lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200501201536.01355.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 20/Jan/2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 20/Jan/2005
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) xpdf -> Buffer overflow
 (2) libtiff -> Multiple vulnerabilities in libtiff
 (3) XFree86 -> Multiple vulnerabilities in libXpm
 (4) imlib -> Two vulnerabilities discovered in imlib

===========================================================
* xpdf -> Buffer overflow
===========================================================

 More information:
    Xpdf is an X Window System based viewer for Portable Document Format
    (PDF) files.  The buffer overflow was found in the Gfx::doImage function
    in Gfx.cc in xpdf version 3.00.

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed PDF files.

 Affected Products:
    - Turbolinux 10 Server

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom -u xpdf
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/xpdf-3.00-5.src.rpm
      4604490 d33abd903ee32d277260d1c230dcfe70

 References:

 CVE
   [CAN-2004-1125]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125


===========================================================
* libtiff -> Multiple vulnerabilities in libtiff
===========================================================

 More information:
    The libtiff package contains a library of functions for manipulating TIFF
    (Tagged Image File Format) image format files.

    Multiple issues exist in libtiff:
    - Multiple vulnerabilities in libtiff's RLE (run length encoding) decoders
    - Vulnerability in tif_dirread.c
    - Multiple integer overflows
    - Integer overflow in tif_dirread.c and tif_fax3.c

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed TIFF image files.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # turbopkg
 or
 # zabom -u libtiff

 [other]
 # turbopkg
 or
 # zabom update libtiff
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   libtiff-3.5.7-7.src.rpm
       972878 ed8bd0ef2bf2a1931610e91713a8d7c4

   Binary Packages
   Size: MD5

   libtiff-3.5.7-7.i586.rpm
       316109 2653e065f0c5fbc95c850a1dbf8ce385

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   libtiff-3.5.7-7.src.rpm
       972878 0fd2512f0caa91f27d80619bdd246d51

   Binary Packages
   Size: MD5

   libtiff-3.5.7-7.i586.rpm
       316422 00d6b827b50c02990eec3768ae92d4c9

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libtiff-3.6.1-4.src.rpm
      1093717 362993a9fe4c86ebe19b244210a2b6cf

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-3.6.1-4.i586.rpm
       232659 0f1d0d2fb52c72d38cd9a4964d50ba25
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-debug-3.6.1-4.i586.rpm
       256539 3dfa5531c4c29444b7ee939f97ad8f35
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-devel-3.6.1-4.i586.rpm
       509454 8c312bee14f08dca7f2dde75766ab191


 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libtiff-3.5.7-7.src.rpm
       972878 ad86cfa9f29064a6457eae596dbe0020

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-3.5.7-7.i586.rpm
       222710 7e3dc3844942811aee6aea8c405e3628
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
       469753 4918c1f7b75335f9bfe3d96d322a0961

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libtiff-3.5.7-7.src.rpm
       972878 ecea2012e0d8eaea72d27141e3b112bf

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-3.5.7-7.i586.rpm
       316627 cad5ce73c1d9e515f390461cf4a72126
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
       595504 13bcf43c5208b27d485eb6e096cca14b

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libtiff-3.5.5-7.src.rpm
       918710 d507119975f6299adf197181f4eda89a

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-3.5.5-7.i586.rpm
       738427 a3bc600c346754b83b8e5932908955e7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
       632579 6ab0c04ac7ef41df03073e56d622da8f

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
       918710 9fd2675fa8d5146faf3bffab02ae08ab

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
       702575 958636e2ddf39b68b77f346671c7d10c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
       621763 05e2d24f8f16e3f10c690b03929db76f

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
       918710 b0b307c92d092a8dec1f5bb58ba81802

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
       702616 616c97ff0678e34a646f2d18b2f0b0d9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
       622017 4c1e95f277cc72f9dadc76e10da85eb8


 References:

 CVE
   [CAN-2004-0803]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
   [CAN-2004-0804]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
   [CAN-2004-0886]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
   [CAN-2004-1183]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
   [CAN-2004-1308]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308


===========================================================
* XFree86 -> Multiple vulnerabilities in libXpm
===========================================================

 More information:
    XFree86 is an implementation of the X Window System, providing a core
    graphical user interface and video drivers.

    Multiple vulnerabilities have been discovered in the handling of libXpm
    for XFree86.

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed XPM image files.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # turbopkg
 or
 # zabom -u XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xvfb XFree86-contrib XFree86-cyrillic-fonts \
            XFree86-debug XFree86-devel XFree86-fonts XFree86-libs XFree86-twm XFree86-xcursor XFree86-xcursor-devel \
            XFree86-xf86config XFree86-xfs XFree86-xft XFree86-xft-devel
 [other]
 # turbopkg
 or
 # zabom update XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-contrib \
                XFree86-cyrillic-fonts XFree86-devel XFree86-libs XFree86-xfs
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
     56924470 eb845b3be235bb21aa0278a180623083

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
     12437623 ee386b128dc366a57b040bc805438605
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
     17914136 7a51c84fdfeb84728ee8e34aa3b90bc3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
     10767930 1b4168835146c84115251d0fd8464ba3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
      1767856 5df330993a65405eb845be1f1b6b12cd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
       466061 52cc4b83c716d6e79b9061868450f88f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
       411823 5e81e96d9381c62f207442df6da45423
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-debug-4.3.0-77.i586.rpm
      1377048 aceb6c284ec571f145c482eedfbaef78
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
      5019869 cdc364bf982fad2ef0e6de217f3abd3d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
      8769483 0da5b1474b099bb2bf3d01edda792603
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
      2647941 0f28d2cffc3e1e84126d46262725f9e6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
       117532 63709419ef668e12eae1520c55a767aa
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
        50393 025e2a0e8ed4569c0b3ba36621eb426b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
        47685 633730af58c2ec7aea3fb1579aeef630
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
       317697 9df69cf1936d3ed833ca5acae1c403d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
        83290 c432d53f1cf1328521457d754022c6f4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
        79480 80aabaa94ec8fc20f54acc2193d017b4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
        65413 99eba2b51bb1a97a70fd5b168a41aa30

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
     56924470 eb845b3be235bb21aa0278a180623083

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
     12437426 b9111393e5ebdb113c6289988e18d5f3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
     17895556 defec85ce43edc9fc38da3178a5a81c5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
     10768171 0cc075e2c541b18e0b03c246aa733778
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
      1770857 7303649f87334a166053f79daa58ea7e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
       468946 f8b101e81546e121bff3b66580e0abca
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
       411831 bde2193dbe541209df9db215e0e7af46
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
      5044863 800299b8040b044bcc98ea4a584958f9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
      8769933 adf97005250306846b5043ab4d20b91e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
      2650733 29503d891efdd23d4338453c8586f613
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
       117791 63d4137b167576f8d1d9160aa68e270e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
        50522 317efcf80d9c80d4ee07e63c744f9508
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
        43701 a0fc3b3c692b2df34cd0f1f01062e7d4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
       319370 f382c487a8bec7dfc474d0ba0d8b42d3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
        83644 db73fa54d5c7bd5505014ccf09b6cf1f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
        79556 bc989ac39f0aee3e90c78fa098e2057e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
        65526 cc883a49cc3094ec848e625619a533b2

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
     59402584 d2d88c18b1130b86927152ff03ece881

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
     12400410 34d10be76f54acc21491a00899a71702
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
     22743452 2d46d8869809b4cf4057073aa1424691
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
     10731375 ba1de2759dcc7147e2db62b03e6c88ec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
       308144 45b5035ce028061f85307e523e744ca4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
       397538 716c536d56b62bfd0d01d36da3e6e84b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
      4614429 9c36dca86bf64abb155fa69bfcf862a6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
      2130130 71c9879567f941b333ef9357f0923b2e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
        71877 5d4624ac221daa59fa0be17667fa1402

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
     59402584 d2d88c18b1130b86927152ff03ece881

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
     12400862 55aca027c4a93336f441b2f97edebc38
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
     22742661 8078bd1063760502eacaff6b2a624f17
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
     10731374 57a913169b1210046e66b4cdfa1d4add
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
       307956 9b8262aee19812f4ddd570f11385b080
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
       397535 90a5212d0f613b73324a5d9a92bd7b5e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
      4614017 f580d9b9d34fc52855421429adf5963b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
      2129819 bb11ef81170bd7fe0ce6497863708914
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
        71862 dbed6ee63513445d15902040b7aba2e3

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
     56822593 d1dc66c85ed9362c5a60c01a9ff4f3b6

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
     12395748 f7480f3e13f0eac6cc86ca571373d4cd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
     20305802 48332f6693f31a7df62b33d55d50d41e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
     10728284 7086a66f0bf56ad672036f6a34f92800
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
       241514 2b57c0c668640d15abec76d705e7ad02
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
       393107 11007a23de8827f279e0b8f70b4e1685
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
      4081975 53a48bd6a8e9b1db753973780512cc8c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
      2152590 b6ba737c3f676346837841a88484b69f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
        65361 020ecfddb6a42d11d8f89b54c52f273e

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
     56822593 f499b57975db35a67b7cc30f5611dd95

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
     12395916 9f5c90bc2292eec9ad8258fa27fcef05
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
     20305729 c592c0b7ded715b684f373893a02fdad
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
     10726676 f80f6b3efa546a16e6ff1519f8282c3e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
       241629 5b0d933767e2c4f75171402d7fc8b23d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
       393113 afad572afbed7ace7f57eb3552bd0e18
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
      4081652 cb1a1892dd927001bc1bdde67603f872
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
      2152078 c5548d688b1f8580363fb427d1eae7fc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
        65308 bd873f1147e4420bcdc324f6f4fcaf14


 References:

 CVE
   [CAN-2004-0687]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
   [CAN-2004-0688]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
   [CAN-2004-0914]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914


===========================================================
* imlib -> Two vulnerabilities discovered in imlib
===========================================================

 More information:
    Imlib is a display depth-independent image loading and rendering library.
    Imlib is designed to simplify and speed up the process of loading images
    and obtaining X Window System drawables.  Imlib provides many simple
    manipulation routines which can be used for common operations.

    Multiple issues have been discovered in imlib:
    - Multiple heap-based buffer overflows
    - Multiple integer overflows in the imlib image handler

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed image files.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # turbopkg
 or
 # zabom -u imlib imlib-devel imlib-cfgeditor imlib-debug

 [other]
 # turbopkg
 or
 # zabom update imlib imlib-devel
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
       671199 8fa559a156b2f32932b0c056e91cab10

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
       156437 903c55bb189dbbbcfbd2da0e9367a979
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-cfgeditor-1.9.14-9.i586.rpm
       237300 80169d1933dfa0d055309291a2acaf65
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-debug-1.9.14-9.i586.rpm
       881100 b4456c4ee4b63ec72e40ad515718cd01
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
       227288 a51634b47f72ed7892fe7f0ce7493d12

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
       671199 65fa097e57bf9e8994fa33c4b228ee1b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
       155675 118b05bce35378acdff10f25f4e94ac5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
       227719 851c484e13d3d23ef8366e9479e5f5b2

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
       835902 0cdc1b2b11958b9e5656150184546dc1

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
       138166 726d61918da3282354079e767c66987d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
       234782 a344ccb8bf63c40cb68118096aa1afa3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
       227939 783ba488fb78504d3659bd16a2faea41

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
       835902 b47e72aff2d37923ce7d51f0e21bbbad

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
       138121 9303aa6f89427d6803df4d1c2abb406f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
       234839 c62f1822cd7395e36eb24d490330d441
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
       227967 5766fdbaa97fd1cb90156fd3ad8e55fb

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
       793613 97708aba2aba0434735c9f0e9e56cf68

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
       128854 060b6e083f34ae092eaaa499014d2e48
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
       219639 0006ab5e52362c8501c0b77e41a8c5f4

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
       793613 fd71ba9137199f255d2134d5856289ec

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
       128838 77bfcda3d83b2bee97408b48af82d161
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-7.i586.rpm
       233339 1a77a724824e43bd711c964cab1e652d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
       219564 11ca9e1c806156aa67473024081e5dad


 References:

 CVE
   [CAN-2004-1025]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
   [CAN-2004-1026]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update/

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB71FMK0LzjOqIJMwRAsEUAJ9599AhFk55nlg0VUIkrleS7wcqTQCfQfUB
l9TjxOhzPUipkIw4gPqffjU=
=OkBL
-----END PGP SIGNATURE-----





Powered by blists - more mailing lists