From security-announce@turbolinux.co.jp Fri May 28 06:08:03 2004 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Fri, 28 May 2004 16:55:34 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 28/May/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 28/May/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) cvs -> Two issues have been discovered in cvs (2) tcpdump -> Two issues have been discovered in tcpdump (3) apache -> Multiple vulnerabilities in apache =========================================================== * cvs -> Two issues have been discovered in cvs =========================================================== More information : CVS is a front end to the rcs(1) revision control system which extends the notion of revision control from a collection of files in a single directory to a hierarchical collection of directories consisting of revision controlled files. - The client for CVS allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates. - CVS contains a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. Impact : This vulnerability may allow attackers to cause the CVS server to create directories or files in your system. An attacker that has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Desktop] # turboupdate # zabom --update cvs [Other] # turbopkg # zabom update cvs --------------------------------------------- Source Packages Size : MD5 cvs-1.12.8-1.src.rpm 2544223 b833bb39e41f301afe3e96c62e32af6f Binary Packages Size : MD5 cvs-1.12.8-1.i586.rpm 1033658 66144d4082879e66ad7ab80fa5df5d58 Source Packages Size : MD5 cvs-1.12.8-1.src.rpm 2544223 e08ecd7234b78097fed5f5e1c789d10d Binary Packages Size : MD5 cvs-1.12.8-1.i586.rpm 1033420 542602cb4b70b59c1304c3337d3373da Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 1d8dcc792ce2f99e0a187ad2a530f704 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/cvs-1.12.8-1.i586.rpm 1040140 38d3ad9525bbaaacf775eb1d5aafbb75 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 6ac72c0a561b10b0d254f19ff3ec1fa3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cvs-1.12.8-1.i586.rpm 1033625 f36bce658669efc451d722accc6e8ffb Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 ae92dd21e05a28885d5de0bc5a61bf65 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cvs-1.12.8-1.i586.rpm 1033405 52eee7509020fa428b2d8b0ed1cb2549 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 7edbab723dadd1d48eec3ecc3c5c1f4b Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/cvs-1.12.8-1.i586.rpm 1019809 2b16a9e657d95c382306da81c2ac6022 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 b88e4b2fc37ed34a6a7b8cf8cdc7d6fe Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/cvs-1.12.8-1.i586.rpm 1020848 d117a8cb93d81a2a72ff1450ebbe6674 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 ce5cc9114a8f4ad349a41ab774cb69e6 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/cvs-1.12.8-1.i386.rpm 1170600 1dad34925cae29640b1aa924a85ec76d Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 98bd94de8a644f96a7aef01427cc7cde Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm 1170553 49a5485e9969d532139e560c34802171 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 82d2dcdb1d81bfdcc9733d3c8f23410e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm 1170583 45b87a71d99db6ed43c03a6860bfad14 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/cvs-1.12.8-1.src.rpm 2544223 eae06ac1884c65f3064691529bb3e7c3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/cvs-1.12.8-1.i386.rpm 1170505 ddc031af995b018c6f64ba6c63252027 References: US-CERT [TA04-147A -- CVS Heap Overflow Vulnerability] http://www.us-cert.gov/cas/techalerts/TA04-147A.html CVE [CAN-2004-0180] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180 [CAN-2004-0396] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 =========================================================== * tcpdump -> Two issues have been discovered in tcpdump =========================================================== More information : Tcpdump is a tool designed to prints out the headers of packets on a network interface. The buffer overflow vulnerabilities were discovered in the ISAKMP decoding routines of tcpdump. Impact : Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Desktop] # turboupdate # zabom --update tcpdump [Other] # turbopkg # zabom update tcpdump --------------------------------------------- Source Packages Size : MD5 tcpdump-3.8.3-2.src.rpm 575692 8f1b579e91197e680af0360a7315bc14 Binary Packages Size : MD5 tcpdump-3.8.3-2.i586.rpm 264777 1f628764c02f67b895d9086c223b9cef Source Packages Size : MD5 tcpdump-3.8.3-2.src.rpm 575692 366921eb1f3e003de8a36a1850c4ac38 Binary Packages Size : MD5 tcpdump-3.8.3-2.i586.rpm 264648 5f5fe7e9f496db2a890c3203c26833e7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 b2ab652f74f5f2405865bbbf1e6c0c6c Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.3-2.i586.rpm 261771 451fd494f2ca01d0d5ada6e41381a2e4 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 e8b9bdfe0e122864d0603817489785a9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm 264667 8afae3502fac1e2e2eccc04f36e6bbb6 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 0c1926cf613e0f568b430cb693f10a09 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.3-2.i586.rpm 264642 2fe5be2bd5c5abda40c5e8bf7b0ec266 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 d0fb472490f6b6f1e2134ef1b28ecc30 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm 258792 cb855384260230be84d1fecff5131efa Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 8b5e63401066837e68e34365c95dc4cc Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.3-2.i586.rpm 258706 23bcbca7994890a841b9fd0bd0a251ef Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 29bc899b80e97dcc76d65070c53d7c06 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.3-2.i386.rpm 253215 1861c58d856e5cb379bef561cac665af Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 d1fe5c778d45483c256048facd94495a Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm 253211 a18f5fa2b39bdd16a36a9751e35ff47e Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 11c3ca0ddedbcae2f719c6190f385c06 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm 253225 5be638ba8dea675e9205d7d1087b9841 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.3-2.src.rpm 575692 2cdc5649cd60871d57e0425b71ed39a9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.3-2.i386.rpm 253229 382c6909a47ebe6164fe19b93647ee2c Reiferences : www.tcpdump.org [tcpdump-changes] http://www.tcpdump.org/tcpdump-changes.txt CVE [CAN-2004-0183] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 [CAN-2004-0184] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 =========================================================== * apache -> Multiple vulnerabilities in apache =========================================================== More information : Apache is a powerful, full-featured, efficient, and freely-available Web server. - Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. - mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret. Impact : A third party may gain unauthorized access to a web server. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom update apache apache-devel apache-manual mod_ssl --------------------------------------------- Source Packages Size : MD5 apache-1.3.27-23.src.rpm 3104221 c62c1249139f17852aba2a4f8e976700 Binary Packages Size : MD5 apache-1.3.27-23.i586.rpm 501592 61a908c8f6b325b34e18782a5623ebab apache-devel-1.3.27-23.i586.rpm 94278 74a131e6990c18cd86a86655cec91099 mod_ssl-2.8.14-23.i586.rpm 181149 b17be2efd850d43668c1ace32a80b076 Source Packages Size : MD5 apache-1.3.27-23.src.rpm 3104221 a3a4b02dd3079169ddfed1c73e11fd4e Binary Packages Size : MD5 apache-1.3.27-23.i586.rpm 501539 df2a88cb00e7c315995dc12dd2ad9298 apache-devel-1.3.27-23.i586.rpm 94096 71c5c5bf97c8d76e6851cfbdc62eb112 mod_ssl-2.8.14-23.i586.rpm 181120 4bcf9b8a5622f275a000901fdd65041c Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 fae6385e7dd7b5d2206078c119e59955 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-23.i586.rpm 501380 ba8a8b856724b0c40fc9d93b417b8090 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm 94116 fefbb5128a71f48bc1b479bfd9e2f964 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm 850102 894ab60db4c481e657cb2070df7ccfb6 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm 181001 5a140863eec56d160e6ac0201859c7fc Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 8c69532031a4db7c9e26dc5d2300cee9 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-1.3.27-23.i586.rpm 501428 2ca754a87193d855e0eec0208db7656f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm 94141 b72f561542781658bceaa318a7cce4ec ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm 850361 7b026bd15eeb5d540dacddec9e88ae33 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm 180937 64d6422dad738b7492c2d4dfe75e02f1 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 e8888ee7ad0be1f1f2d340eab4d2e282 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-1.3.27-23.i586.rpm 487526 7ce095cabb03c8f9a3685d4e0a903d12 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm 94158 07a772f8a2946a44f85536c8ef9be9d0 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm 850325 7a3f80c26378c56e892b0532b1dac542 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm 178538 6e38f124e06aeeedd724ec19ad640c69 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 eda5f2c70c693059619ae779ef7e5e32 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-1.3.27-23.i586.rpm 487425 ee3f380641a272cea36c29112ac48945 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm 94165 94d4ea71797f204177f608df49a18e06 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm 850245 d24632ebdfd6282d7a4ca3188a8a3392 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm 178704 47ebafb153d886d6d6fc1eab0de304a8 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 bb8185361df260baa1f82e2fb00238c4 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-1.3.27-23.i386.rpm 574103 345b50f95b4dcf5e157ce42544e5257b ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-devel-1.3.27-23.i386.rpm 110319 72a5a542c40fb13e7655e262bb90020f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-manual-1.3.27-23.i386.rpm 1088349 d4dc2892b7bd051f10548f3469c3f399 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm 191829 7d73f18b30b3b66338ae54f242becc95 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 ab48dbcecff93759e28937238333d17d Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm 574418 b23e9d600c8c238f816c5bd0384a5a3f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm 110279 40edfbf79b0281dac916b9047b32ada7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm 1089057 5d71326057b45bbc8720ff2fdd5fdcf3 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm 191898 3603df1c0badb941fe8222876246ad47 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 118886ebb423bbc369db26cad739a2ae Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-1.3.27-23.i386.rpm 574226 616250d1c67bdfb3c4fc1936c3e22b25 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm 110287 b41abb5ba773549a986caf0a00fc21b1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm 1089381 f2c34f7bc06fd381ecfa424992323e21 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm 191864 b35b6e929225c85170d24a32c6566754 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/apache-1.3.27-23.src.rpm 3104221 f4874cf86944e7292f9410e66b3e57d1 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm 574148 d10b21fa6e652e7f5963ae30d638d3f0 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm 110308 6c8cd18830f592259706af09fb547dcb ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm 1089368 b3e894e3d0eebdcc8286da19d0612b72 References: The Apache HTTP Server Project [Changes with Apache 1.3.31] http://www.apache.org/dist/httpd/CHANGES_1.3 CVE [CAN-2003-0020] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 [CAN-2003-0987] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 [CAN-2003-0993] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 [CAN-2004-0174] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAtvB6K0LzjOqIJMwRAu4FAJ9wHFvFIHhN259LAd+IxGZfYydavgCaAvuj nRmNe7MBYyfvapH9xG8Euec= =OztO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html