| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 20/Jan/2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 20/Jan/2005
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) xpdf -> Buffer overflow
(2) libtiff -> Multiple vulnerabilities in libtiff
(3) XFree86 -> Multiple vulnerabilities in libXpm
(4) imlib -> Two vulnerabilities discovered in imlib
===========================================================
* xpdf -> Buffer overflow
===========================================================
More information:
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. The buffer overflow was found in the Gfx::doImage function
in Gfx.cc in xpdf version 3.00.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed PDF files.
Affected Products:
- Turbolinux 10 Server
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u xpdf
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/xpdf-3.00-5.src.rpm
4604490 d33abd903ee32d277260d1c230dcfe70
References:
CVE
[CAN-2004-1125]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
===========================================================
* libtiff -> Multiple vulnerabilities in libtiff
===========================================================
More information:
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
Multiple issues exist in libtiff:
- Multiple vulnerabilities in libtiff's RLE (run length encoding) decoders
- Vulnerability in tif_dirread.c
- Multiple integer overflows
- Integer overflow in tif_dirread.c and tif_fax3.c
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed TIFF image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u libtiff
[other]
# turbopkg
or
# zabom update libtiff
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
libtiff-3.5.7-7.src.rpm
972878 ed8bd0ef2bf2a1931610e91713a8d7c4
Binary Packages
Size: MD5
libtiff-3.5.7-7.i586.rpm
316109 2653e065f0c5fbc95c850a1dbf8ce385
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size: MD5
libtiff-3.5.7-7.src.rpm
972878 0fd2512f0caa91f27d80619bdd246d51
Binary Packages
Size: MD5
libtiff-3.5.7-7.i586.rpm
316422 00d6b827b50c02990eec3768ae92d4c9
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libtiff-3.6.1-4.src.rpm
1093717 362993a9fe4c86ebe19b244210a2b6cf
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-3.6.1-4.i586.rpm
232659 0f1d0d2fb52c72d38cd9a4964d50ba25
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-debug-3.6.1-4.i586.rpm
256539 3dfa5531c4c29444b7ee939f97ad8f35
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-devel-3.6.1-4.i586.rpm
509454 8c312bee14f08dca7f2dde75766ab191
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libtiff-3.5.7-7.src.rpm
972878 ad86cfa9f29064a6457eae596dbe0020
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-3.5.7-7.i586.rpm
222710 7e3dc3844942811aee6aea8c405e3628
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
469753 4918c1f7b75335f9bfe3d96d322a0961
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libtiff-3.5.7-7.src.rpm
972878 ecea2012e0d8eaea72d27141e3b112bf
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-3.5.7-7.i586.rpm
316627 cad5ce73c1d9e515f390461cf4a72126
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
595504 13bcf43c5208b27d485eb6e096cca14b
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 d507119975f6299adf197181f4eda89a
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-3.5.5-7.i586.rpm
738427 a3bc600c346754b83b8e5932908955e7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
632579 6ab0c04ac7ef41df03073e56d622da8f
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 9fd2675fa8d5146faf3bffab02ae08ab
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
702575 958636e2ddf39b68b77f346671c7d10c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
621763 05e2d24f8f16e3f10c690b03929db76f
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 b0b307c92d092a8dec1f5bb58ba81802
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
702616 616c97ff0678e34a646f2d18b2f0b0d9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
622017 4c1e95f277cc72f9dadc76e10da85eb8
References:
CVE
[CAN-2004-0803]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
[CAN-2004-0804]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
[CAN-2004-0886]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
[CAN-2004-1183]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
[CAN-2004-1308]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
===========================================================
* XFree86 -> Multiple vulnerabilities in libXpm
===========================================================
More information:
XFree86 is an implementation of the X Window System, providing a core
graphical user interface and video drivers.
Multiple vulnerabilities have been discovered in the handling of libXpm
for XFree86.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed XPM image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xvfb XFree86-contrib XFree86-cyrillic-fonts \
XFree86-debug XFree86-devel XFree86-fonts XFree86-libs XFree86-twm XFree86-xcursor XFree86-xcursor-devel \
XFree86-xf86config XFree86-xfs XFree86-xft XFree86-xft-devel
[other]
# turbopkg
or
# zabom update XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-contrib \
XFree86-cyrillic-fonts XFree86-devel XFree86-libs XFree86-xfs
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
56924470 eb845b3be235bb21aa0278a180623083
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
12437623 ee386b128dc366a57b040bc805438605
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
17914136 7a51c84fdfeb84728ee8e34aa3b90bc3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
10767930 1b4168835146c84115251d0fd8464ba3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
1767856 5df330993a65405eb845be1f1b6b12cd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
466061 52cc4b83c716d6e79b9061868450f88f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
411823 5e81e96d9381c62f207442df6da45423
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-debug-4.3.0-77.i586.rpm
1377048 aceb6c284ec571f145c482eedfbaef78
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
5019869 cdc364bf982fad2ef0e6de217f3abd3d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
8769483 0da5b1474b099bb2bf3d01edda792603
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
2647941 0f28d2cffc3e1e84126d46262725f9e6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
117532 63709419ef668e12eae1520c55a767aa
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
50393 025e2a0e8ed4569c0b3ba36621eb426b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
47685 633730af58c2ec7aea3fb1579aeef630
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
317697 9df69cf1936d3ed833ca5acae1c403d7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
83290 c432d53f1cf1328521457d754022c6f4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
79480 80aabaa94ec8fc20f54acc2193d017b4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
65413 99eba2b51bb1a97a70fd5b168a41aa30
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
56924470 eb845b3be235bb21aa0278a180623083
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
12437426 b9111393e5ebdb113c6289988e18d5f3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
17895556 defec85ce43edc9fc38da3178a5a81c5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
10768171 0cc075e2c541b18e0b03c246aa733778
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
1770857 7303649f87334a166053f79daa58ea7e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
468946 f8b101e81546e121bff3b66580e0abca
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
411831 bde2193dbe541209df9db215e0e7af46
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
5044863 800299b8040b044bcc98ea4a584958f9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
8769933 adf97005250306846b5043ab4d20b91e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
2650733 29503d891efdd23d4338453c8586f613
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
117791 63d4137b167576f8d1d9160aa68e270e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
50522 317efcf80d9c80d4ee07e63c744f9508
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
43701 a0fc3b3c692b2df34cd0f1f01062e7d4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
319370 f382c487a8bec7dfc474d0ba0d8b42d3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
83644 db73fa54d5c7bd5505014ccf09b6cf1f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
79556 bc989ac39f0aee3e90c78fa098e2057e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
65526 cc883a49cc3094ec848e625619a533b2
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
59402584 d2d88c18b1130b86927152ff03ece881
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
12400410 34d10be76f54acc21491a00899a71702
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
22743452 2d46d8869809b4cf4057073aa1424691
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
10731375 ba1de2759dcc7147e2db62b03e6c88ec
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
308144 45b5035ce028061f85307e523e744ca4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
397538 716c536d56b62bfd0d01d36da3e6e84b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
4614429 9c36dca86bf64abb155fa69bfcf862a6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
2130130 71c9879567f941b333ef9357f0923b2e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
71877 5d4624ac221daa59fa0be17667fa1402
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
59402584 d2d88c18b1130b86927152ff03ece881
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
12400862 55aca027c4a93336f441b2f97edebc38
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
22742661 8078bd1063760502eacaff6b2a624f17
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
10731374 57a913169b1210046e66b4cdfa1d4add
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
307956 9b8262aee19812f4ddd570f11385b080
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
397535 90a5212d0f613b73324a5d9a92bd7b5e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
4614017 f580d9b9d34fc52855421429adf5963b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
2129819 bb11ef81170bd7fe0ce6497863708914
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
71862 dbed6ee63513445d15902040b7aba2e3
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
56822593 d1dc66c85ed9362c5a60c01a9ff4f3b6
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
12395748 f7480f3e13f0eac6cc86ca571373d4cd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
20305802 48332f6693f31a7df62b33d55d50d41e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
10728284 7086a66f0bf56ad672036f6a34f92800
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
241514 2b57c0c668640d15abec76d705e7ad02
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
393107 11007a23de8827f279e0b8f70b4e1685
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
4081975 53a48bd6a8e9b1db753973780512cc8c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
2152590 b6ba737c3f676346837841a88484b69f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
65361 020ecfddb6a42d11d8f89b54c52f273e
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
56822593 f499b57975db35a67b7cc30f5611dd95
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
12395916 9f5c90bc2292eec9ad8258fa27fcef05
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
20305729 c592c0b7ded715b684f373893a02fdad
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
10726676 f80f6b3efa546a16e6ff1519f8282c3e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
241629 5b0d933767e2c4f75171402d7fc8b23d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
393113 afad572afbed7ace7f57eb3552bd0e18
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
4081652 cb1a1892dd927001bc1bdde67603f872
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
2152078 c5548d688b1f8580363fb427d1eae7fc
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
65308 bd873f1147e4420bcdc324f6f4fcaf14
References:
CVE
[CAN-2004-0687]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
[CAN-2004-0688]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
[CAN-2004-0914]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
===========================================================
* imlib -> Two vulnerabilities discovered in imlib
===========================================================
More information:
Imlib is a display depth-independent image loading and rendering library.
Imlib is designed to simplify and speed up the process of loading images
and obtaining X Window System drawables. Imlib provides many simple
manipulation routines which can be used for common operations.
Multiple issues have been discovered in imlib:
- Multiple heap-based buffer overflows
- Multiple integer overflows in the imlib image handler
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u imlib imlib-devel imlib-cfgeditor imlib-debug
[other]
# turbopkg
or
# zabom update imlib imlib-devel
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
671199 8fa559a156b2f32932b0c056e91cab10
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
156437 903c55bb189dbbbcfbd2da0e9367a979
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-cfgeditor-1.9.14-9.i586.rpm
237300 80169d1933dfa0d055309291a2acaf65
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-debug-1.9.14-9.i586.rpm
881100 b4456c4ee4b63ec72e40ad515718cd01
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
227288 a51634b47f72ed7892fe7f0ce7493d12
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
671199 65fa097e57bf9e8994fa33c4b228ee1b
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
155675 118b05bce35378acdff10f25f4e94ac5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
227719 851c484e13d3d23ef8366e9479e5f5b2
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
835902 0cdc1b2b11958b9e5656150184546dc1
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
138166 726d61918da3282354079e767c66987d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
234782 a344ccb8bf63c40cb68118096aa1afa3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
227939 783ba488fb78504d3659bd16a2faea41
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
835902 b47e72aff2d37923ce7d51f0e21bbbad
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
138121 9303aa6f89427d6803df4d1c2abb406f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
234839 c62f1822cd7395e36eb24d490330d441
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
227967 5766fdbaa97fd1cb90156fd3ad8e55fb
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
793613 97708aba2aba0434735c9f0e9e56cf68
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
128854 060b6e083f34ae092eaaa499014d2e48
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
219639 0006ab5e52362c8501c0b77e41a8c5f4
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
793613 fd71ba9137199f255d2134d5856289ec
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
128838 77bfcda3d83b2bee97408b48af82d161
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-7.i586.rpm
233339 1a77a724824e43bd711c964cab1e652d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
219564 11ca9e1c806156aa67473024081e5dad
References:
CVE
[CAN-2004-1025]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
[CAN-2004-1026]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update/
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB71FMK0LzjOqIJMwRAsEUAJ9599AhFk55nlg0VUIkrleS7wcqTQCfQfUB
l9TjxOhzPUipkIw4gPqffjU=
=OkBL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists