| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Bas.Hendriks at pinkroccade.com (Hendriks Bas)
Subject: RE: Full-Disclosure Digest, Vol 2, Issue 44
The link is not ok should be:
http://xyz.lanl.gov/abs/cs.CR/0501038
-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com]On Behalf Of
full-disclosure-request@...ts.netsys.com
Sent: donderdag 20 januari 2005 18:00
To: full-disclosure@...ts.netsys.com
Subject: Full-Disclosure Digest, Vol 2, Issue 44
Send Full-Disclosure mailing list submissions to
full-disclosure@...ts.netsys.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@...ts.netsys.com
You can reach the person managing the list at
full-disclosure-owner@...ts.netsys.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Today's Topics:
1. harddisk encryption (Lentila de Vultur)
2. ASH Hashing Algorithm (seasonedpaper@....people.inodetech.com)
3. [TURBOLINUX SECURITY INFO] 20/Jan/2005 (Turbolinux)
4. Re: [ISN] Book Review: Forensic Discovery (Anthony Zboralski)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Jan 2005 10:27:59 +0100 (MET)
From: "Lentila de Vultur" <ledeve@....net>
Subject: [Full-Disclosure] harddisk encryption
To: full-disclosure@...ts.netsys.com
Message-ID: <31972.1106213279@...38.gmx.net>
Content-Type: text/plain; charset="us-ascii"
hi,
i'm evaluating a software that performs harddisk encryption for deploying in
my company. the software in question is utimaco safeguard easy v4.10
(www.utimaco.com) running on w2k.
i am interested in communitty's oppinion about this product. has anyone
performed a detailed analysis of it? i googled around but i couldn't find
much information, except that the version 3.20 sr1 has earned an eal3
certification from the german federal agency for it security.
tia
--
this e-mail is certified content-free.
Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
------------------------------
Message: 2
Date: Wed, 19 Jan 2005 20:47:51 -0800 (PST)
From: seasonedpaper@....people.inodetech.com
Subject: [Full-Disclosure] ASH Hashing Algorithm
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Message-ID:
<48499.209.204.180.178.1106196471.squirrel@...bleturkey.simpli.biz>
Content-Type: text/plain;charset=iso-8859-1
With the current class of cryptographic algorithms growing weaker we face
an increasingly large problem. I went ahead took two SHA-2 algorithms and
created ASH-1 and ASH-2. The modifications are algorithm neutral and
fairly simple, but add security and flexibility to the SHA family.
The hashing algorithm is detailed in this paper:
http://xxx.lanl.gov.nyud.net:8090/abs/cs.CR/0501038
Comments, criticism, and help all appreciated.
Thanks,
D.J. Capelis
Network Security and Cryptography Researcher
------------------------------
Message: 3
Date: Thu, 20 Jan 2005 15:35:51 +0900
From: Turbolinux <security-announce@...bolinux.co.jp>
Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 20/Jan/2005
To: security-announce@...bolinux.co.jp
Message-ID: <200501201536.01355.security-announce@...bolinux.co.jp>
Content-Type: Text/Plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 20/Jan/2005
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) xpdf -> Buffer overflow
(2) libtiff -> Multiple vulnerabilities in libtiff
(3) XFree86 -> Multiple vulnerabilities in libXpm
(4) imlib -> Two vulnerabilities discovered in imlib
===========================================================
* xpdf -> Buffer overflow
===========================================================
More information:
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. The buffer overflow was found in the Gfx::doImage function
in Gfx.cc in xpdf version 3.00.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed PDF files.
Affected Products:
- Turbolinux 10 Server
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u xpdf
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/xpdf-3.00-5.src.rpm
4604490 d33abd903ee32d277260d1c230dcfe70
References:
CVE
[CAN-2004-1125]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
===========================================================
* libtiff -> Multiple vulnerabilities in libtiff
===========================================================
More information:
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
Multiple issues exist in libtiff:
- Multiple vulnerabilities in libtiff's RLE (run length encoding) decoders
- Vulnerability in tif_dirread.c
- Multiple integer overflows
- Integer overflow in tif_dirread.c and tif_fax3.c
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed TIFF image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u libtiff
[other]
# turbopkg
or
# zabom update libtiff
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
libtiff-3.5.7-7.src.rpm
972878 ed8bd0ef2bf2a1931610e91713a8d7c4
Binary Packages
Size: MD5
libtiff-3.5.7-7.i586.rpm
316109 2653e065f0c5fbc95c850a1dbf8ce385
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size: MD5
libtiff-3.5.7-7.src.rpm
972878 0fd2512f0caa91f27d80619bdd246d51
Binary Packages
Size: MD5
libtiff-3.5.7-7.i586.rpm
316422 00d6b827b50c02990eec3768ae92d4c9
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libtiff-3.6.1-4.src.rpm
1093717 362993a9fe4c86ebe19b244210a2b6cf
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-3.6.1-4.i586.rpm
232659 0f1d0d2fb52c72d38cd9a4964d50ba25
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-debug-3.6.1-4.i586.rpm
256539 3dfa5531c4c29444b7ee939f97ad8f35
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-devel-3.6.1-4.i586.rpm
509454 8c312bee14f08dca7f2dde75766ab191
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libtiff-3.5.7-7.src.rpm
972878 ad86cfa9f29064a6457eae596dbe0020
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-3.5.7-7.i586.rpm
222710 7e3dc3844942811aee6aea8c405e3628
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
469753 4918c1f7b75335f9bfe3d96d322a0961
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libtiff-3.5.7-7.src.rpm
972878 ecea2012e0d8eaea72d27141e3b112bf
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-3.5.7-7.i586.rpm
316627 cad5ce73c1d9e515f390461cf4a72126
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-devel-3.5.7-7.i586.rpm
595504 13bcf43c5208b27d485eb6e096cca14b
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 d507119975f6299adf197181f4eda89a
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-3.5.5-7.i586.rpm
738427 a3bc600c346754b83b8e5932908955e7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
632579 6ab0c04ac7ef41df03073e56d622da8f
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 9fd2675fa8d5146faf3bffab02ae08ab
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
702575 958636e2ddf39b68b77f346671c7d10c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
621763 05e2d24f8f16e3f10c690b03929db76f
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libtiff-3.5.5-7.src.rpm
918710 b0b307c92d092a8dec1f5bb58ba81802
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-3.5.5-7.i586.rpm
702616 616c97ff0678e34a646f2d18b2f0b0d9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-devel-3.5.5-7.i586.rpm
622017 4c1e95f277cc72f9dadc76e10da85eb8
References:
CVE
[CAN-2004-0803]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
[CAN-2004-0804]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
[CAN-2004-0886]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
[CAN-2004-1183]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
[CAN-2004-1308]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
===========================================================
* XFree86 -> Multiple vulnerabilities in libXpm
===========================================================
More information:
XFree86 is an implementation of the X Window System, providing a core
graphical user interface and video drivers.
Multiple vulnerabilities have been discovered in the handling of libXpm
for XFree86.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed XPM image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xvfb XFree86-contrib XFree86-cyrillic-fonts \
XFree86-debug XFree86-devel XFree86-fonts XFree86-libs XFree86-twm XFree86-xcursor XFree86-xcursor-devel \
XFree86-xf86config XFree86-xfs XFree86-xft XFree86-xft-devel
[other]
# turbopkg
or
# zabom update XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-contrib \
XFree86-cyrillic-fonts XFree86-devel XFree86-libs XFree86-xfs
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
56924470 eb845b3be235bb21aa0278a180623083
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
12437623 ee386b128dc366a57b040bc805438605
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
17914136 7a51c84fdfeb84728ee8e34aa3b90bc3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
10767930 1b4168835146c84115251d0fd8464ba3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
1767856 5df330993a65405eb845be1f1b6b12cd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
466061 52cc4b83c716d6e79b9061868450f88f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
411823 5e81e96d9381c62f207442df6da45423
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-debug-4.3.0-77.i586.rpm
1377048 aceb6c284ec571f145c482eedfbaef78
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
5019869 cdc364bf982fad2ef0e6de217f3abd3d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
8769483 0da5b1474b099bb2bf3d01edda792603
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
2647941 0f28d2cffc3e1e84126d46262725f9e6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
117532 63709419ef668e12eae1520c55a767aa
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
50393 025e2a0e8ed4569c0b3ba36621eb426b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
47685 633730af58c2ec7aea3fb1579aeef630
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
317697 9df69cf1936d3ed833ca5acae1c403d7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
83290 c432d53f1cf1328521457d754022c6f4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
79480 80aabaa94ec8fc20f54acc2193d017b4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
65413 99eba2b51bb1a97a70fd5b168a41aa30
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/XFree86-4.3.0-77.src.rpm
56924470 eb845b3be235bb21aa0278a180623083
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-77.i586.rpm
12437426 b9111393e5ebdb113c6289988e18d5f3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-4.3.0-77.i586.rpm
17895556 defec85ce43edc9fc38da3178a5a81c5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-77.i586.rpm
10768171 0cc075e2c541b18e0b03c246aa733778
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-Xvfb-4.3.0-77.i586.rpm
1770857 7303649f87334a166053f79daa58ea7e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-contrib-4.3.0-77.i586.rpm
468946 f8b101e81546e121bff3b66580e0abca
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-77.i586.rpm
411831 bde2193dbe541209df9db215e0e7af46
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-devel-4.3.0-77.i586.rpm
5044863 800299b8040b044bcc98ea4a584958f9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-fonts-4.3.0-77.i586.rpm
8769933 adf97005250306846b5043ab4d20b91e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-libs-4.3.0-77.i586.rpm
2650733 29503d891efdd23d4338453c8586f613
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-twm-4.3.0-77.i586.rpm
117791 63d4137b167576f8d1d9160aa68e270e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-4.3.0-77.i586.rpm
50522 317efcf80d9c80d4ee07e63c744f9508
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-77.i586.rpm
43701 a0fc3b3c692b2df34cd0f1f01062e7d4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xf86config-4.3.0-77.i586.rpm
319370 f382c487a8bec7dfc474d0ba0d8b42d3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xfs-4.3.0-77.i586.rpm
83644 db73fa54d5c7bd5505014ccf09b6cf1f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-4.3.0-77.i586.rpm
79556 bc989ac39f0aee3e90c78fa098e2057e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-devel-4.3.0-77.i586.rpm
65526 cc883a49cc3094ec848e625619a533b2
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
59402584 d2d88c18b1130b86927152ff03ece881
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
12400410 34d10be76f54acc21491a00899a71702
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
22743452 2d46d8869809b4cf4057073aa1424691
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
10731375 ba1de2759dcc7147e2db62b03e6c88ec
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
308144 45b5035ce028061f85307e523e744ca4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
397538 716c536d56b62bfd0d01d36da3e6e84b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
4614429 9c36dca86bf64abb155fa69bfcf862a6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
2130130 71c9879567f941b333ef9357f0923b2e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
71877 5d4624ac221daa59fa0be17667fa1402
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/XFree86-4.2.0-31.src.rpm
59402584 d2d88c18b1130b86927152ff03ece881
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-31.i586.rpm
12400862 55aca027c4a93336f441b2f97edebc38
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-4.2.0-31.i586.rpm
22742661 8078bd1063760502eacaff6b2a624f17
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-31.i586.rpm
10731374 57a913169b1210046e66b4cdfa1d4add
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-contrib-4.2.0-31.i586.rpm
307956 9b8262aee19812f4ddd570f11385b080
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-31.i586.rpm
397535 90a5212d0f613b73324a5d9a92bd7b5e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-devel-4.2.0-31.i586.rpm
4614017 f580d9b9d34fc52855421429adf5963b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-libs-4.2.0-31.i586.rpm
2129819 bb11ef81170bd7fe0ce6497863708914
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-xfs-4.2.0-31.i586.rpm
71862 dbed6ee63513445d15902040b7aba2e3
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
56822593 d1dc66c85ed9362c5a60c01a9ff4f3b6
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
12395748 f7480f3e13f0eac6cc86ca571373d4cd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
20305802 48332f6693f31a7df62b33d55d50d41e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
10728284 7086a66f0bf56ad672036f6a34f92800
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
241514 2b57c0c668640d15abec76d705e7ad02
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
393107 11007a23de8827f279e0b8f70b4e1685
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
4081975 53a48bd6a8e9b1db753973780512cc8c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
2152590 b6ba737c3f676346837841a88484b69f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
65361 020ecfddb6a42d11d8f89b54c52f273e
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/XFree86-4.1.0-40.src.rpm
56822593 f499b57975db35a67b7cc30f5611dd95
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-40.i586.rpm
12395916 9f5c90bc2292eec9ad8258fa27fcef05
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-4.1.0-40.i586.rpm
20305729 c592c0b7ded715b684f373893a02fdad
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-40.i586.rpm
10726676 f80f6b3efa546a16e6ff1519f8282c3e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-contrib-4.1.0-40.i586.rpm
241629 5b0d933767e2c4f75171402d7fc8b23d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-40.i586.rpm
393113 afad572afbed7ace7f57eb3552bd0e18
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-devel-4.1.0-40.i586.rpm
4081652 cb1a1892dd927001bc1bdde67603f872
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-libs-4.1.0-40.i586.rpm
2152078 c5548d688b1f8580363fb427d1eae7fc
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-xfs-4.1.0-40.i586.rpm
65308 bd873f1147e4420bcdc324f6f4fcaf14
References:
CVE
[CAN-2004-0687]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
[CAN-2004-0688]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
[CAN-2004-0914]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
===========================================================
* imlib -> Two vulnerabilities discovered in imlib
===========================================================
More information:
Imlib is a display depth-independent image loading and rendering library.
Imlib is designed to simplify and speed up the process of loading images
and obtaining X Window System drawables. Imlib provides many simple
manipulation routines which can be used for common operations.
Multiple issues have been discovered in imlib:
- Multiple heap-based buffer overflows
- Multiple integer overflows in the imlib image handler
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed image files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# turbopkg
or
# zabom -u imlib imlib-devel imlib-cfgeditor imlib-debug
[other]
# turbopkg
or
# zabom update imlib imlib-devel
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
671199 8fa559a156b2f32932b0c056e91cab10
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
156437 903c55bb189dbbbcfbd2da0e9367a979
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-cfgeditor-1.9.14-9.i586.rpm
237300 80169d1933dfa0d055309291a2acaf65
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-debug-1.9.14-9.i586.rpm
881100 b4456c4ee4b63ec72e40ad515718cd01
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
227288 a51634b47f72ed7892fe7f0ce7493d12
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imlib-1.9.14-9.src.rpm
671199 65fa097e57bf9e8994fa33c4b228ee1b
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-1.9.14-9.i586.rpm
155675 118b05bce35378acdff10f25f4e94ac5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imlib-devel-1.9.14-9.i586.rpm
227719 851c484e13d3d23ef8366e9479e5f5b2
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
835902 0cdc1b2b11958b9e5656150184546dc1
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
138166 726d61918da3282354079e767c66987d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
234782 a344ccb8bf63c40cb68118096aa1afa3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
227939 783ba488fb78504d3659bd16a2faea41
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imlib-1.9.13-10.src.rpm
835902 b47e72aff2d37923ce7d51f0e21bbbad
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-1.9.13-10.i586.rpm
138121 9303aa6f89427d6803df4d1c2abb406f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm
234839 c62f1822cd7395e36eb24d490330d441
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm
227967 5766fdbaa97fd1cb90156fd3ad8e55fb
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
793613 97708aba2aba0434735c9f0e9e56cf68
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
128854 060b6e083f34ae092eaaa499014d2e48
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
219639 0006ab5e52362c8501c0b77e41a8c5f4
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imlib-1.9.10-7.src.rpm
793613 fd71ba9137199f255d2134d5856289ec
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-1.9.10-7.i586.rpm
128838 77bfcda3d83b2bee97408b48af82d161
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-cfgeditor-1.9.10-7.i586.rpm
233339 1a77a724824e43bd711c964cab1e652d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imlib-devel-1.9.10-7.i586.rpm
219564 11ca9e1c806156aa67473024081e5dad
References:
CVE
[CAN-2004-1025]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
[CAN-2004-1026]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update/
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB71FMK0LzjOqIJMwRAsEUAJ9599AhFk55nlg0VUIkrleS7wcqTQCfQfUB
l9TjxOhzPUipkIw4gPqffjU=
=OkBL
-----END PGP SIGNATURE-----
------------------------------
Message: 4
Date: Thu, 20 Jan 2005 19:37:50 +0700
From: Anthony Zboralski <bcs2005@...lua.com>
Subject: [Full-Disclosure] Re: [ISN] Book Review: Forensic Discovery
To: InfoSec News <isn@....org>
Cc: William Knowles <wk@....org>, dailydave@...ts.immunitysec.com,
bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Message-ID: <190A3FEA-6AE0-11D9-97C7-000A95B1B62E@...lua.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
On 19 Jan 2005, at 14:55, InfoSec News wrote:
> http://books.slashdot.org/books/05/01/18/2110235.shtml
>
> [ http://www.amazon.com/exec/obidos/ASIN/020163497X/c4iorg - WK]
>
> Author: Dan Farmer & Wietse Venema
> Pages: 198
> Publisher: Addison Wesley Professional
> Rating: 10
> Reviewer: Ben Rothke
> ISBN: 020163497X
> Summary: Forensic Discovery overview
>
> Security luminaries Dan Farmer and Wietse Venema wrote one of the
> first vulnerability scanners (SATAN) almost 10 years ago; SATAN was
> the precursor to ISS Scanner, Retina and nmap. Venema wrote such
> well-known security applications as the TCP Wrapper program and the
> Postfix mail server. Farmer and Venema's new book Forensic Discovery
> is a valuable book that grounds a computer-savvy reader in the world
> of digital forensics.
Source: http://hert.org/story.php/58
After reading the review of Dan Farmer and Wietse's Forensic Discovery,
you should hear about
The Grugq who got fired from @stake after writing a Phrack Article in
which he exposed numerous
flaws in The Coroner's Toolkit by Dan & Wietse.
Before you read this book, check out the video (bittorrent) of The
Grugq on The Art of Defiling and
see how to defeat "industry grade" forensic tools and techniques .
You can also meet him at a hacker convention near you (in March at
BCS2005 in Jakarta, in April
at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.
Video of the Grugq's Speech, The Art of Defiling:
http://www.hert.org/z/grugq.torrent (Courtesy of HITB2004)
Presentation Slides:
http://packetstormsecurity.com/hitb04/hitb04-grugq.pdf (from HITB2004)
Phrack article:
http://www.phrack.org/show.php?p=59&a=6 (Phrack 59)
Grugq's Profile:
http://www.bellua.com/bcs2005/asia05.speakers.html#grugq
The Grugq has been researching anti-forensics for almost 5 years. He
has presented
to the UK's largest forensic practitioner group where he scared
Scotland Yard.
Grugq has worked to secure the networks and hosts of global
corporations, and
he's also worked for security consulting companies. His work as a
security consultant
was cut short temporarily following the publication of an article on
anti-forensics.
P.S. Is it illegal to talk about anti-forensics under the Patriot Act?
gaius
--
Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
21-22 March - The Workshops - 23-24 March - The Conference
bcs2005@...lua.com - Phone: +62213918330 HP:+628159102495
------------------------------
_______________________________________________
Full-Disclosure mailing list
Full-Disclosure@...ts.netsys.com
https://lists.netsys.com/mailman/listinfo/full-disclosure
End of Full-Disclosure Digest, Vol 2, Issue 44
**********************************************
Powered by blists - more mailing lists