lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200501261509.35418.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 26/Jan/2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 26/Jan/2005
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) ImageMagick -> Buffer overflow
 (2) a2ps -> File name sanitization issue allows arbitrary command execution
 (3) gzip -> Possible symlink attack may allow arbitrary file overwriting
 (4) iptables -> The iptables module is not loaded by default
 (5) libxml -> Buffer overflow vulnerabilites exist in libxml
 (6) libxml2 -> Buffer overflow vulnerabilites exist in libxml2

===========================================================
* ImageMagick -> Buffer overflow
===========================================================

 More information:
    ImageMagick(TM) is an image display and manipulation tool for the X
    Window System.  ImageMagick can read and write JPEG, TIFF, PNM, GIF and
    Photo CD image file formats.

    Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
    attackers to execute arbitrary code via a malformed image or video file.

 Impact:
    The vulnerability can allows remote attackers to execute arbitrary code via a certain image file.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turboupdate
 or
 # zabom -u mageMagick ImageMagick-devel
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm
      7511941 17adae3379d5fe2d2c8d0cc7ee8d2b56

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm
      4363797 68a19b63569e6a59595b2d945d5e7237
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-c++-6.0.5-6.i586.rpm
       306696 c03cb913e8741f3af87fd443bc307404
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm
       786243 70452d358cb3bf7d0df592561e7c7da4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-perl-6.0.5-6.i586.rpm
        73904 f899a6e397e9d1b67d8f9282a3756a3e

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm
      7511941 2b293d79210909e845b1ca1536016b48

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm
      4370606 a25ae2ba0ebd7ed3f04911c2ba45a411
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm
       784965 30175afd0bc34e8c46ba487539b926b7

 References:

 CVE
   [CAN-2004-0981]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981


===========================================================
* a2ps -> File name sanitization issue allows arbitrary command execution
===========================================================

 More information:
    a2ps is a text to PostScript filter with pretty-printing capabilities.

    Vulnerabilities in a2ps can allow remote attackers to execute arbitrary
    commands by placing shell metacharacters in filenames.

 Impact:
    An attacker can cause arbitrary shell commands to be executed by a2ps.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u a2ps

 [other]
 # turbopkg
 or
 # zabom update a2ps
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 0dec4f3618d7e32b0687d76213fb92df

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/a2ps-4.13-9.i586.rpm
       965274 a3d79d28a78bdd732b474ab77e8d4688

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 c35e3b9d7363517dde3e9a32dfa067ea

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/a2ps-4.13-9.i586.rpm
       688661 56e6872b9138ce795824524e2a34d196

 <Turbolinux 8 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 3223869042a6ea7eed654cac2143686f

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/a2ps-4.13-9.i586.rpm
       689304 f99ce2a2d1a06bc8faafeed2d7601c8b

 <Turbolinux 8 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 c965972eedc095def78b7d82083a8517

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/a2ps-4.13-9.i586.rpm
       689678 c3d17ecf390ed87469295fa91099ceeb

 <Turbolinux 7 Server>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 3ab202306117826905ed8ccad1ba6620

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/a2ps-4.13-9.i586.rpm
       678614 ecf1ddf66639409b320756ac3226c9f6

 <Turbolinux 7 Workstation>

   Source Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/a2ps-4.13-9.src.rpm
      1987071 fccba4d124c8af048daa1162d772b21d

   Binary Packages
   size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/a2ps-4.13-9.i586.rpm
       678336 4c78ac597a79b1523f80cd5f87fd76f8


 References:

 CVE
   [CAN-2004-1170]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170


===========================================================
* gzip -> Possible symlink attack may allow arbitrary file overwriting
===========================================================

 More information:
    gzip is a compression utility designed to be a replacement for compress.

    A vulnerability in the manner in which gzip handles temporary files
    could allow local users to overwrite arbitrary files via a symlink attack.

 Impact:
    This vulerability may allow local users to overwrite arbitrary files
    via a symbolic link attack.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u gzip

 [other]
 # turbopkg
 or
 # zabom update gzip
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   gzip-1.3.3-5.src.rpm
       330678 0b4aeb40c5791cb69e7f889624f649ce

   Binary Packages
   Size : MD5

   gzip-1.3.3-5.i586.rpm
        96268 56021edc714862f99b36d35a862a249e

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   gzip-1.3.3-5.src.rpm
       330678 bda93bc97f98b6b64a88618b2522fe7b

   Binary Packages
   Size : MD5

   gzip-1.3.3-5.i586.rpm
        96425 54c5f4f79161110b2e1e593a78572e74

 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 ba5f93e1f166fbd28ec09d511c158660

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gzip-1.3.3-5.i586.rpm
        97741 5fc0e455c2aa615ec07f887fa550f922

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 cd2e575c7712a6707a5f251d6860294d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gzip-1.3.3-5.i586.rpm
        97867 555cbc0ef8c85b65ec213173b5b97a6f

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 6882ac6a387053736e57d8710fb5e4e8

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gzip-1.3.3-5.i586.rpm
        96459 0b494d773435cc8318005f11b5f6d3e5

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 3ecc8d56bce9d3952ac8107640e760dc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/gzip-1.3.3-5.i586.rpm
        96430 36a89d5a23778a8f5e23292645b3837a

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 7694ead88f8ec5d357723810fa7682f7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gzip-1.3.3-5.i586.rpm
        95347 88a3663e794481891caa4cd54adbe526

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/gzip-1.3.3-5.src.rpm
       330678 ba1efebdc5263f3bc42df4ba04b15869

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/gzip-1.3.3-5.i586.rpm
        95474 a1ca43139819e82d33b9cbf89af1b1d7


 References:

 CVE
   [CAN-2004-0970]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0970


===========================================================
* iptables -> The iptables module is not loaded by default
===========================================================

 More information:
    The iptables module is part of a framework within the Linux kernel enabling
    packet filtering and network addresss and port translation.
    
    The iptables module allows you to set up firewalls, IP masquerading, etc.

    Under certain conditions, at system startup, the iptables module does
    not properly load other required kernel modules.

 Impact:
    This vulnerability may cause some firewall rules to not be enabled.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u iptables iptables-ipv6

 [other]
 # turbopkg
 or
 # zabom update iptables iptables-ipv6
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/iptables-1.2.11-3.src.rpm
       171392 f8d209c404a0c80a1cb39769b0dd0752

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-1.2.11-3.i586.rpm
       128949 18665c1391bcacc008b42f878ba8bf66
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-ipv6-1.2.11-3.i586.rpm
        86570 31a0bee5bdf37f815415cb4497ffccc2

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/iptables-1.2.5-6.src.rpm
       249503 db14fb59045bf441b3b29ce441ecafb4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-1.2.5-6.i586.rpm
       112221 cde32d0ebb914aa24b5b701138944166
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
        43308 769ab23520744ecec5c18eb46a18713f

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/iptables-1.2.5-6.src.rpm
       249503 2793cddd92d0a4d46fa16044a3b1bbd5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-1.2.5-6.i586.rpm
       112368 97b59758bad5e851add2eb910e5f1509
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
        43544 29cbe3100477c7794167ac5159a92ee1

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/iptables-1.2.5-6.src.rpm
       249503 662423ea544c38fbb0b1673ce4f26191

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-1.2.5-6.i586.rpm
       112279 3f0ed78324c4bfd83f57058485d55f54
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
        43528 87ddac3e83341e365a23df157f149805

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/iptables-1.2.5-6.src.rpm
       249503 90eea0042084c29924d3fe3a699bf4be

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-1.2.5-6.i586.rpm
       108811 2c12ce067ffbad17752497d1995bbd0b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
        42332 732477a482bf315c41a88a7b03554b56

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/iptables-1.2.5-6.src.rpm
       249503 672e50ae6dd331223ad640dd621e76a8

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-1.2.5-6.i586.rpm
       108845 3e9364b62881492e087d932a355a05dd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
        42300 3a9eac9ded16f9076d70cbec2b149880


 References:

 CVE
   [CAN-2004-0986]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986


===========================================================
* libxml -> Buffer overflow vulnerabilites exist in libxml
===========================================================

 More information:
    The libxml library provides procedures for XML file manipulation.

    Multiple buffer overflow vulnerabilities have been discovered in libxml.

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed XML files.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u libxml libxml-devel

 [other]
 # turbopkg
 or
 # zabom update libxml libxml-devel
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   libxml-1.8.17-3.src.rpm
      1002313 a221f0ae0340d529e37e77277cbc724b

   Binary Packages
   Size : MD5

   libxml-1.8.17-3.i586.rpm
       197379 ff1877cc078406b8542e27363ff47bb4
   libxml-devel-1.8.17-3.i586.rpm
       267417 6140caa6998d3b6dab87e9da1600f394

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   libxml-1.8.17-3.src.rpm
      1002313 efc0c920f2a1d03ba8290986af100c09

   Binary Packages
   Size : MD5

   libxml-1.8.17-3.i586.rpm
       197463 b94753d90641384139abc612ce92a603
   libxml-devel-1.8.17-3.i586.rpm
       267603 b925e86432763f2266455e6bbabc01c0

 <Turbolinux 10 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml-1.8.17-3.src.rpm
      1002313 d8873df37efe921a792fcb62919720e9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-1.8.17-3.i586.rpm
       208266 c8bdee5a3eb42c5a53d10f572df68903
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
       285035 7c78bfdda81835baf911362ebab11e36

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml-1.8.17-3.src.rpm
      1002313 95b1482d1e41c6e7ec8a23feb1f856c3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-1.8.17-3.i586.rpm
       208150 317a18fc61a84af641518856a976cc93
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
       285207 f3b283f1bb5ab4d2e0df616791b41568

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml-1.8.17-3.src.rpm
      1002313 b597b8284d425ed90f16e3b501c6e0f6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-1.8.17-3.i586.rpm
       197536 42bdd8f06b235dff2ed179975966717e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
       267740 b7c7bfa7870db1d07ab297a2fb489d9b

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml-1.8.17-3.src.rpm
      1002313 eda8c4d80ce75656cd4bb9872b144693

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-1.8.17-3.i586.rpm
       197510 4ecd20f98c08f1e57c83ad4afb91c5b6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
       267558 39820f6abe5ae9b97550c97df3dd1a1e

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml-1.8.14-2.src.rpm
       966346 53b518434c062a8c9fb669e03c11a7ec

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-1.8.14-2.i586.rpm
       189070 fbac2b8ab90a15a0bffcc99b0e93db23
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm
       254630 a9ac85fee62e78fdbc42ea439c68445a

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml-1.8.14-2.src.rpm
       966346 020e595b4f37e36fcd8163c702108309

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-1.8.14-2.i586.rpm
       189024 65e1c7e7d7970ac3a2c5bcb758bb5e62
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm
       254787 b4c33a50660d1031a1056ce691998394


 References:

 CVE
   [CAN-2004-0989]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989


===========================================================
* libxml2 -> Buffer overflow vulnerabilites exist in libxml2
===========================================================

 More information:
    The libxml2 library provides procedures for XML file manipulation.

    Multiple buffer overflow vulnerabilities have been discovered in libxml2.

 Impact:
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via malformed XML files.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u libxml2 libxml2-devel

 [other]
 # turbopkg
 or
 # zabom update libxml2 libxml2-devel
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   libxml2-2.4.22-3.src.rpm
      1546095 45e4878e24d9c3ea37a74e606b98b36b

   Binary Packages
   Size: MD5

   libxml2-2.4.22-3.i586.rpm
       348726 3536b4e41bfcbe790bddb71dcbe82454
   libxml2-devel-2.4.22-3.i586.rpm
       672112 35415f29d7bb3bb37bdc64551f2bb39b
   libxml2-python-2.4.22-3.i586.rpm
       119866 92be4a854e5eae388387f5b6992bf1a3

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   libxml2-2.4.22-3.src.rpm
      1546095 c3c1b644325030da4be5f88773c5e62b

   Binary Packages
   Size: MD5

   libxml2-2.4.22-3.i586.rpm
       348918 6a37a0890286bd39c8cbdcea39e80bb1
   libxml2-devel-2.4.22-3.i586.rpm
       673104 08c514e9ff536f3abddfbd37b47640f0
   libxml2-python-2.4.22-3.i586.rpm
       120058 e26e9e2fc43a91c3945440458d9ef2db

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml2-2.6.11-3.src.rpm
      3676235 c83ca34b6b043df8bdbf71074a01d8ad

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-2.6.11-3.i586.rpm
       931885 e0c079d1fced4b79406d8137f7ae51cb
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-debug-2.6.11-3.i586.rpm
      1261976 e56ed4aafbc708d5b82cbd7420dc3688
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-devel-2.6.11-3.i586.rpm
      1833564 c4fa232aa88a3a9ad8e6599674eb5215
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-python-2.6.11-3.i586.rpm
       219714 975a999a695a80addc291c9a086f6c70

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml2-2.6.2-3.src.rpm
      2494574 5074efa52a7b7fbb048d32195e939072

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-2.6.2-3.i586.rpm
       513161 3fdaa041b1f0b43edf73478314ef17da
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-devel-2.6.2-3.i586.rpm
      1068458 2d3f0d198946eeccf3a43c4ca56ed87c

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml2-2.4.22-3.src.rpm
      1546095 8c4bd8f791a125332e4a88095c33799c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-2.4.22-3.i586.rpm
       348792 e6562126f8981e907a75ef3a2da69873
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-devel-2.4.22-3.i586.rpm
       672844 987ab841df3e43eca6c4512a0507e8df
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-python-2.4.22-3.i586.rpm
       119991 50216a9da56ed1f136ac8954152d6599

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml2-2.4.19-3.src.rpm
      1935708 338be398b6817e3dad7a6cb96847c930

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-2.4.19-3.i586.rpm
       343441 8be8c1ada3f99ea2098874d66840ec3a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-devel-2.4.19-3.i586.rpm
       648314 32d33253943c3a1f40ba9c90df74c2e2
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-python-2.4.19-3.i586.rpm
       118291 7627209852457adfad6f41e7ef715655

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm
      2499363 16ed867be21e9d3cdfb329939e652019

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm
       388291 5f063aebeba773a4303f30bd7d70c468
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm
       971341 e83302e5593a0903362078f2288ba90e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm
       155374 ab3939602ce9d4ec7fcbb303680c22ea

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm
      2499363 818aea961b5deab575384742a7012a59

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm
       388163 f37ef635700f96e2125ce4c7e0e043db
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm
       971519 9214c44cf80e7ae6bd218aacbaaa8ce7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm
       155359 7d0e098faaf3884eec9332ba6773160f


 References:

 CVE
   [CAN-2004-0989]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update/

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB9zQYK0LzjOqIJMwRAr5BAJ9JOt4iq0/Mbpx0sXQKrF6tLA6yrgCfU3uP
epQkEOA/b94qKfvU9DQ8KRg=
=SJsL
-----END PGP SIGNATURE-----





Powered by blists - more mailing lists