| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 24/Feb/2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 24/Feb/2005
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) nasm -> Buffer overflow vulnerability exists in nasm
(2) xine-lib -> Buffer overflow vulnerabilities exist in xine-lib
(3) mc -> Multiple vulnerabilities exist in mc
===========================================================
* nasm -> Buffer overflow vulnerability exists in nasm
===========================================================
More information:
NASM is the Netwide Assembler, a free portable assembler for the Intel
80x86 microprocessor series, using primarily the traditional Intel
instruction mnemonics and syntax.
A buffer overflow vulnerability have been discovered in nasm.
Impact:
This vulnerabilities may allow attackers to execute arbitrary
code via malformed asm files.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux 8 Server
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home]
# turbopkg
or
# zabom -u nasm nasm-rdoff
[other]
# turbopkg
or
# zabom update nasm nasm-rdoff
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/nasm-0.98.34-5.src.rpm
1407396 8d0ab7c00a6838a3617d811245cbf8c7
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/nasm-0.98.34-5.i586.rpm
957230 8733a24a534a72207b0a7ae87b240740
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm
43934 99610ee6c61ac633f6a347cc3db5c737
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/nasm-0.98.34-5.src.rpm
1407396 7e1a561070b3a21411bc30887ccb3025
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/nasm-0.98.34-5.i586.rpm
958330 ed3cdd4e91cacc58afc8b496a20db11a
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm
44386 9ba85d2a9d103716724c792a5a05bffb
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/nasm-0.98.34-5.src.rpm
1407396 dbb44a16c331d59eb848a76874be4f40
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nasm-0.98.34-5.i586.rpm
838544 9f2f919d1ac94ec88fa69a5a2e6a88f1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm
43666 1bc4f4febc8de7a930f246df8bba6709
References:
CVE
[CAN-2004-1287]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287
===========================================================
* xine-lib -> Buffer overflow vulnerabilities exist in xine-lib
===========================================================
More information:
The xine engine is a free media player engine. It comes in the form of a shared
libarary and is typically used by media player frontends and other multimedia
applications for playback of multimedia streams such as movies, radio/tv
network streams, DVDs, VCDs.
Buffer overflow vulnerabilities have been discovered in the open_aiff_file
and pnm_get_chunk functions of xine-lib.
Impact:
These vulnerabilities may allow attackers to execute arbitrary
code via malformed multimedia files.
Affected Products:
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u xine-lib xine-lib-devel xine-lib-wmf
---------------------------------------------
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/xine-lib-1rc3c-12.src.rpm
6488660 45e60bc9403e1221fb08877a196e283f
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-1rc3c-12.i586.rpm
3415079 ab67dcc334283c07e8effdaf21d6dcf1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-devel-1rc3c-12.i586.rpm
380994 696900ec8a753043fcccd025392a4d65
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-wmf-1rc3c-12.i586.rpm
22218 0da543e61d19ff8aeba3452939d17cc8
References:
CVE
[CAN-2004-1187]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187
[CAN-2004-1188]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188
[CAN-2004-1300]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300
===========================================================
* mc -> Multiple vulnerabilities exist in mc
===========================================================
More information:
Midnight Commander is a visual shell much like a file manager, only with many more features.
Impact:
Please refer to the "References" section.
Affected Products:
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update mc
---------------------------------------------
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/mc-4.5.54-7.src.rpm
5031778 a468d3f6b37762eef7330220e323e637
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mc-4.5.54-7.i586.rpm
1212924 0b78b5e31b3d4bfcc4bf4077acc62ec3
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/mc-4.5.54-7.src.rpm
5031778 6e402a0b291a9bbe518bda846911d9e3
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mc-4.5.54-7.i586.rpm
1213355 3f07f6545c4c508ec7a7e3946e3e2d41
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/mc-4.5.54-7.src.rpm
5031778 d15b6adda6fa80e467c0f670ea07c696
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mc-4.5.54-7.i586.rpm
1206494 30c85664c55af8a14c5e356feea6d8a0
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/mc-4.5.54-7.src.rpm
5031778 e8d63890c07596713638d31338de0fb7
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mc-4.5.54-7.i586.rpm
1206064 eb96f4e80bb6035155413bdd67772523
References:
CVE
[CAN-2004-1004]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004
[CAN-2004-1005]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005
[CAN-2004-1009]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1009
[CAN-2004-1090]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1090
[CAN-2004-1091]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1091
[CAN-2004-1092]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1092
[CAN-2004-1093]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1093
[CAN-2004-1174]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1174
[CAN-2004-1175]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1175
[CAN-2004-1176]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update/
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFCHWvAK0LzjOqIJMwRAnUqAKCdaL1ClnbTZHmPkjQlGpJi6UadOACdFJBL
scP6a3r5PEYcu3PCSZeAmMY=
=eJXm
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists