From security-announce@turbolinux.co.jp Thu Aug 12 16:06:35 2004 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 11 Aug 2004 21:39:42 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 11/Aug/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 11/Aug/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) libpng -> Multiple vulnerabilities in libpng =========================================================== * libpng -> Multiple vulnerabilities in libpng =========================================================== More information : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Multiple buffer overflows and a potential NULL pointer dereference in libpng allow remote attackers to execute arbitrary code via malformed PNG images. Impact : This may allow remote attackers to execute arbitrary code via malformed PNG images. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Desktop, Turbolinux 10 F...] # zabom -u libpng libpng-devel [other] # turbopkg or # zabom update libpng libpng-devel --------------------------------------------- Source Packages Size : MD5 libpng-1.2.4-6.src.rpm 401986 2bf547749b4db01ab735a0b3339e20a3 Binary Packages Size : MD5 libpng-1.2.4-6.i586.rpm 136121 615e4c84f4de23730382719da42ef395 Source Packages Size : MD5 libpng-1.2.4-6.src.rpm 401986 925ef8cd5b5a5c9dc57c77051992cdf3 Binary Packages Size : MD5 libpng-1.2.4-6.i586.rpm 136024 caae4fd1f5323ffe5a6ee20912de973b Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-1.2.5-7.src.rpm 391811 46947a527b4cd5dc78aadf2b4d2c7261 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 7e816499cadf8a06bf3149caceb8affd Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-1.2.5-7.i586.rpm 135362 06f452d92b8301195daad8dd50c0c3c8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm 126147 8d2d31880d517b9e6bf745bccc54e7c9 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm 152774 ed6258e00a3f5bbf53238a1b3844bffa ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libpng-devel-1.2.5-7.i586.rpm 162732 8678def943d3c96fff879aa28fc261e3 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-1.2.4-6.src.rpm 401986 5fe0de02a33914de99aebd6cb6dd9df0 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 61d1560e4ef8fed88d692ad25d6b478a Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-1.2.4-6.i586.rpm 136010 4dd58ba3496bca4b8a0638fc55faf3c8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm 127719 20db3be96e43ba614e995df4d79e24ff ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm 151400 439f3944ebe2d933a87a3ac30efc4c2a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libpng-devel-1.2.4-6.i586.rpm 159730 a20019b49ccd938c2b81cc68caf68bbc Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libpng-1.2.4-6.src.rpm 401986 9636976c4d16dde18a3e19ffcc6d16fd ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 9ff5dba68cb734cfb88187532539efca Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-1.2.4-6.i586.rpm 136088 74e0096821f3aad31636b2016a18b65f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm 127742 8729afed9d2cd422854c8277d6bca9cf ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm 151353 f81f7f670176bad83257925e72b14dee ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libpng-devel-1.2.4-6.i586.rpm 159786 091c305cbb0aadb972081d647f584321 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 e0036bead06655145ef106b4489edc05 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 7ce207084cc91d347270d1f700ad2a91 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-1.0.12-8.i586.rpm 125642 c3be47770f71d9e4067ce5f37f2e21a2 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm 125091 91936d2c9c0ce3c1d3b665eb21c1a965 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm 147172 63464e9aeb6f2d0a3b3bb4feb5bde307 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libpng-devel-1.0.12-8.i586.rpm 147675 ed408da221957bb46762f621e1a3cb72 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 b07298e0b9701c81803a4d2f10e1e741 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 398fb603d8c1078dd56c97a19d59b322 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-1.0.12-8.i586.rpm 125613 5728ec3dfaa5a653487cd87744520c2d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-compat-1.0.12-8.i586.rpm 125079 6c34fd616c40dc75283beb58a8df5712 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-compat-devel-1.0.12-8.i586.rpm 147175 82102e85a964ac1563ff70f59f238e91 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libpng-devel-1.0.12-8.i586.rpm 147694 d17ebd83a5ae8574c4eb88f9c6752d12 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 ca1eea769ffbe109c051f3f8cd105968 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 444468d366d7bb30a9fdfecacbaa1cde Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-1.0.12-8.i386.rpm 144367 98110bc536097acaab38eed9adf5d11e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm 143881 befa6e8acd037ea624f7188d563f5269 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm 152987 354d4e08a4e08e9bcc396601664edbf5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm 153432 3e14277128f2a201f74474d76f298cb2 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 8803c8355a6455d09c5ada4fa3581c44 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 fb3726afb87ff38c6885a3401f5ebeb8 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm 144363 aa3ef79ecfccdbeb20a8059a0bada612 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm 143879 5660c9e168c7bdc57851b5d68086522d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm 152976 c1033e23f76070ff405e4df8802adf37 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm 153421 174b1e6d5c8b520027f229bc24098f7f Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 0eebef54db455d8d0c1a14346346058d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 ba42645d8aa46c7e91e5d0888267b47a Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm 144364 4b1c38cf1c273676c44ef0c2aa6c70a8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm 143886 363ccae231ed36f175e11c87a6563062 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm 152977 bbe83b121327fe679bd4df8600e698e0 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm 153423 6b8a7c06f13cc0a549e7e8450b4d478f Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/libpng-1.0.12-8.src.rpm 493276 7c5a305386c2f73d98fc2379755d590c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/libpng-compat-1.0.12-8.src.rpm 492223 560ee4ef0a19df23a0ddef7f5a72a9a5 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-1.0.12-8.i386.rpm 144365 1c34fa1b01fff277c24f8394673580d2 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-compat-1.0.12-8.i386.rpm 143897 198fe93fe05b378e0933724418e6bdc5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-compat-devel-1.0.12-8.i386.rpm 152972 c95f1d7871543154b5ddbcca110956e9 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/libpng-devel-1.0.12-8.i386.rpm 153426 44ec500a63d287c7f1f61bda9e1ab43e References: CVE [CAN-2004-0421] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 [CAN-2004-0597] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 [CAN-2004-0598] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 [CAN-2004-0599] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBGhORK0LzjOqIJMwRAsyBAJ98h5FukVq2TkUjqSmUUJPUOWbbvgCfZUEv PEKcLdiJ0cKiB6lSYy3WB4M= =Kb4P -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html