[Full-Disclosure] [TURBOLINUX SECURITY INFO] 28/May/2004

From: Turbolinux (security-announce_at_turbolinux.co.jp)
Date: 05/28/04

  • Next message: Kovács László: "[Full-Disclosure] First known 64-bit virus threat found"
    To: security-announce@turbolinux.co.jp
    Date: Fri, 28 May 2004 16:55:34 +0900
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    This is an announcement only email list for the x86 architecture.
    ============================================================
    Turbolinux Security Announcement 28/May/2004
    ============================================================

    The following page contains the security information of Turbolinux Inc.

     - Turbolinux Security Center
       http://www.turbolinux.com/security/

     (1) cvs -> Two issues have been discovered in cvs
     (2) tcpdump -> Two issues have been discovered in tcpdump
     (3) apache -> Multiple vulnerabilities in apache

    ===========================================================
    * cvs -> Two issues have been discovered in cvs
    ===========================================================

     More information :
        CVS is a front end to the rcs(1) revision control system which extends
        the notion of revision control from a collection of files in a single
        directory to a hierarchical collection of directories consisting of
        revision controlled files.

        - The client for CVS allows a remote malicious CVS server to create arbitrary files using
          certain RCS diff files that use absolute pathnames during checkouts or updates.

        - CVS contains a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached.
          This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server.

     Impact :
        This vulnerability may allow attackers to cause the CVS server to create directories or
        files in your system.
        An attacker that has access to a CVS server could use this flaw to execute arbitrary code
        under the UID which the CVS server is executing.

     Affected Products :
        - Turbolinux Appliance Server 1.0 Hosting Edition
        - Turbolinux Appliance Server 1.0 Workgroup Edition
        - Turbolinux 10 Desktop
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server
        - Turbolinux 7 Workstation
        - Turbolinux Server 6.5
        - Turbolinux Advanced Server 6
        - Turbolinux Server 6.1
        - Turbolinux Workstation 6.0

     Solution :
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     [Turbolinux 10 Desktop]
     # turboupdate
     # zabom --update cvs

     [Other]
     # turbopkg
     # zabom update cvs
     ---------------------------------------------

     <Turbolinux Appliance Server 1.0 Hosting Edition>

       Source Packages
       Size : MD5

       cvs-1.12.8-1.src.rpm
          2544223 b833bb39e41f301afe3e96c62e32af6f

       Binary Packages
       Size : MD5

       cvs-1.12.8-1.i586.rpm
          1033658 66144d4082879e66ad7ab80fa5df5d58

     <Turbolinux Appliance Server 1.0 Workgroup Edition>

       Source Packages
       Size : MD5

       cvs-1.12.8-1.src.rpm
          2544223 e08ecd7234b78097fed5f5e1c789d10d

       Binary Packages
       Size : MD5

       cvs-1.12.8-1.i586.rpm
          1033420 542602cb4b70b59c1304c3337d3373da

     <Turbolinux 10 Desktop>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 1d8dcc792ce2f99e0a187ad2a530f704

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cvs-1.12.8-1.i586.rpm
          1040140 38d3ad9525bbaaacf775eb1d5aafbb75

     <Turbolinux 8 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 6ac72c0a561b10b0d254f19ff3ec1fa3

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cvs-1.12.8-1.i586.rpm
          1033625 f36bce658669efc451d722accc6e8ffb

     <Turbolinux 8 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 ae92dd21e05a28885d5de0bc5a61bf65

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cvs-1.12.8-1.i586.rpm
          1033405 52eee7509020fa428b2d8b0ed1cb2549

     <Turbolinux 7 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 7edbab723dadd1d48eec3ecc3c5c1f4b

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/cvs-1.12.8-1.i586.rpm
          1019809 2b16a9e657d95c382306da81c2ac6022

     <Turbolinux 7 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 b88e4b2fc37ed34a6a7b8cf8cdc7d6fe

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/cvs-1.12.8-1.i586.rpm
          1020848 d117a8cb93d81a2a72ff1450ebbe6674

     <Turbolinux Server 6.5>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 ce5cc9114a8f4ad349a41ab774cb69e6

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/cvs-1.12.8-1.i386.rpm
          1170600 1dad34925cae29640b1aa924a85ec76d

     <Turbolinux Advanced Server 6>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 98bd94de8a644f96a7aef01427cc7cde

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
          1170553 49a5485e9969d532139e560c34802171

     <Turbolinux Server 6.1>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 82d2dcdb1d81bfdcc9733d3c8f23410e

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
          1170583 45b87a71d99db6ed43c03a6860bfad14

     <Turbolinux Workstation 6.0>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm
          2544223 eae06ac1884c65f3064691529bb3e7c3

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm
          1170505 ddc031af995b018c6f64ba6c63252027

     References:

     US-CERT
       [TA04-147A -- CVS Heap Overflow Vulnerability]
       http://www.us-cert.gov/cas/techalerts/TA04-147A.html

     CVE
       [CAN-2004-0180]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
       [CAN-2004-0396]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396

    ===========================================================
    * tcpdump -> Two issues have been discovered in tcpdump
    ===========================================================

     More information :
        Tcpdump is a tool designed to prints out the headers of packets on a network interface.
        The buffer overflow vulnerabilities were discovered in the ISAKMP decoding routines of tcpdump.

     Impact :
        Remote attackers could potentially exploit these issues by sending
        carefully-crafted packets to a victim.

     Affected Products :
        - Turbolinux Appliance Server 1.0 Hosting Edition
        - Turbolinux Appliance Server 1.0 Workgroup Edition
        - Turbolinux 10 Desktop
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server
        - Turbolinux 7 Workstation
        - Turbolinux Server 6.5
        - Turbolinux Advanced Server 6
        - Turbolinux Server 6.1
        - Turbolinux Workstation 6.0

     Solution :
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     [Turbolinux 10 Desktop]
     # turboupdate
     # zabom --update tcpdump

     [Other]
     # turbopkg
     # zabom update tcpdump
     ---------------------------------------------

     <Turbolinux Appliance Server 1.0 Hosting Edition>

       Source Packages
       Size : MD5

       tcpdump-3.8.3-2.src.rpm
           575692 8f1b579e91197e680af0360a7315bc14

       Binary Packages
       Size : MD5

       tcpdump-3.8.3-2.i586.rpm
           264777 1f628764c02f67b895d9086c223b9cef

     <Turbolinux Appliance Server 1.0 Workgroup Edition>

       Source Packages
       Size : MD5

       tcpdump-3.8.3-2.src.rpm
           575692 366921eb1f3e003de8a36a1850c4ac38

       Binary Packages
       Size : MD5

       tcpdump-3.8.3-2.i586.rpm
           264648 5f5fe7e9f496db2a890c3203c26833e7

     <Turbolinux 10 Desktop>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 b2ab652f74f5f2405865bbbf1e6c0c6c

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
           261771 451fd494f2ca01d0d5ada6e41381a2e4

     <Turbolinux 8 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 e8b9bdfe0e122864d0603817489785a9

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
           264667 8afae3502fac1e2e2eccc04f36e6bbb6

     <Turbolinux 8 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 0c1926cf613e0f568b430cb693f10a09

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
           264642 2fe5be2bd5c5abda40c5e8bf7b0ec266

     <Turbolinux 7 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 d0fb472490f6b6f1e2134ef1b28ecc30

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
           258792 cb855384260230be84d1fecff5131efa

     <Turbolinux 7 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 8b5e63401066837e68e34365c95dc4cc

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm
           258706 23bcbca7994890a841b9fd0bd0a251ef

     <Turbolinux Server 6.5>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 29bc899b80e97dcc76d65070c53d7c06

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
           253215 1861c58d856e5cb379bef561cac665af

     <Turbolinux Advanced Server 6>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 d1fe5c778d45483c256048facd94495a

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
           253211 a18f5fa2b39bdd16a36a9751e35ff47e

     <Turbolinux Server 6.1>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 11c3ca0ddedbcae2f719c6190f385c06

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
           253225 5be638ba8dea675e9205d7d1087b9841

     <Turbolinux Workstation 6.0>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm
           575692 2cdc5649cd60871d57e0425b71ed39a9

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm
           253229 382c6909a47ebe6164fe19b93647ee2c

     Reiferences :

     www.tcpdump.org
       [tcpdump-changes]
       http://www.tcpdump.org/tcpdump-changes.txt

     CVE
       [CAN-2004-0183]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183
       [CAN-2004-0184]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184

    ===========================================================
    * apache -> Multiple vulnerabilities in apache
    ===========================================================

     More information :
        Apache is a powerful, full-featured, efficient, and freely-available Web server.

        - Apache does not filter terminal escape sequences from its error logs,
          which could make it easier for attackers to insert those sequences
          into terminal emulators containing vulnerabilities related to escape sequences.

        - mod_digest for Apache does not properly verify the nonce of a client response by
          using a AuthNonce secret.

     Impact :
        A third party may gain unauthorized access to a web server.

     Affected Products :
        - Turbolinux Appliance Server 1.0 Hosting Edition
        - Turbolinux Appliance Server 1.0 Workgroup Edition
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server
        - Turbolinux 7 Workstation
        - Turbolinux Server 6.5
        - Turbolinux Advanced Server 6
        - Turbolinux Server 6.1
        - Turbolinux Workstation 6.0

     Solution :
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     # turbopkg
     or
     # zabom update apache apache-devel apache-manual mod_ssl
     ---------------------------------------------

     <Turbolinux Appliance Server 1.0 Hosting Edition>

       Source Packages
       Size : MD5

       apache-1.3.27-23.src.rpm
          3104221 c62c1249139f17852aba2a4f8e976700

       Binary Packages
       Size : MD5

       apache-1.3.27-23.i586.rpm
           501592 61a908c8f6b325b34e18782a5623ebab
       apache-devel-1.3.27-23.i586.rpm
            94278 74a131e6990c18cd86a86655cec91099
       mod_ssl-2.8.14-23.i586.rpm
           181149 b17be2efd850d43668c1ace32a80b076

     <Turbolinux Appliance Server 1.0 Workgroup Edition>

       Source Packages
       Size : MD5

       apache-1.3.27-23.src.rpm
          3104221 a3a4b02dd3079169ddfed1c73e11fd4e

       Binary Packages
       Size : MD5

       apache-1.3.27-23.i586.rpm
           501539 df2a88cb00e7c315995dc12dd2ad9298
       apache-devel-1.3.27-23.i586.rpm
            94096 71c5c5bf97c8d76e6851cfbdc62eb112
       mod_ssl-2.8.14-23.i586.rpm
           181120 4bcf9b8a5622f275a000901fdd65041c

     <Turbolinux 8 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 fae6385e7dd7b5d2206078c119e59955

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-23.i586.rpm
           501380 ba8a8b856724b0c40fc9d93b417b8090
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
            94116 fefbb5128a71f48bc1b479bfd9e2f964
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
           850102 894ab60db4c481e657cb2070df7ccfb6
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
           181001 5a140863eec56d160e6ac0201859c7fc

     <Turbolinux 8 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 8c69532031a4db7c9e26dc5d2300cee9

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-1.3.27-23.i586.rpm
           501428 2ca754a87193d855e0eec0208db7656f
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
            94141 b72f561542781658bceaa318a7cce4ec
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
           850361 7b026bd15eeb5d540dacddec9e88ae33
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
           180937 64d6422dad738b7492c2d4dfe75e02f1

     <Turbolinux 7 Server>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 e8888ee7ad0be1f1f2d340eab4d2e282

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-1.3.27-23.i586.rpm
           487526 7ce095cabb03c8f9a3685d4e0a903d12
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
            94158 07a772f8a2946a44f85536c8ef9be9d0
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
           850325 7a3f80c26378c56e892b0532b1dac542
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
           178538 6e38f124e06aeeedd724ec19ad640c69

     <Turbolinux 7 Workstation>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 eda5f2c70c693059619ae779ef7e5e32

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-1.3.27-23.i586.rpm
           487425 ee3f380641a272cea36c29112ac48945
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
            94165 94d4ea71797f204177f608df49a18e06
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
           850245 d24632ebdfd6282d7a4ca3188a8a3392
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
           178704 47ebafb153d886d6d6fc1eab0de304a8

     <Turbolinux Server 6.5>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 bb8185361df260baa1f82e2fb00238c4

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-1.3.27-23.i386.rpm
           574103 345b50f95b4dcf5e157ce42544e5257b
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
           110319 72a5a542c40fb13e7655e262bb90020f
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
          1088349 d4dc2892b7bd051f10548f3469c3f399
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
           191829 7d73f18b30b3b66338ae54f242becc95

     <Turbolinux Advanced Server 6>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 ab48dbcecff93759e28937238333d17d

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
           574418 b23e9d600c8c238f816c5bd0384a5a3f
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
           110279 40edfbf79b0281dac916b9047b32ada7
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
          1089057 5d71326057b45bbc8720ff2fdd5fdcf3
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
           191898 3603df1c0badb941fe8222876246ad47

     <Turbolinux Server 6.1>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 118886ebb423bbc369db26cad739a2ae

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
           574226 616250d1c67bdfb3c4fc1936c3e22b25
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
           110287 b41abb5ba773549a986caf0a00fc21b1
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
          1089381 f2c34f7bc06fd381ecfa424992323e21
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
           191864 b35b6e929225c85170d24a32c6566754

     <Turbolinux Workstation 6.0>

       Source Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
          3104221 f4874cf86944e7292f9410e66b3e57d1

       Binary Packages
       Size : MD5

       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
           574148 d10b21fa6e652e7f5963ae30d638d3f0
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
           110308 6c8cd18830f592259706af09fb547dcb
       ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
          1089368 b3e894e3d0eebdcc8286da19d0612b72

     References:

     The Apache HTTP Server Project
       [Changes with Apache 1.3.31]
       http://www.apache.org/dist/httpd/CHANGES_1.3

     CVE
       [CAN-2003-0020]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
       [CAN-2003-0987]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
       [CAN-2003-0993]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
       [CAN-2004-0174]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174

     * You may need to update the turbopkg tool before applying the update.
    Please refer to the following URL for detailed information.

      http://www.turbolinux.com/download/zabom.html
      http://www.turbolinux.com/download/zabomupdate.html

    Package Update Path
    http://www.turbolinux.com/update

    ============================================================
     * To obtain the public key

    Here is the public key

     http://www.turbolinux.com/security/

     * To unsubscribe from the list

    If you ever want to remove yourself from this mailing list,
      you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
    the word `unsubscribe' in the body (don't include the quotes).

    unsubscribe

     * To change your email address

    If you ever want to chage email address in this mailing list,
      you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
    the following command in the message body:

      chaddr 'old address' 'new address'

    If you have any questions or problems, please contact
    <supp_info@turbolinux.co.jp>

    Thank you!

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFAtvB6K0LzjOqIJMwRAu4FAJ9wHFvFIHhN259LAd+IxGZfYydavgCaAvuj
    nRmNe7MBYyfvapH9xG8Euec=
    =OztO
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Kovács László: "[Full-Disclosure] First known 64-bit virus threat found"

    Relevant Pages