From security-announce@turbolinux.co.jp Wed Jan 26 06:44:02 2005 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 26 Jan 2005 15:09:23 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 26/Jan/2005 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 26/Jan/2005 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) ImageMagick -> Buffer overflow (2) a2ps -> File name sanitization issue allows arbitrary command execution (3) gzip -> Possible symlink attack may allow arbitrary file overwriting (4) iptables -> The iptables module is not loaded by default (5) libxml -> Buffer overflow vulnerabilites exist in libxml (6) libxml2 -> Buffer overflow vulnerabilites exist in libxml2 =========================================================== * ImageMagick -> Buffer overflow =========================================================== More information: ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and Photo CD image file formats. Multiple buffer overflow vulnerabilities in ImageMagick allowing remote attackers to execute arbitrary code via a malformed image or video file. Impact: The vulnerability can allows remote attackers to execute arbitrary code via a certain image file. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- # turboupdate or # zabom -u mageMagick ImageMagick-devel --------------------------------------------- Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm 7511941 17adae3379d5fe2d2c8d0cc7ee8d2b56 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm 4363797 68a19b63569e6a59595b2d945d5e7237 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-c++-6.0.5-6.i586.rpm 306696 c03cb913e8741f3af87fd443bc307404 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm 786243 70452d358cb3bf7d0df592561e7c7da4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ImageMagick-perl-6.0.5-6.i586.rpm 73904 f899a6e397e9d1b67d8f9282a3756a3e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-6.0.5-6.src.rpm 7511941 2b293d79210909e845b1ca1536016b48 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-6.0.5-6.i586.rpm 4370606 a25ae2ba0ebd7ed3f04911c2ba45a411 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-6.0.5-6.i586.rpm 784965 30175afd0bc34e8c46ba487539b926b7 References: CVE [CAN-2004-0981] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981 =========================================================== * a2ps -> File name sanitization issue allows arbitrary command execution =========================================================== More information: a2ps is a text to PostScript filter with pretty-printing capabilities. Vulnerabilities in a2ps can allow remote attackers to execute arbitrary commands by placing shell metacharacters in filenames. Impact: An attacker can cause arbitrary shell commands to be executed by a2ps. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u a2ps [other] # turbopkg or # zabom update a2ps --------------------------------------------- Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 0dec4f3618d7e32b0687d76213fb92df Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/a2ps-4.13-9.i586.rpm 965274 a3d79d28a78bdd732b474ab77e8d4688 Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 c35e3b9d7363517dde3e9a32dfa067ea Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/a2ps-4.13-9.i586.rpm 688661 56e6872b9138ce795824524e2a34d196 Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 3223869042a6ea7eed654cac2143686f Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/a2ps-4.13-9.i586.rpm 689304 f99ce2a2d1a06bc8faafeed2d7601c8b Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 c965972eedc095def78b7d82083a8517 Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/a2ps-4.13-9.i586.rpm 689678 c3d17ecf390ed87469295fa91099ceeb Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 3ab202306117826905ed8ccad1ba6620 Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/a2ps-4.13-9.i586.rpm 678614 ecf1ddf66639409b320756ac3226c9f6 Source Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/a2ps-4.13-9.src.rpm 1987071 fccba4d124c8af048daa1162d772b21d Binary Packages size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/a2ps-4.13-9.i586.rpm 678336 4c78ac597a79b1523f80cd5f87fd76f8 References: CVE [CAN-2004-1170] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170 =========================================================== * gzip -> Possible symlink attack may allow arbitrary file overwriting =========================================================== More information: gzip is a compression utility designed to be a replacement for compress. A vulnerability in the manner in which gzip handles temporary files could allow local users to overwrite arbitrary files via a symlink attack. Impact: This vulerability may allow local users to overwrite arbitrary files via a symbolic link attack. Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u gzip [other] # turbopkg or # zabom update gzip --------------------------------------------- Source Packages Size : MD5 gzip-1.3.3-5.src.rpm 330678 0b4aeb40c5791cb69e7f889624f649ce Binary Packages Size : MD5 gzip-1.3.3-5.i586.rpm 96268 56021edc714862f99b36d35a862a249e Source Packages Size : MD5 gzip-1.3.3-5.src.rpm 330678 bda93bc97f98b6b64a88618b2522fe7b Binary Packages Size : MD5 gzip-1.3.3-5.i586.rpm 96425 54c5f4f79161110b2e1e593a78572e74 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 ba5f93e1f166fbd28ec09d511c158660 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gzip-1.3.3-5.i586.rpm 97741 5fc0e455c2aa615ec07f887fa550f922 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 cd2e575c7712a6707a5f251d6860294d Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gzip-1.3.3-5.i586.rpm 97867 555cbc0ef8c85b65ec213173b5b97a6f Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 6882ac6a387053736e57d8710fb5e4e8 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gzip-1.3.3-5.i586.rpm 96459 0b494d773435cc8318005f11b5f6d3e5 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 3ecc8d56bce9d3952ac8107640e760dc Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/gzip-1.3.3-5.i586.rpm 96430 36a89d5a23778a8f5e23292645b3837a Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 7694ead88f8ec5d357723810fa7682f7 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gzip-1.3.3-5.i586.rpm 95347 88a3663e794481891caa4cd54adbe526 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/gzip-1.3.3-5.src.rpm 330678 ba1efebdc5263f3bc42df4ba04b15869 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/gzip-1.3.3-5.i586.rpm 95474 a1ca43139819e82d33b9cbf89af1b1d7 References: CVE [CAN-2004-0970] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0970 =========================================================== * iptables -> The iptables module is not loaded by default =========================================================== More information: The iptables module is part of a framework within the Linux kernel enabling packet filtering and network addresss and port translation. The iptables module allows you to set up firewalls, IP masquerading, etc. Under certain conditions, at system startup, the iptables module does not properly load other required kernel modules. Impact: This vulnerability may cause some firewall rules to not be enabled. Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u iptables iptables-ipv6 [other] # turbopkg or # zabom update iptables iptables-ipv6 --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/iptables-1.2.11-3.src.rpm 171392 f8d209c404a0c80a1cb39769b0dd0752 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-1.2.11-3.i586.rpm 128949 18665c1391bcacc008b42f878ba8bf66 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/iptables-ipv6-1.2.11-3.i586.rpm 86570 31a0bee5bdf37f815415cb4497ffccc2 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/iptables-1.2.5-6.src.rpm 249503 db14fb59045bf441b3b29ce441ecafb4 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-1.2.5-6.i586.rpm 112221 cde32d0ebb914aa24b5b701138944166 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm 43308 769ab23520744ecec5c18eb46a18713f Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/iptables-1.2.5-6.src.rpm 249503 2793cddd92d0a4d46fa16044a3b1bbd5 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-1.2.5-6.i586.rpm 112368 97b59758bad5e851add2eb910e5f1509 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm 43544 29cbe3100477c7794167ac5159a92ee1 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/iptables-1.2.5-6.src.rpm 249503 662423ea544c38fbb0b1673ce4f26191 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-1.2.5-6.i586.rpm 112279 3f0ed78324c4bfd83f57058485d55f54 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm 43528 87ddac3e83341e365a23df157f149805 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/iptables-1.2.5-6.src.rpm 249503 90eea0042084c29924d3fe3a699bf4be Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-1.2.5-6.i586.rpm 108811 2c12ce067ffbad17752497d1995bbd0b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm 42332 732477a482bf315c41a88a7b03554b56 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/iptables-1.2.5-6.src.rpm 249503 672e50ae6dd331223ad640dd621e76a8 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-1.2.5-6.i586.rpm 108845 3e9364b62881492e087d932a355a05dd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/iptables-ipv6-1.2.5-6.i586.rpm 42300 3a9eac9ded16f9076d70cbec2b149880 References: CVE [CAN-2004-0986] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986 =========================================================== * libxml -> Buffer overflow vulnerabilites exist in libxml =========================================================== More information: The libxml library provides procedures for XML file manipulation. Multiple buffer overflow vulnerabilities have been discovered in libxml. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed XML files. Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u libxml libxml-devel [other] # turbopkg or # zabom update libxml libxml-devel --------------------------------------------- Source Packages Size : MD5 libxml-1.8.17-3.src.rpm 1002313 a221f0ae0340d529e37e77277cbc724b Binary Packages Size : MD5 libxml-1.8.17-3.i586.rpm 197379 ff1877cc078406b8542e27363ff47bb4 libxml-devel-1.8.17-3.i586.rpm 267417 6140caa6998d3b6dab87e9da1600f394 Source Packages Size : MD5 libxml-1.8.17-3.src.rpm 1002313 efc0c920f2a1d03ba8290986af100c09 Binary Packages Size : MD5 libxml-1.8.17-3.i586.rpm 197463 b94753d90641384139abc612ce92a603 libxml-devel-1.8.17-3.i586.rpm 267603 b925e86432763f2266455e6bbabc01c0 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml-1.8.17-3.src.rpm 1002313 d8873df37efe921a792fcb62919720e9 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-1.8.17-3.i586.rpm 208266 c8bdee5a3eb42c5a53d10f572df68903 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm 285035 7c78bfdda81835baf911362ebab11e36 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml-1.8.17-3.src.rpm 1002313 95b1482d1e41c6e7ec8a23feb1f856c3 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-1.8.17-3.i586.rpm 208150 317a18fc61a84af641518856a976cc93 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm 285207 f3b283f1bb5ab4d2e0df616791b41568 Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml-1.8.17-3.src.rpm 1002313 b597b8284d425ed90f16e3b501c6e0f6 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-1.8.17-3.i586.rpm 197536 42bdd8f06b235dff2ed179975966717e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm 267740 b7c7bfa7870db1d07ab297a2fb489d9b Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml-1.8.17-3.src.rpm 1002313 eda8c4d80ce75656cd4bb9872b144693 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-1.8.17-3.i586.rpm 197510 4ecd20f98c08f1e57c83ad4afb91c5b6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml-devel-1.8.17-3.i586.rpm 267558 39820f6abe5ae9b97550c97df3dd1a1e Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml-1.8.14-2.src.rpm 966346 53b518434c062a8c9fb669e03c11a7ec Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-1.8.14-2.i586.rpm 189070 fbac2b8ab90a15a0bffcc99b0e93db23 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm 254630 a9ac85fee62e78fdbc42ea439c68445a Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml-1.8.14-2.src.rpm 966346 020e595b4f37e36fcd8163c702108309 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-1.8.14-2.i586.rpm 189024 65e1c7e7d7970ac3a2c5bcb758bb5e62 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml-devel-1.8.14-2.i586.rpm 254787 b4c33a50660d1031a1056ce691998394 References: CVE [CAN-2004-0989] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989 =========================================================== * libxml2 -> Buffer overflow vulnerabilites exist in libxml2 =========================================================== More information: The libxml2 library provides procedures for XML file manipulation. Multiple buffer overflow vulnerabilities have been discovered in libxml2. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code via malformed XML files. Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home] # turbopkg or # zabom -u libxml2 libxml2-devel [other] # turbopkg or # zabom update libxml2 libxml2-devel --------------------------------------------- Source Packages Size: MD5 libxml2-2.4.22-3.src.rpm 1546095 45e4878e24d9c3ea37a74e606b98b36b Binary Packages Size: MD5 libxml2-2.4.22-3.i586.rpm 348726 3536b4e41bfcbe790bddb71dcbe82454 libxml2-devel-2.4.22-3.i586.rpm 672112 35415f29d7bb3bb37bdc64551f2bb39b libxml2-python-2.4.22-3.i586.rpm 119866 92be4a854e5eae388387f5b6992bf1a3 Source Packages Size: MD5 libxml2-2.4.22-3.src.rpm 1546095 c3c1b644325030da4be5f88773c5e62b Binary Packages Size: MD5 libxml2-2.4.22-3.i586.rpm 348918 6a37a0890286bd39c8cbdcea39e80bb1 libxml2-devel-2.4.22-3.i586.rpm 673104 08c514e9ff536f3abddfbd37b47640f0 libxml2-python-2.4.22-3.i586.rpm 120058 e26e9e2fc43a91c3945440458d9ef2db Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libxml2-2.6.11-3.src.rpm 3676235 c83ca34b6b043df8bdbf71074a01d8ad Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-2.6.11-3.i586.rpm 931885 e0c079d1fced4b79406d8137f7ae51cb ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-debug-2.6.11-3.i586.rpm 1261976 e56ed4aafbc708d5b82cbd7420dc3688 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-devel-2.6.11-3.i586.rpm 1833564 c4fa232aa88a3a9ad8e6599674eb5215 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libxml2-python-2.6.11-3.i586.rpm 219714 975a999a695a80addc291c9a086f6c70 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libxml2-2.6.2-3.src.rpm 2494574 5074efa52a7b7fbb048d32195e939072 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-2.6.2-3.i586.rpm 513161 3fdaa041b1f0b43edf73478314ef17da ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libxml2-devel-2.6.2-3.i586.rpm 1068458 2d3f0d198946eeccf3a43c4ca56ed87c Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libxml2-2.4.22-3.src.rpm 1546095 8c4bd8f791a125332e4a88095c33799c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-2.4.22-3.i586.rpm 348792 e6562126f8981e907a75ef3a2da69873 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-devel-2.4.22-3.i586.rpm 672844 987ab841df3e43eca6c4512a0507e8df ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libxml2-python-2.4.22-3.i586.rpm 119991 50216a9da56ed1f136ac8954152d6599 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libxml2-2.4.19-3.src.rpm 1935708 338be398b6817e3dad7a6cb96847c930 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-2.4.19-3.i586.rpm 343441 8be8c1ada3f99ea2098874d66840ec3a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-devel-2.4.19-3.i586.rpm 648314 32d33253943c3a1f40ba9c90df74c2e2 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libxml2-python-2.4.19-3.i586.rpm 118291 7627209852457adfad6f41e7ef715655 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm 2499363 16ed867be21e9d3cdfb329939e652019 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm 388291 5f063aebeba773a4303f30bd7d70c468 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm 971341 e83302e5593a0903362078f2288ba90e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm 155374 ab3939602ce9d4ec7fcbb303680c22ea Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libxml2-2.4.28-3.src.rpm 2499363 818aea961b5deab575384742a7012a59 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-2.4.28-3.i586.rpm 388163 f37ef635700f96e2125ce4c7e0e043db ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-devel-2.4.28-3.i586.rpm 971519 9214c44cf80e7ae6bd218aacbaaa8ce7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libxml2-python-2.4.28-3.i586.rpm 155359 7d0e098faaf3884eec9332ba6773160f References: CVE [CAN-2004-0989] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update/ ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB9zQYK0LzjOqIJMwRAr5BAJ9JOt4iq0/Mbpx0sXQKrF6tLA6yrgCfU3uP epQkEOA/b94qKfvU9DQ8KRg= =SJsL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html