| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501261509.35418.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 26/Jan/2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 26/Jan/2005
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) ImageMagick -> Buffer overflow
(2) a2ps -> File name sanitization issue allows arbitrary command execution
(3) gzip -> Possible symlink attack may allow arbitrary file overwriting
(4) iptables -> The iptables module is not loaded by default
(5) libxml -> Buffer overflow vulnerabilites exist in libxml
(6) libxml2 -> Buffer overflow vulnerabilites exist in libxml2
===========================================================
* ImageMagick -> Buffer overflow
===========================================================
More information:
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
Photo CD image file formats.
Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
attackers to execute arbitrary code via a malformed image or video file.
Impact:
The vulnerability can allows remote attackers to execute arbitrary code via a certain image file.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turboupdate
or
# zabom -u mageMagick ImageMagick-devel
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm
7511941 17adae3379d5fe2d2c8d0cc7ee8d2b56
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm
4363797 68a19b63569e6a59595b2d945d5e7237
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-c++-6.0.5-6.i586.rpm
306696 c03cb913e8741f3af87fd443bc307404
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm
786243 70452d358cb3bf7d0df592561e7c7da4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-perl-6.0.5-6.i586.rpm
73904 f899a6e397e9d1b67d8f9282a3756a3e
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm
7511941 2b293d79210909e845b1ca1536016b48
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm
4370606 a25ae2ba0ebd7ed3f04911c2ba45a411
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm
784965 30175afd0bc34e8c46ba487539b926b7
References:
CVE
[CAN-2004-0981]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
===========================================================
* a2ps -> File name sanitization issue allows arbitrary command execution
===========================================================
More information:
a2ps is a text to PostScript filter with pretty-printing capabilities.
Vulnerabilities in a2ps can allow remote attackers to execute arbitrary
commands by placing shell metacharacters in filenames.
Impact:
An attacker can cause arbitrary shell commands to be executed by a2ps.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u a2ps
[other]
# turbopkg
or
# zabom update a2ps
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 0dec4f3618d7e32b0687d76213fb92df
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/a2ps-4.13-9.i586.rpm
965274 a3d79d28a78bdd732b474ab77e8d4688
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 c35e3b9d7363517dde3e9a32dfa067ea
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/a2ps-4.13-9.i586.rpm
688661 56e6872b9138ce795824524e2a34d196
<Turbolinux 8 Server>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 3223869042a6ea7eed654cac2143686f
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/a2ps-4.13-9.i586.rpm
689304 f99ce2a2d1a06bc8faafeed2d7601c8b
<Turbolinux 8 Workstation>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 c965972eedc095def78b7d82083a8517
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/a2ps-4.13-9.i586.rpm
689678 c3d17ecf390ed87469295fa91099ceeb
<Turbolinux 7 Server>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 3ab202306117826905ed8ccad1ba6620
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/a2ps-4.13-9.i586.rpm
678614 ecf1ddf66639409b320756ac3226c9f6
<Turbolinux 7 Workstation>
Source Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/a2ps-4.13-9.src.rpm
1987071 fccba4d124c8af048daa1162d772b21d
Binary Packages
size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/a2ps-4.13-9.i586.rpm
678336 4c78ac597a79b1523f80cd5f87fd76f8
References:
CVE
[CAN-2004-1170]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170
===========================================================
* gzip -> Possible symlink attack may allow arbitrary file overwriting
===========================================================
More information:
gzip is a compression utility designed to be a replacement for compress.
A vulnerability in the manner in which gzip handles temporary files
could allow local users to overwrite arbitrary files via a symlink attack.
Impact:
This vulerability may allow local users to overwrite arbitrary files
via a symbolic link attack.
Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u gzip
[other]
# turbopkg
or
# zabom update gzip
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
gzip-1.3.3-5.src.rpm
330678 0b4aeb40c5791cb69e7f889624f649ce
Binary Packages
Size : MD5
gzip-1.3.3-5.i586.rpm
96268 56021edc714862f99b36d35a862a249e
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
gzip-1.3.3-5.src.rpm
330678 bda93bc97f98b6b64a88618b2522fe7b
Binary Packages
Size : MD5
gzip-1.3.3-5.i586.rpm
96425 54c5f4f79161110b2e1e593a78572e74
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 ba5f93e1f166fbd28ec09d511c158660
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gzip-1.3.3-5.i586.rpm
97741 5fc0e455c2aa615ec07f887fa550f922
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 cd2e575c7712a6707a5f251d6860294d
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gzip-1.3.3-5.i586.rpm
97867 555cbc0ef8c85b65ec213173b5b97a6f
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 6882ac6a387053736e57d8710fb5e4e8
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gzip-1.3.3-5.i586.rpm
96459 0b494d773435cc8318005f11b5f6d3e5
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 3ecc8d56bce9d3952ac8107640e760dc
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/gzip-1.3.3-5.i586.rpm
96430 36a89d5a23778a8f5e23292645b3837a
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 7694ead88f8ec5d357723810fa7682f7
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gzip-1.3.3-5.i586.rpm
95347 88a3663e794481891caa4cd54adbe526
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/gzip-1.3.3-5.src.rpm
330678 ba1efebdc5263f3bc42df4ba04b15869
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/gzip-1.3.3-5.i586.rpm
95474 a1ca43139819e82d33b9cbf89af1b1d7
References:
CVE
[CAN-2004-0970]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0970
===========================================================
* iptables -> The iptables module is not loaded by default
===========================================================
More information:
The iptables module is part of a framework within the Linux kernel enabling
packet filtering and network addresss and port translation.
The iptables module allows you to set up firewalls, IP masquerading, etc.
Under certain conditions, at system startup, the iptables module does
not properly load other required kernel modules.
Impact:
This vulnerability may cause some firewall rules to not be enabled.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u iptables iptables-ipv6
[other]
# turbopkg
or
# zabom update iptables iptables-ipv6
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/iptables-1.2.11-3.src.rpm
171392 f8d209c404a0c80a1cb39769b0dd0752
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-1.2.11-3.i586.rpm
128949 18665c1391bcacc008b42f878ba8bf66
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-ipv6-1.2.11-3.i586.rpm
86570 31a0bee5bdf37f815415cb4497ffccc2
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/iptables-1.2.5-6.src.rpm
249503 db14fb59045bf441b3b29ce441ecafb4
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-1.2.5-6.i586.rpm
112221 cde32d0ebb914aa24b5b701138944166
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
43308 769ab23520744ecec5c18eb46a18713f
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/iptables-1.2.5-6.src.rpm
249503 2793cddd92d0a4d46fa16044a3b1bbd5
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-1.2.5-6.i586.rpm
112368 97b59758bad5e851add2eb910e5f1509
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
43544 29cbe3100477c7794167ac5159a92ee1
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/iptables-1.2.5-6.src.rpm
249503 662423ea544c38fbb0b1673ce4f26191
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-1.2.5-6.i586.rpm
112279 3f0ed78324c4bfd83f57058485d55f54
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
43528 87ddac3e83341e365a23df157f149805
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/iptables-1.2.5-6.src.rpm
249503 90eea0042084c29924d3fe3a699bf4be
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-1.2.5-6.i586.rpm
108811 2c12ce067ffbad17752497d1995bbd0b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
42332 732477a482bf315c41a88a7b03554b56
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/iptables-1.2.5-6.src.rpm
249503 672e50ae6dd331223ad640dd621e76a8
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-1.2.5-6.i586.rpm
108845 3e9364b62881492e087d932a355a05dd
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm
42300 3a9eac9ded16f9076d70cbec2b149880
References:
CVE
[CAN-2004-0986]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986
===========================================================
* libxml -> Buffer overflow vulnerabilites exist in libxml
===========================================================
More information:
The libxml library provides procedures for XML file manipulation.
Multiple buffer overflow vulnerabilities have been discovered in libxml.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed XML files.
Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u libxml libxml-devel
[other]
# turbopkg
or
# zabom update libxml libxml-devel
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size : MD5
libxml-1.8.17-3.src.rpm
1002313 a221f0ae0340d529e37e77277cbc724b
Binary Packages
Size : MD5
libxml-1.8.17-3.i586.rpm
197379 ff1877cc078406b8542e27363ff47bb4
libxml-devel-1.8.17-3.i586.rpm
267417 6140caa6998d3b6dab87e9da1600f394
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size : MD5
libxml-1.8.17-3.src.rpm
1002313 efc0c920f2a1d03ba8290986af100c09
Binary Packages
Size : MD5
libxml-1.8.17-3.i586.rpm
197463 b94753d90641384139abc612ce92a603
libxml-devel-1.8.17-3.i586.rpm
267603 b925e86432763f2266455e6bbabc01c0
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml-1.8.17-3.src.rpm
1002313 d8873df37efe921a792fcb62919720e9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-1.8.17-3.i586.rpm
208266 c8bdee5a3eb42c5a53d10f572df68903
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
285035 7c78bfdda81835baf911362ebab11e36
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml-1.8.17-3.src.rpm
1002313 95b1482d1e41c6e7ec8a23feb1f856c3
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-1.8.17-3.i586.rpm
208150 317a18fc61a84af641518856a976cc93
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
285207 f3b283f1bb5ab4d2e0df616791b41568
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml-1.8.17-3.src.rpm
1002313 b597b8284d425ed90f16e3b501c6e0f6
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-1.8.17-3.i586.rpm
197536 42bdd8f06b235dff2ed179975966717e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
267740 b7c7bfa7870db1d07ab297a2fb489d9b
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml-1.8.17-3.src.rpm
1002313 eda8c4d80ce75656cd4bb9872b144693
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-1.8.17-3.i586.rpm
197510 4ecd20f98c08f1e57c83ad4afb91c5b6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm
267558 39820f6abe5ae9b97550c97df3dd1a1e
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml-1.8.14-2.src.rpm
966346 53b518434c062a8c9fb669e03c11a7ec
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-1.8.14-2.i586.rpm
189070 fbac2b8ab90a15a0bffcc99b0e93db23
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm
254630 a9ac85fee62e78fdbc42ea439c68445a
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml-1.8.14-2.src.rpm
966346 020e595b4f37e36fcd8163c702108309
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-1.8.14-2.i586.rpm
189024 65e1c7e7d7970ac3a2c5bcb758bb5e62
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm
254787 b4c33a50660d1031a1056ce691998394
References:
CVE
[CAN-2004-0989]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
===========================================================
* libxml2 -> Buffer overflow vulnerabilites exist in libxml2
===========================================================
More information:
The libxml2 library provides procedures for XML file manipulation.
Multiple buffer overflow vulnerabilities have been discovered in libxml2.
Impact:
These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed XML files.
Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u libxml2 libxml2-devel
[other]
# turbopkg
or
# zabom update libxml2 libxml2-devel
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
libxml2-2.4.22-3.src.rpm
1546095 45e4878e24d9c3ea37a74e606b98b36b
Binary Packages
Size: MD5
libxml2-2.4.22-3.i586.rpm
348726 3536b4e41bfcbe790bddb71dcbe82454
libxml2-devel-2.4.22-3.i586.rpm
672112 35415f29d7bb3bb37bdc64551f2bb39b
libxml2-python-2.4.22-3.i586.rpm
119866 92be4a854e5eae388387f5b6992bf1a3
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size: MD5
libxml2-2.4.22-3.src.rpm
1546095 c3c1b644325030da4be5f88773c5e62b
Binary Packages
Size: MD5
libxml2-2.4.22-3.i586.rpm
348918 6a37a0890286bd39c8cbdcea39e80bb1
libxml2-devel-2.4.22-3.i586.rpm
673104 08c514e9ff536f3abddfbd37b47640f0
libxml2-python-2.4.22-3.i586.rpm
120058 e26e9e2fc43a91c3945440458d9ef2db
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml2-2.6.11-3.src.rpm
3676235 c83ca34b6b043df8bdbf71074a01d8ad
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-2.6.11-3.i586.rpm
931885 e0c079d1fced4b79406d8137f7ae51cb
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-debug-2.6.11-3.i586.rpm
1261976 e56ed4aafbc708d5b82cbd7420dc3688
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-devel-2.6.11-3.i586.rpm
1833564 c4fa232aa88a3a9ad8e6599674eb5215
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-python-2.6.11-3.i586.rpm
219714 975a999a695a80addc291c9a086f6c70
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml2-2.6.2-3.src.rpm
2494574 5074efa52a7b7fbb048d32195e939072
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-2.6.2-3.i586.rpm
513161 3fdaa041b1f0b43edf73478314ef17da
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-devel-2.6.2-3.i586.rpm
1068458 2d3f0d198946eeccf3a43c4ca56ed87c
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml2-2.4.22-3.src.rpm
1546095 8c4bd8f791a125332e4a88095c33799c
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-2.4.22-3.i586.rpm
348792 e6562126f8981e907a75ef3a2da69873
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-devel-2.4.22-3.i586.rpm
672844 987ab841df3e43eca6c4512a0507e8df
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-python-2.4.22-3.i586.rpm
119991 50216a9da56ed1f136ac8954152d6599
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml2-2.4.19-3.src.rpm
1935708 338be398b6817e3dad7a6cb96847c930
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-2.4.19-3.i586.rpm
343441 8be8c1ada3f99ea2098874d66840ec3a
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-devel-2.4.19-3.i586.rpm
648314 32d33253943c3a1f40ba9c90df74c2e2
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-python-2.4.19-3.i586.rpm
118291 7627209852457adfad6f41e7ef715655
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm
2499363 16ed867be21e9d3cdfb329939e652019
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm
388291 5f063aebeba773a4303f30bd7d70c468
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm
971341 e83302e5593a0903362078f2288ba90e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm
155374 ab3939602ce9d4ec7fcbb303680c22ea
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm
2499363 818aea961b5deab575384742a7012a59
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm
388163 f37ef635700f96e2125ce4c7e0e043db
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm
971519 9214c44cf80e7ae6bd218aacbaaa8ce7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm
155359 7d0e098faaf3884eec9332ba6773160f
References:
CVE
[CAN-2004-0989]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update/
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB9zQYK0LzjOqIJMwRAr5BAJ9JOt4iq0/Mbpx0sXQKrF6tLA6yrgCfU3uP
epQkEOA/b94qKfvU9DQ8KRg=
=SJsL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists