From security-announce@turbolinux.co.jp Thu Oct 9 02:00:25 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 8 Oct 2003 20:09:27 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 08/Oot/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 08/Oct/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) pine -> Multipel vulnerabilities in pine =========================================================== * pine -> Multipel vulnerabilities in pine =========================================================== Summary : Multipel vulnerabilities in pine More information : Pine is a very popular, easy to use, full-featured email user agent. Pine contains a vulnerability during the handling of the 'message/external-body' type. An integer overflow exists in the Pine MIME header parsing. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/pine-4.58-2.src.rpm 2893276 b818bf85bdaa8ef0ff9d557bf9bdb89a Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/pine-4.58-2.i386.rpm 2635143 6a6d0b3bf0d7b5ec927e8100d79f1f84 References : CVE [CAN-2003-0720] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0720 [CAN-2003-0721] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0721 -------------------------------------------------------------------------- Revision History 08 Oct 2003 Initial release -------------------------------------------------------------------------- * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/g/BvK0LzjOqIJMwRAo+4AJ9L8IQnOiAhTaA/xrxDNVd+fP8jYgCgqGYN W0gWl4c5XmtG7qMnbdUmCts= =qi/C -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html