English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-60
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 01 Jun 2005
 Last revised: 01 Jun 2005

 Package: bzip2

 Summary: Two vulnerabilities discovered in bzip2

 More information:
    Bzip2 is high-quality data compressor.

    - A vulnerability in the manner in which bzip2 handles bzip2 file
    could allow local users to overwrite arbitrary files via a symlink attack.
    - The bzip2 allows attackers to cause a denial of
    service (excessive CPU consumption due to an infinite loop) via a malformed gzip2 file.

 Impact:
    These vulerabilities could allow attackers to overwrite arbitrary files via
    a symbolic link attack, and/or allow attackers to cause a denial of service.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u bzip2 bzip2-devel

 [other]
 # turbopkg
 or
 # zabom update bzip2 bzip2-devel
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   bzip2-1.0.2-8.src.rpm
       677768 fdfb77cf9c46157cbf89eb2005369ebe

   Binary Packages
   Size: MD5

   bzip2-1.0.2-8.i586.rpm
       103205 4182997bc044f1925e3660267f3163e8

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   bzip2-1.0.2-8.src.rpm
       677768 9fefdf26beb768f2c52386b9fa7fb408

   Binary Packages
   Size: MD5

   bzip2-1.0.2-8.i586.rpm
       103358 72541b45d4635741c147b1a2af1286e5
   bzip2-devel-1.0.2-8.i586.rpm
        33925 030de7b56eb1d513100091a1c62f0baa

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/bzip2-1.0.2-8.src.rpm
       677768 d03959ac9bc0af154185eac4ff6fa28b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/bzip2-1.0.2-8.i586.rpm
       102697 040999e774f68f5951c1227cb6176f9a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/bzip2-devel-1.0.2-8.i586.rpm
        34102 e058550d79f16dc2d21baae95bccb28c

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/bzip2-1.0.2-8.src.rpm
       677768 6975df2e9dd3ec6e784247344e0d551e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/bzip2-1.0.2-8.i586.rpm
       102900 333a0271b30c03dfa57e9696dbcdf8b0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/bzip2-devel-1.0.2-8.i586.rpm
        34152 9e7c045a62fec3cfe2234c107d9a6c10

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/bzip2-1.0.2-8.src.rpm
       677768 493aac668c62418a40eae233f0123726

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/bzip2-1.0.2-8.i586.rpm
       103380 a0e69879b31de8a808f0f90008de109f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/bzip2-devel-1.0.2-8.i586.rpm
        33948 552a9990d5e09cd47b447b575933bef9

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/bzip2-1.0.1-8.src.rpm
       758226 3feed7d682950ebb91c652679f638cbd

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/bzip2-1.0.1-8.i586.rpm
        88642 983d063b60ebdfadbefa05d26e3f3f30
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/bzip2-devel-1.0.1-8.i586.rpm
        36559 beed01fe33b5458c6cac7580599b4b6e

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/bzip2-1.0.1-8.src.rpm
       758226 9cb34099e77ba1b7756be53ee65fdf24

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/bzip2-1.0.1-8.i586.rpm
        85922 71defb5311eca0e6c1288860f37a7271
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/bzip2-devel-1.0.1-8.i586.rpm
        35042 21a3c731e1821ada0d640ede51989819

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/bzip2-1.0.1-8.src.rpm
       758226 ca737ec7f58a592ab968a70ed22d81a1

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/bzip2-1.0.1-8.i586.rpm
        85893 0f58e4d280b7b28908668415a1620071
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/bzip2-devel-1.0.1-8.i586.rpm
        35025 095bfa443af5f83846b51679bbbe307b


 References:

 CVE
   [CAN-2005-0953]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
   [CAN-2005-1260]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260

 --------------------------------------------------------------------------
 Revision History
    01 Jun 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCnZMSK0LzjOqIJMwRAp0bAJwMeXdingYZavLe5dHAYHFrJhTONQCfSmg5
1vvmp9jIIBaEntzuyn8IJtc=
=wj5D
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.