From security-announce@turbolinux.co.jp Tue Oct 5 18:42:12 2004 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Tue, 5 Oct 2004 22:30:17 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Oct/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 05/Oct/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) squid -> DoS vulnerability in squid (2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick =========================================================== * squid -> DoS vulnerability in squid =========================================================== More information : Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. A vulnerability in the NTLM helpers in squid. Impact : The vulnerabilities allow remote attackers to cause a denial of service of sauid server services. Affected Products : - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Desktop, Turbolinux 10 F...] # zabom -u squid [other] # turbopkg or # zabom update squid --------------------------------------------- Source Packages Size : MD5 squid-2.5.STABLE6-11.src.rpm 1538211 ff3e34c4b8c71d250f2781179ceec73a Binary Packages Size : MD5 squid-2.5.STABLE6-11.i586.rpm 825195 85c3b583674e0ac0695c4cbf0404e586 Source Packages Size : MD5 squid-2.5.STABLE6-11.src.rpm 1538211 6b6d400ee15ee97ac6f7e98fbea26e50 Binary Packages Size : MD5 squid-2.5.STABLE6-11.i586.rpm 825663 bed921f91e657975cc6c72d2ea8f29d4 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 b28eeeb88347c668fdb9938c4c1cd438 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 825370 335f0fe78cfb204c86ff5b05d12bfd34 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 181d72c2668f72b6e50190f784421bed Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 825810 5e52e49f4be6e555f57b38ffb241c455 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 45fd66fc13713b40beb996f664460f0e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 829880 e2a6cf6b67a7c74249b23bce5a4adedf Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm 1538211 191eab57b2adcecf91ceb4b34c94de09 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm 830034 d6142042afcd410376e5a875c5436bc9 Notice : After performing the update, it is necessary to restart the squid daemon. To do this, run the following command as user root. --------------------------------------------- # /etc/init.d/squid restart or # /etc/rc.d/init.d/squid restart --------------------------------------------- References: CVE [CAN-2004-0832] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832 =========================================================== * ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick =========================================================== More information : ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and Photo CD image file formats. Multiple buffer overflow vulnerabilities in ImageMagick allowing remote attackers to execute arbitrary code via a malformed image or video file. Impact : These vulnerabilities may allow remote attackers to execute arbitrary code via a malformed image or video file in AVI or BMP formats. Affected Products : - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Desktop, Turbolinux 10 F...] # zabom -u ImageMagick ImageMagick-devel [other] # turbopkg or # zabom update ImageMagick ImageMagick-devel --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm 5274681 6a9d3c1b208049830e7086b9aae75fe7 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm 2397224 dea16cf3ee2ce38381e3d2679ad8fa3c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm 555804 840cc5d2ec79afd5cfdbf4223f625195 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm 3614849 bb43185f084dd6e32f10694f35fb513d Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm 3207676 6839799de74d7439334a875a097b6049 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm 1392173 d0af80e68a129fd41d301b7ec3469ff5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm 855821 be80bb2b23c8b87ab831bb99201b85c8 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm 60163 1281a234915115227a2bb2fa5071d6c7 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm 3665019 ae1a64cf87ea0e6598ca147abd3349e4 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm 3668565 d065de9b0d5a58b6393cc4805e0eb405 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-3.i586.rpm 971835 df0dda9a20ad43b2a8b3ee7a5313f6a8 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm 3656626 6197f1b2ff6d1a831d532a3fce210f94 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm 3038600 0276001bdf52d75ab65dcac7ff4ebb49 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm 1267440 9e21404db4bf10a005a89f974fd8558e Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm 3656626 084f8247af6313928f5dcdae20ed9713 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm 3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm 1267050 a3e0ef2ac5bd589f453f5ab529981fab References: CVE [CAN-2004-0827] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5 D6e2lOCXUmCWuYNVxpgAvWY= =qIgj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html