[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 433/05 - Trustix - multi [TSL-2005-0027]



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 433/05 dated 08.06.05  Time: 16:12  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Trustix - multi [TSL-2005-0027]

Detail
====== 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2005-0027

Package name:      apache bittorrent cyrus-imapd mailman mod_perl
                   mysql zlib
Summary:           Package fixes
Date:              2005-06-06
Affected versions: Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- - --------------------------------------------------------------------------
Package description:
  apache:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.
  
  bittorrent:
  BitTorrent gives you the same freedom to publish previously enjoyed by
  only a select few with special equipment and lots of money.
  You have something terrific to publish -- a large music or video file,
  software, a game or anything else that many people would like to have.
  But the more popular your file becomes, the more you are punished by
  soaring bandwidth costs. If your file becomes phenomenally successful
  and a flash crowd of hundreds or thousands try to get it at once, your
  server simply crashes and no one gets it.  There is a solution to this
  vicious cycle. BitTorrent, the result of over two years of intensive
  development, is a simple and free software product that addresses all
  of these problems.
  
  cyrus-imapd:
  The Cyrus IMAP server is a scaleable enterprise mail system
  designed for use from small to large enterprise environments using
  standards-based technologies.
  
  mailman:
  Mailman is software to help manage email discussion lists, much like
  Majordomo and Smartmail. Unlike most similar products, Mailman gives
  each mailing list a webpage, and allows users to subscribe,
  unsubscribe, etc. over the Web. Even the list manager can administer
  his or her list entirely from the Web. Mailman also integrates most
  things people want to do with mailing lists, including archiving, mail
  <-> news gateways, and so on.
  
  mod_perl:
  Mod_perl incorporates a Perl interpreter into the Apache web server,
  so that the Apache web server can directly execute Perl code.
  Mod_perl links the Perl runtime library into the Apache web server and
  provides an object-oriented Perl interface for Apache's C language
  API.  The end result is a quicker CGI script turnaround process, since
  no external Perl interpreter has to be started.
  
  mysql:
  MySQL is a true multi-user, multi-threaded SQL (Structured Query
  Language) database server. MySQL is a client/server implementation
  that consists of a server daemon (mysqld) and many different client
  programs/libraries.
  
  zlib:
  The zlib compression library provides in-memory compression and
  decompression functions, including integrity checks of the uncompressed
  data.  This version of the library supports only one compression method
  (deflation), but other algorithms may be added later, which will have
  the same stream interface.  The zlib library is used by many different
  system programs.
  
Problem description:
  apache:
  - Rebuilt with mod_perl to activate changes to Apache2, Bug #811
  - Fixing default httpd.conf to reflect correct locations, Bug #701
  
  bittorrent:
  - Start bittorrent last, chkconfig changed to 99 01. Fix Bug #803.
  - Added missing PreReq for chkconfig and tsl-utils. ( Ref. Bug #800)
  
  cyrus-imapd:
  - Changed chkconfig of cyrus to 76 24
  
  mailman:
  - New Upstream

  mod_perl:
  - Modified perl.conf according to new mod_perl version of 2.0.
  
  mysql:
  - Fixed duplicate packaging of /usr/bin/mysqladmin (Fix. Bug #823).
  - Man page for mysqladmin now owned by mysql-shared.
  
  zlib:
  - New Upstream
  - Vendor Fix for CAN-2005-0797.  Note that this was fixed in an
    earlier update for this package; this is merely a sync with upstream.
  - Fix bug when decompressing dynamic blocks with no distance codes
  - Do not return an error when using gzread() on an empty file
  

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0027/>


MD5sums of the packages:
- - --------------------------------------------------------------------------
ee3ed141fd3d5f579a44a3b066e25195  2.2/rpms/apache-2.0.54-4tr.i586.rpm
c46b0cc1c05c5877174cee5f47203f51  2.2/rpms/apache-dbm-2.0.54-4tr.i586.rpm
a3cc4e4b4d17da8ec1a2515207189548  2.2/rpms/apache-devel-2.0.54-4tr.i586.rpm
7a5de7f4f282378155a03a3fde683d80  2.2/rpms/apache-html-2.0.54-4tr.i586.rpm
ed5897cff7d20b45c161ded7268ea19b  2.2/rpms/apache-manual-2.0.54-4tr.i586.rpm
7fbbdf681fda1c2000e0ba1d80efe491  2.2/rpms/bittorrent-4.0.2-2tr.i586.rpm
cb05de0e52256b3b9534162613e10c28  2.2/rpms/cyrus-imapd-2.2.12-3tr.i586.rpm
dd5b6ff4ab025364d0d71c85bf64a0f9  2.2/rpms/cyrus-imapd-devel-2.2.12-3tr.i586.rpm
63572afae74552483ba0ee56b5767d8b  2.2/rpms/mailman-2.1.6-1tr.i586.rpm
e47e8ce3a58729d093fc3bdf64d4ae78  2.2/rpms/mailman-ca-2.1.6-1tr.i586.rpm
e5d8eeaa366c2946114fcf6a045303ef  2.2/rpms/mailman-cs-2.1.6-1tr.i586.rpm
5ac7233bb95a49dc05083080162f8cd0  2.2/rpms/mailman-de-2.1.6-1tr.i586.rpm
7b09b67608caa2492d7315d39b366202  2.2/rpms/mailman-es-2.1.6-1tr.i586.rpm
a273d49a8b41815b484a67e51cb54dab  2.2/rpms/mailman-et-2.1.6-1tr.i586.rpm
dbc0dc80379ee10f1d1839e24c644fda  2.2/rpms/mailman-eu-2.1.6-1tr.i586.rpm
5e538ea1c4556f0df2123b7d790c80a6  2.2/rpms/mailman-fi-2.1.6-1tr.i586.rpm
1401c93798954e06d04aec08465a17a9  2.2/rpms/mailman-fr-2.1.6-1tr.i586.rpm
2b6fea00c409d8a6ab35cbf971a79033  2.2/rpms/mailman-hr-2.1.6-1tr.i586.rpm
86ae11d575012ef5f929826651c28f30  2.2/rpms/mailman-hu-2.1.6-1tr.i586.rpm
ec7ae4aef9f5f325b8bd1dccd7758b9e  2.2/rpms/mailman-it-2.1.6-1tr.i586.rpm
9b8c25522fd8dd79d3aa95a3708f0122  2.2/rpms/mailman-ja-2.1.6-1tr.i586.rpm
ef159eee5b35c7567292d0736f9e6f1c  2.2/rpms/mailman-ko-2.1.6-1tr.i586.rpm
3c96add14111fff687eaf1ab772fa0b4  2.2/rpms/mailman-lt-2.1.6-1tr.i586.rpm
9577727da7909083ae5d742e2893adef  2.2/rpms/mailman-nl-2.1.6-1tr.i586.rpm
52cff2b104244741257536f62e3c9d31  2.2/rpms/mailman-no-2.1.6-1tr.i586.rpm
889808cbfe8f1c049e1a8164e254885d  2.2/rpms/mailman-pl-2.1.6-1tr.i586.rpm
9e679959d0b858e07c78afcb34103895  2.2/rpms/mailman-pt-2.1.6-1tr.i586.rpm
d50b873c7841cb9a9f9edaade4f7a1f9  2.2/rpms/mailman-pt_BR-2.1.6-1tr.i586.rpm
568a31d0a12b80f7a66cd24a66134b57  2.2/rpms/mailman-ro-2.1.6-1tr.i586.rpm
e22c33fe6006b0582800632bcf656e01  2.2/rpms/mailman-ru-2.1.6-1tr.i586.rpm
d3a1d77f2b04eec24aeeb493d3d19565  2.2/rpms/mailman-sl-2.1.6-1tr.i586.rpm
f9acc3bc94e81ef03bb4654624dfab8f  2.2/rpms/mailman-sr-2.1.6-1tr.i586.rpm
48a148e24e9c663872f426b00934a0c3  2.2/rpms/mailman-sv-2.1.6-1tr.i586.rpm
893aff8ebcbffb280ee497a2a99a1f54  2.2/rpms/mailman-uk-2.1.6-1tr.i586.rpm
ad4231a673e7dcdad8decc19eacd5f63  2.2/rpms/mailman-zh_CN-2.1.6-1tr.i586.rpm
55e8dfbebb8f35f073dd95d2e9ab68b3  2.2/rpms/mailman-zh_TW-2.1.6-1tr.i586.rpm
650e1f5046bab3454a07ac37d55ee91f  2.2/rpms/mod_perl-2.0.0-3tr.i586.rpm
66e7515d1b8de69234e1c5f831dd7710  2.2/rpms/mod_perl-devel-2.0.0-3tr.i586.rpm
9566fb29476a12ce0d07eb09726189cc  2.2/rpms/mysql-4.1.12-2tr.i586.rpm
82d9e2767ff040c7013ef591200bdb93  2.2/rpms/mysql-bench-4.1.12-2tr.i586.rpm
9766afc597c35b34a5844d18e199122c  2.2/rpms/mysql-client-4.1.12-2tr.i586.rpm
11f2b698e63408fa70d9db1bd7653fbf  2.2/rpms/mysql-devel-4.1.12-2tr.i586.rpm
e6fac55328a34185bf76a30c3d4924da  2.2/rpms/mysql-libs-4.1.12-2tr.i586.rpm
dc3db9c49ebc7cbcf90ef8febddcb078  2.2/rpms/mysql-shared-4.1.12-2tr.i586.rpm
1245f20895821174dd07203e5849598f  2.2/rpms/zlib-1.2.2-1tr.i586.rpm
a0cc680aeecee4d8f1f7f251a9364d2d  2.2/rpms/zlib-devel-1.2.2-1tr.i586.rpm

5c55a34b5df7e4dbd29c05247c674189  2.1/rpms/zlib-1.2.2-1tr.i586.rpm
3f1c01e97cfb774545613d4fb86dadf9  2.1/rpms/zlib-devel-1.2.2-1tr.i586.rpm
- - --------------------------------------------------------------------------


Trustix Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCpEmPi8CEzsK9IksRAkQaAKCSDYyf3/93tJOboYPf1tQPmnn+6wCcDoAn
Q4KQroB4IXIjVEdCWoCwDNo=
=0521
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Trustix for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQqcK0Ypao72zK539AQE/qgP8CgXVq9Tjhsguts52u9c5bcS1FZAzeTuY
MmNO7Kda3ep942iuur/8kcC20rSwYNTjBJMIpcSV9ry3SFaK46MqTS//NF0S4BhE
Ftcor1RZDdxdhVNfQTcOjnHUPmQ52MRw2sLXssiZiuWDdzncSol5ePVe8EtlNO69
kU1lsjAlZOU=
=cFIw
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________