e66b4cdfa1d4add ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm 307956 9b8262aee19812f4ddd570f11385b080 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm 397535 90a5212d0f613b73324a5d9a92bd7b5e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm 4614017 f580d9b9d34fc52855421429adf5963b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm 2129819 bb11ef81170bd7fe0ce6497863708914 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm 71862 dbed6ee63513445d15902040b7aba2e3 <Turbolinux 7 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm 56822593 d1dc66c85ed9362c5a60c01a9ff4f3b6 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm 12395748 f7480f3e13f0eac6cc86ca571373d4cd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm 20305802 48332f6693f31a7df62b33d55d50d41e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm 10728284 7086a66f0bf56ad672036f6a34f92800 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm 241514 2b57c0c668640d15abec76d705e7ad02 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm 393107 11007a23de8827f279e0b8f70b4e1685 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm 4081975 53a48bd6a8e9b1db753973780512cc8c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm 2152590 b6ba737c3f676346837841a88484b69f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm 65361 020ecfddb6a42d11d8f89b54c52f273e <Turbolinux 7 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm 56822593 f499b57975db35a67b7cc30f5611dd95 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm 12395916 9f5c90bc2292eec9ad8258fa27fcef05 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm 20305729 c592c0b7ded715b684f373893a02fdad ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm 10726676 f80f6b3efa546a16e6ff1519f8282c3e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm 241629 5b0d933767e2c4f75171402d7fc8b23d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm 393113 afad572afbed7ace7f57eb3552bd0e18 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm 4081652 cb1a1892dd927001bc1bdde67603f872 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm 2152078 c5548d688b1f8580363fb427d1eae7fc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm 65308 bd873f1147e4420bcdc324f6f4fcaf14 References: CVE [CAN-2004-0687] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 [CAN-2004-0688] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 [CAN-2004-0914] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 =========================================================== * imlib -> Two vulnerabilities discovered in imlib =========================================================== More information: Imlib is a display depth-independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Multiple issues have been discovered in imlib: - Multiple heap-based buffer overflows - Multiple integer overflows in the imlib image handler Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed image files. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u imlib imlib-devel imlib-cfgeditor imlib-debug [other] # turbopkg or # zabom update imlib imlib-devel --------------------------------------------- <Turbolinux 10 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/imlib-1.9.14-9.src.rpm 671199 8fa559a156b2f32932b0c056e91cab10 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-1.9.14-9.i586.rpm 156437 903c55bb189dbbbcfbd2da0e9367a979 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-cfgeditor-1.9.14-9.i586.rpm 237300 80169d1933dfa0d055309291a2acaf65 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-debug-1.9.14-9.i586.rpm 881100 b4456c4ee4b63ec72e40ad515718cd01 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm 227288 a51634b47f72ed7892fe7f0ce7493d12 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-9.src.rpm 671199 65fa097e57bf9e8994fa33c4b228ee1b Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-9.i586.rpm 155675 118b05bce35378acdff10f25f4e94ac5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm 227719 851c484e13d3d23ef8366e9479e5f5b2 <Turbolinux 8 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-10.src.rpm 835902 0cdc1b2b11958b9e5656150184546dc1 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-10.i586.rpm 138166 726d61918da3282354079e767c66987d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm 234782 a344ccb8bf63c40cb68118096aa1afa3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm 227939 783ba488fb78504d3659bd16a2faea41 <Turbolinux 8 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-10.src.rpm 835902 b47e72aff2d37923ce7d51f0e21bbbad Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-10.i586.rpm 138121 9303aa6f89427d6803df4d1c2abb406f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm 234839 c62f1822cd7395e36eb24d490330d441 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm 227967 5766fdbaa97fd1cb90156fd3ad8e55fb <Turbolinux 7 Server> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-7.src.rpm 793613 97708aba2aba0434735c9f0e9e56cf68 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-7.i586.rpm 128854 060b6e083f34ae092eaaa499014d2e48 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm 219639 0006ab5e52362c8501c0b77e41a8c5f4 <Turbolinux 7 Workstation> Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-7.src.rpm 793613 fd71ba9137199f255d2134d5856289ec Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-7.i586.rpm 128838 77bfcda3d83b2bee97408b48af82d161 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-7.i586.rpm 233339 1a77a724824e43bd711c964cab1e652d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm 219564 11ca9e1c806156aa67473024081e5dad References: CVE [CAN-2004-1025] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025 [CAN-2004-1026] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update/ ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <server-users-e-ctl@...bolinux.co.jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <server-users-e-ctl@...bolinux.co.jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <supp_info@...bolinux.co.jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB71FMK0LzjOqIJMwRAsEUAJ9599AhFk55nlg0VUIkrleS7wcqTQCfQfUB l9TjxOhzPUipkIw4gPqffjU= =OkBL -----END PGP SIGNATURE-----
Powered by blists - more mailing lists