Full Disclosure mailing list archives
[TURBOLINUX SECURITY INFO] 28/Nov/2003
From: Turbolinux <security-announce () turbolinux co jp>
Date: Fri, 28 Nov 2003 20:41:46 +0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 28/Nov/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) fileutils -> ls vulnerabilities (2) fetchmail -> DoS vulnerability in fetchmail (3) postgresql -> Buffer overflow (4) cups -> cups denial of service attack (5) ethereal -> Multiple vulnerabilities in ethereal =========================================================== * fileutils -> ls vulnerabilities =========================================================== More information : The fileutils package contains several basic system utilities. An integer overflow in ls in the fileutils or causes a great memory consumption. Impact : The remote or local attackers can create a denial of service condition. Affected Products : - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. <Turbolinux 10 Desktop> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/fileutils-4.1.10-6.src.rpm 1727184 9ea15c9c0c48e2b387708c75be2d2389 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/fileutils-4.1.10-6.i586.rpm 846279 1e992678f1cdadde9b3a6264ce06d70c <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 425095b282c96b01bf4aa1c0ec1f4949 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/fileutils-4.0.33-15.i586.rpm 487915 35c55eca885950de707faea85b185479 <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 4ace5e2a77097a3d319c0cd976aae1d1 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/fileutils-4.0.33-15.i586.rpm 487865 db5554c66d3ab84b2c01e959756c4c33 <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 58143feac4a957fe47c8afee9a25debf Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/fileutils-4.0.33-15.i586.rpm 482453 bace1f6e1eb472e108235f4b6a2c6f12 <Turbolinux 7 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 03f9e95e442293a60e038200735ac8f1 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/fileutils-4.0.33-15.i586.rpm 482353 f7d252fc559f986ac8481036df9f0a72 <Turbolinux Server 6.5> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 033abc2f9d4229e0a16e2a72f046dc15 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/fileutils-4.0.33-15.i386.rpm 682431 78937fd3a3845c3ad713cee3b1f68ae3 <Turbolinux Advanced Server 6> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 fe753768335ffaabbbd4c462c1a2a383 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/fileutils-4.0.33-15.i386.rpm 682456 37fd3684b2dfc52d939fa09a1d90cc58 <Turbolinux Server 6.1> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 29bf8628bf52542c7702ec5aedb3b4b5 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/fileutils-4.0.33-15.i386.rpm 682483 6087c37f157dbd21912b1ed77076f7ce <Turbolinux Workstation 6.0> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/fileutils-4.0.33-15.src.rpm 1851066 09c0d7b4b1f1281c186f56b6fd584512 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/fileutils-4.0.33-15.i386.rpm 682416 bba966cfd0dea82139855a3cb33b60ab References : CVE [CAN-2003-0853] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853 [CAN-2003-0854] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854 =========================================================== * fetchmail -> DoS vulnerability in fetchmail =========================================================== More information : Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). A specific crafted email can cause the program to crash. Impact : The vulnerability allows an attacker to cause a denial of service of the fetchmail. Affected Products : - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. <Turbolinux 10 Desktop> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 2ba46dfdf878a780048107c8d6b0f862 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/fetchmail-6.2.5-1.i586.rpm 452080 2370e104c25fddfcf07fd4c748bb4b25 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/fetchmailconf-6.2.5-1.i586.rpm 26366 8385303e6b9426f173c8218a6c40a223 <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 bcbf4975e4ec2af7ff8b59f7b5453a9f Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/fetchmail-6.2.5-1.i586.rpm 449111 1129479fcf085f6a6101208317d7944f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/fetchmailconf-6.2.5-1.i586.rpm 25897 9c72296305ac255a94d0c68c1932fc05 <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 cf32d34e9f9421e2bf6751011e2f8fbe Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/fetchmail-6.2.5-1.i586.rpm 448059 23f9af17e4fb16debb8fe6392ae5f771 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/fetchmailconf-6.2.5-1.i586.rpm 25886 8420ccd9c17244eb212c87a808ddcd30 <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 c03d31d556ccdd1c1e7bb0cb7bc31246 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/fetchmail-6.2.5-1.i586.rpm 445580 7eb19e0cd9dfbba9b1c2dc9ffd1e4539 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/fetchmailconf-6.2.5-1.i586.rpm 25905 adfe41a2e00b498120c1dd252582c820 <Turbolinux 7 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 c61a8dbba1acf4c51636a47a84e08796 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/fetchmail-6.2.5-1.i586.rpm 445382 35fceb5095e25c7c2b25f9dccf5e7037 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/fetchmailconf-6.2.5-1.i586.rpm 25904 15829c7e9e2b0e88e29241aef91d4230 <Turbolinux Server 6.5> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 40b808a2b1b08bd0c7808dba3eb4eeaf Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/fetchmail-6.2.5-1.i386.rpm 571442 92ec9dd02da8b7a0c081a5d680997f71 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/fetchmailconf-6.2.5-1.i386.rpm 27318 41cb10d029acd23b260228df389975d7 <Turbolinux Advanced Server 6> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 0ba8cf9f2719b4cd50258f0e5bac4e8e Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/fetchmail-6.2.5-1.i386.rpm 571416 05e6abe980aa3496dd80e50e9ad535f5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/fetchmailconf-6.2.5-1.i386.rpm 27311 9df1c4312ca14486395104d38f5930c5 <Turbolinux Server 6.1> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 65982b5a43811be4a9f733ad6501c7a6 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/fetchmail-6.2.5-1.i386.rpm 571416 3561e31e3712082842db08ee9e049b40 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/fetchmailconf-6.2.5-1.i386.rpm 27322 6566854a22a2e92b5002f3b7412da999 <Turbolinux Workstation 6.0> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/fetchmail-6.2.5-1.src.rpm 1269769 3ceaaf8761bcf5c47f4b1237001d62a9 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/fetchmail-6.2.5-1.i386.rpm 571377 4f559a3da9da3dbcb821867054715a4f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/fetchmailconf-6.2.5-1.i386.rpm 27304 036d294e83abdd2cc6e3592b01e97eb5 References : CVE [CAN-2003-0792] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792 =========================================================== * postgresql -> Buffer overflow =========================================================== More information : PostgreSQL is an advanced Object-Relational database management system. Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x. The to_ascii() function is normally used to convert text from multibyte encoding format to ASCII. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server Solution : Please use turbopkg tool to apply the update. <Turbolinux 10 Desktop> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/postgresql-7.3-5.src.rpm 11495338 836c934d99bba25542b0c99c07d8a296 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-7.3-5.i586.rpm 1226938 ddfc913fd2006ddda86453a6468027ee ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-contrib-7.3-5.i586.rpm 688155 d23c421d3565747073a2a34468d8a2d0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-devel-7.3-5.i586.rpm 573306 4bc8aa5b838814863b8d70c83e89e9be ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-docs-7.3-5.i586.rpm 1074765 4f86e59952106cdd7628d1e0310ae488 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-libs-7.3-5.i586.rpm 588548 bd01af526c8f6d4258b5aa0f2f6b49be ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-odbc-7.3-5.i586.rpm 260682 0408ffa003b34feb0d2b5c03c7453881 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-perl-7.3-5.i586.rpm 4566745 9eaf2a0b7771584e8634bdd7e0b92e5a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-python-7.3-5.i586.rpm 121148 650d086c66c7d071b06f831d40dbcf99 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-server-7.3-5.i586.rpm 2518608 03afebd0663e03723bc8aa6c1cb0ee7e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-tcl-7.3-5.i586.rpm 182560 5e47c7701a10b9144cc79024f9d2b28d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-test-7.3-5.i586.rpm 909664 546db416154b2e800806ec234d9ab826 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/postgresql-tk-7.3-5.i586.rpm 21705 c5cc9222c5355acd673702a3c6365027 <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/postgresql-7.2.2-3.src.rpm 9601478 c6db4f032421a4b00527494c272013ef Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-7.2.2-3.i586.rpm 1072147 11c73b7e0ffa691fc2b7258a8566b116 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-contrib-7.2.2-3.i586.rpm 985483 309c028a0b281c218b05000c41c6df33 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-devel-7.2.2-3.i586.rpm 578722 6de530d2ce27e709d76ebed4c931e2ea ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-docs-7.2.2-3.i586.rpm 946973 e078cc7f4c19d2da64223eb04be43733 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-jdbc-7.2.2-3.i586.rpm 377965 f735a0374d7444919d850e2d8d333a93 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-libs-7.2.2-3.i586.rpm 86344 8d7060f4473b734b3b3f412ccaf6ec45 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-odbc-7.2.2-3.i586.rpm 109219 d303e21e0763d614232176957b63b4c8 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-perl-7.2.2-3.i586.rpm 59027 91d87b231f2927a68a2452f57878f2c4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-python-7.2.2-3.i586.rpm 66688 f9fa377e3238f8413b6ff80f8e1d282f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-server-7.2.2-3.i586.rpm 1334072 9e9b24ed99e8bb2b9aef9f7a5c022ff5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-tcl-7.2.2-3.i586.rpm 50095 f2b4fdb60491c96057b3d264ff4ab84b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-test-7.2.2-3.i586.rpm 863196 75e1447eead25ddeb5518f3af43f7245 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/postgresql-tk-7.2.2-3.i586.rpm 423709 819a07e6552e3b8085fa98ec8d894181 <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/postgresql-7.2.2-3.src.rpm 9601478 97a1f775e848d520dc73abb4a76bf687 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-7.2.2-3.i586.rpm 1071785 b2e8183f87e7caef4f35443121c7c39b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-contrib-7.2.2-3.i586.rpm 984120 797bffe97017ab99f51d9de2dd129a5b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-devel-7.2.2-3.i586.rpm 579622 8cc936704a3f438f9e8aac5b278a4c46 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-docs-7.2.2-3.i586.rpm 946248 277873ffdbf8774b5f6b09d560aee85b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-jdbc-7.2.2-3.i586.rpm 377968 3847264ae014919d620a3d646d6665f3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-libs-7.2.2-3.i586.rpm 86321 5538c8f28fa2bd1fb3bfedff47fc8863 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-odbc-7.2.2-3.i586.rpm 109197 506b3ce35043e2a2b75104cdc6e1159c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-perl-7.2.2-3.i586.rpm 59049 7a274d4015ce7eee189030842976cabc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-python-7.2.2-3.i586.rpm 66605 fa801df563e9d5bed756b8ebbdb9dac2 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-server-7.2.2-3.i586.rpm 1333386 64fd9ff25e8d3c8f7792280c27ebe86c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-tcl-7.2.2-3.i586.rpm 50104 c704ba6a835826c5ae0b0981fea8ce91 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-test-7.2.2-3.i586.rpm 863147 cb9cd4bbbd2bd7c3341ac420ff5cc992 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/postgresql-tk-7.2.2-3.i586.rpm 423857 3937fe09cf866ae88c4edc01a8ec9b57 <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/postgresql-7.2.2-3.src.rpm 9601478 9ae436f96891146aadb9db6bbe47f813 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-7.2.2-3.i586.rpm 1068712 b1099afb2f160bf305de570afa5462e0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-contrib-7.2.2-3.i586.rpm 979496 883381de89051aae17367ca2b1112c07 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-devel-7.2.2-3.i586.rpm 567973 a5bb5eab9a3759e9ab80b734a5c4de64 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-docs-7.2.2-3.i586.rpm 946794 acecf16d7a9ce0e8afcb170f5a8657a9 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-jdbc-7.2.2-3.i586.rpm 378029 39eed9dbd8da9b24bc85a64f03645f1f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-libs-7.2.2-3.i586.rpm 84212 c419aafd6a7fd33c4488cd3015cc0543 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-odbc-7.2.2-3.i586.rpm 106819 0c7c9993398fd040da4be01a4a02a585 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-perl-7.2.2-3.i586.rpm 86879 fdd5fbf2cd7e0eb04b07a5288efe49fa ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-python-7.2.2-3.i586.rpm 66191 a7aa70b8ccd17055379f7a64f091df39 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-server-7.2.2-3.i586.rpm 1309390 8fd0192c22817f00b3b5ba8db19912ee ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-tcl-7.2.2-3.i586.rpm 50458 3ae4d3e405075ebf1f1699872fb38446 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-test-7.2.2-3.i586.rpm 863058 59edd764413f280362411d4817e1cb49 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/postgresql-tk-7.2.2-3.i586.rpm 423942 1f06f11e81651dc049fe0fc040121c34 References : CVE [CAN-2003-0901] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0901 =========================================================== * cups -> cups denial of service attack =========================================================== More information : The CUPS (Common UNIX Printing System) provides a portable printing layer for UNIX/Linux operating systems. Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS version prior to 1.1.19. Impact : The vulnerability allows remote attackers to cause a denial of service. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation Solution : Please use turbopkg tool to apply the update. <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cups-1.1.19-11.src.rpm 4190239 fa2296374166017e3d5884b317e82020 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-1.1.19-11.i586.rpm 2494947 171a683f9a2eecdf0e002fcc22d2ca01 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-devel-1.1.19-11.i586.rpm 114655 27da64cd9a96bfc554701f834f40e56a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-libs-1.1.19-11.i586.rpm 92327 c0b65479d953b859c7049cbb5999e263 <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/cups-1.1.19-11.src.rpm 4190239 6cdf69eeae8c99fa5c8fab23aa2a706f Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-1.1.19-11.i586.rpm 2496076 34a2f0257043f0ba95be6668f49d56f2 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-devel-1.1.19-11.i586.rpm 114688 ec848f27af3b449b31f40bc14df0d525 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-libs-1.1.19-11.i586.rpm 92332 c93aada2dc65495c648ae28f368ad347 References : CUPS org http://www.cups.org/str.php?L315+P0+S0+C0+I0+E0+Q CVE [CAN-2003-0788] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0788 =========================================================== * ethereal -> Multiple vulnerabilities in ethereal =========================================================== More information : Ethereal is a network traffic analyzer for Unix-ish operating systems. An improperly formatted GTP MSISDN string can cause a buffer overflow. A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash. Also a heap overflow exists in the SOCKS dissector. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux 10 Desktop Solution : Please use turbopkg tool to apply the update. <Turbolinux 10 Desktop> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ethereal-0.9.16-1.src.rpm 5402047 038d0adf5efd837e75e75b08704788e1 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ethereal-0.9.16-1.i586.rpm 5404979 9ce02ed8b6af7e6ae7a5e7a50054a137 References : Ethereal.com [Security problems in Ethereal 0.9.15] http://www.ethereal.com/appnotes/enpa-sa-00011.html CVE [CAN-2003-0925] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0925 [CAN-2003-0926] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0926 [CAN-2003-0927] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0927 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <supp_info () turbolinux co jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xzR9K0LzjOqIJMwRAl0XAJ9zQQGVRk0Gir9msPIXhpNwpkqjXwCfVnHp qM/9RRV4BwuEXp0jbJYpJiI= =H51o -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [TURBOLINUX SECURITY INFO] 28/Nov/2003 Turbolinux (Nov 28)