Full Disclosure mailing list archives
[TURBOLINUX SECURITY INFO] 18/Sep/2003
From: Turbolinux <security-announce () turbolinux co jp>
Date: Thu, 18 Sep 2003 23:25:03 +0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 18/Sep/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) sendmail -> Buffer overflows =========================================================== * sendmail -> Buffer overflows =========================================================== More information : Sendmail is a Mail Transport Agent, which is the program that moves mail from one machine to another. The potential buffer overflows are in ruleset parsing and address parsing for sendmail. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/sendmail-8.12.10-1.src.rpm 1912561 f7de782020dc1ce8a6b76eb0d6b114cf Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-8.12.10-1.i586.rpm 441242 be71fac781809586926a078457bccff1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-cf-8.12.10-1.i586.rpm 146120 bc430c2b4c47f37c5e3edfe37fd77e88 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-doc-8.12.10-1.i586.rpm 428389 de0745c6048b392fd6048eec781da44e <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/sendmail-8.11.6-12.src.rpm 1415614 f54e38d2351635612b774c1907498437 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-8.11.6-12.i586.rpm 261197 bdf774ab5c2bb9dc5a5e27e5f87e7cc7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm 118439 9675379be59da47084944b402f490cd7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm 338246 426198e8d6a5dae9ddcf0907656ff874 <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/sendmail-8.11.6-12.src.rpm 1415614 3d088103e72d63c39481eaed958292e3 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-8.11.6-12.i586.rpm 258812 fc4c6b30a2efdc8f54c3a9e5c6dde079 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm 118054 d86e31c8713b487ea6aa090a98c2286e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm 338227 0ed048d1534aa1bb2544505d40145e3d <Turbolinux 7 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/sendmail-8.11.6-12.src.rpm 1415614 fc3a162b40b92dff1c7361dce7ac0c00 Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-8.11.6-12.i586.rpm 258758 e3a97ce6aea99dc9e780d5d23ba4f230 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm 117933 8b0024d5a447f9ba9a1946c0c1beb590 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm 338224 f3bda4e76bf9dea86d8ddd3005315a65 <Turbolinux Server 6.5> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/sendmail-8.9.3-31.src.rpm 1157319 429a3c57c35dc8fbeb9de0139080fe5a Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-8.9.3-31.i386.rpm 224979 84149cc950674b0de6b27b21b6d0546b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm 113601 62c1ef254d301d98d29504536a163016 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm 496648 b8b205e809562fa8ea6b7811e5907661 <Turbolinux Advanced Server 6> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm 1157319 cb753b03b23c2c6af8a0d89852f231dc Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm 224978 0c7c597e4bfd54171b92437a5ac350ae ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm 113630 37020febb00065ca3d43a01180ff3f21 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm 496668 65dde27ccd36fcb288e8ff7b9a131f3a <Turbolinux Server 6.1> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm 1157319 052b73cf7f20401e2b32a3c1e9d8381a Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm 224973 3d43adb320abf82d6c7a9e8c1d2b37fc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm 113608 8e67e1541ccdd7f8aafa2014045f03cf ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm 496644 beaffcfc9ef02f8dd80aec49a762e4eb <Turbolinux Workstation 6.0> Source Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/sendmail-8.9.3-31.src.rpm 1157319 d7928ec559b68bd180fb5e89aaf0b62c Binary Packages Size : MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm 224957 f0536d676dba91389866197b29bc8210 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm 113500 4e26f52c7eb1584118bda2a8ded7ea6b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm 496649 78e5050bb4bbd14572eab0bfea6b6b75 Notice : After performing the update, it is necessary to restart the sendmail daemon. To do this, run the following command as user root. --------------------------------------------- # /etc/init.d/sendmail restart or # /etc/rc.d/init.d/sendmail restart --------------------------------------------- References : sendmail.org [Sendmail 8.12.10] http://www.sendmail.org/8.12.10.html CVE [CAN-2003-0681] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681 [CAN-2003-0694] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694 -------------------------------------------------------------------------- Revision History 18 Sep 2003 Initial release -------------------------------------------------------------------------- * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <supp_info () turbolinux co jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/acBEK0LzjOqIJMwRAsobAJ0cexJLb7NKWBRG79QGWDsfzrsKsQCcDZIN BlE22pvM/GU4CO7lFVvi9+4= =3k5M -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [TURBOLINUX SECURITY INFO] 18/Sep/2003 Turbolinux (Sep 18)