Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[TURBOLINUX SECURITY INFO] 05/Oct/2004
From: Turbolinux <security-announce () turbolinux co jp>
Date: Tue, 5 Oct 2004 22:30:17 +0900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 05/Oct/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) squid -> DoS vulnerability in squid
 (2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick

===========================================================
* squid -> DoS vulnerability in squid
===========================================================

 More information :
    Squid is a high-performance proxy caching server for web clients, supporting
    FTP, gopher, and HTTP data objects. Unlike traditional caching software,
    Squid handles all requests in a single, non-blocking, I/O-driven process.

    A vulnerability in the NTLM helpers in squid.

 Impact :
    The vulnerabilities allow remote attackers to cause a denial of service of sauid server services.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u squid

 [other]
 # turbopkg
 or
 # zabom update squid
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   squid-2.5.STABLE6-11.src.rpm
      1538211 ff3e34c4b8c71d250f2781179ceec73a

   Binary Packages
   Size : MD5

   squid-2.5.STABLE6-11.i586.rpm
       825195 85c3b583674e0ac0695c4cbf0404e586

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   squid-2.5.STABLE6-11.src.rpm
      1538211 6b6d400ee15ee97ac6f7e98fbea26e50

   Binary Packages
   Size : MD5

   squid-2.5.STABLE6-11.i586.rpm
       825663 bed921f91e657975cc6c72d2ea8f29d4

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
      1538211 b28eeeb88347c668fdb9938c4c1cd438

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
       825370 335f0fe78cfb204c86ff5b05d12bfd34

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
      1538211 181d72c2668f72b6e50190f784421bed

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
       825810 5e52e49f4be6e555f57b38ffb241c455

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
      1538211 45fd66fc13713b40beb996f664460f0e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
       829880 e2a6cf6b67a7c74249b23bce5a4adedf

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
      1538211 191eab57b2adcecf91ceb4b34c94de09

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
       830034 d6142042afcd410376e5a875c5436bc9


 Notice :
    After performing the update, it is necessary to restart the squid daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/squid restart
 or
 # /etc/rc.d/init.d/squid restart
 ---------------------------------------------

 References:

 CVE
   [CAN-2004-0832]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832


===========================================================
* ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
===========================================================

 More information :
    ImageMagick(TM) is an image display and manipulation tool for the X
    Window System.  ImageMagick can read and write JPEG, TIFF, PNM, GIF and
    Photo CD image file formats.

    Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
    attackers to execute arbitrary code via a malformed image or video file.

 Impact :
    These vulnerabilities may allow remote attackers to execute arbitrary
    code via a malformed image or video file in AVI or BMP formats.

 Affected Products :
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Desktop, Turbolinux 10 F...]
 # zabom -u ImageMagick ImageMagick-devel

 [other]
 # turbopkg
 or
 # zabom update ImageMagick ImageMagick-devel
 ---------------------------------------------


 <Turbolinux 10 Desktop, Turbolinux 10 F...>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm
      5274681 6a9d3c1b208049830e7086b9aae75fe7

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm
      2397224 dea16cf3ee2ce38381e3d2679ad8fa3c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm
       555804 840cc5d2ec79afd5cfdbf4223f625195

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm
      3614849 bb43185f084dd6e32f10694f35fb513d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm
      3207676 6839799de74d7439334a875a097b6049
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm
      1392173 d0af80e68a129fd41d301b7ec3469ff5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm
       855821 be80bb2b23c8b87ab831bb99201b85c8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm
        60163 1281a234915115227a2bb2fa5071d6c7

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm
      3665019 ae1a64cf87ea0e6598ca147abd3349e4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm
      3668565 d065de9b0d5a58b6393cc4805e0eb405
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-3.i586.rpm
       971835 df0dda9a20ad43b2a8b3ee7a5313f6a8

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
      3656626 6197f1b2ff6d1a831d532a3fce210f94

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
      3038600 0276001bdf52d75ab65dcac7ff4ebb49
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
      1267440 9e21404db4bf10a005a89f974fd8558e

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
      3656626 084f8247af6313928f5dcdae20ed9713

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
      3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
      1267050 a3e0ef2ac5bd589f453f5ab529981fab


 References:

 CVE
   [CAN-2004-0827]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl () turbolinux co jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl () turbolinux co jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info () turbolinux co jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5
D6e2lOCXUmCWuYNVxpgAvWY=
=qIgj
-----END PGP SIGNATURE-----




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [TURBOLINUX SECURITY INFO] 05/Oct/2004 Turbolinux (Oct 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]