Date: Tue, 31 May 2005 15:31:06 +0200
From: Trustix Security Advisor <tsl@trustix.org.>
To: [email protected]Subject: TSL-2005-0026 - multi
Message-ID: <20050531133106.GA9032@tsunami.trustix.net.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: amavisd-new at lists.trustix.org
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2005-0026
Package name: anaconda bittorrent iptables lilo mod_perl openldap
php php4 pptpd samba squid
Summary: Package fixes
Date: 2005-05-31
Affected versions: Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
anaconda:
The anaconda package contains portions of the Trustix Secure Linux
installation program which can then be run by the user for
reconfiguration and advanced installation options.
Based on Red Hat anaconda 7.2 and 7.3
bittorrent:
BitTorrent gives you the same freedom to publish previously enjoyed by
only a select few with special equipment and lots of money.
You have something terrific to publish -- a large music or video file,
software, a game or anything else that many people would like to have.
But the more popular your file becomes, the more you are punished by
soaring bandwidth costs. If your file becomes phenomenally successful
and a flash crowd of hundreds or thousands try to get it at once, your
server simply crashes and no one gets it. There is a solution to this
vicious cycle. BitTorrent, the result of over two years of intensive
development, is a simple and free software product that addresses all
of these problems.
iptables:
The iptables utility controls the network packet filtering code in the
Linux kernel. If you need to set up firewalls and/or IP masquerading,
you must install this package.
lilo:
LILO (LInux LOader) is a basic system program which boots your Linux
system. LILO loads the Linux kernel from a floppy or a hard drive,
boots the kernel and passes control of the system to the kernel. LILO
can also boot other operating systems.
mod_perl:
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl runtime library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API. The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.
openldap:
LDAP servers and clients, as well as interfaces to other protocols.
Note that this does not include the slapd interface to X.500 and
therefore does not require the ISODE package.
php:
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
php4:
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
pptpd:
PPTPd, Point-to-Point Tunnelling Protocol Daemon, offers out
connections to pptp clients to become virtual members of the IP pool
owned by the pptp server. In effect, these clients become virtual
members of the local subnet, regardless of what their real IP address
is. A tunnel is built between the pptp server and client, and packets
from the subnet are wrapped and passed between server and client
similar to other C/S protocols.
samba:
Samba provides an SMB server which can be used to provide network
services to SMB (sometimes called "Lan Manager") clients, including
various versions of MS Windows, OS/2, and other Linux machines. Samba
uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
(Microsoft Raw NetBIOS frame) protocol.
squid:
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Problem description:
anaconda:
- Removed unneeded import todo from check-repository.py. Fix Bug #783.
bittorrent:
- New upstream
- Fixed %preun to perform actions on uninstall
- Fixed init script to correct sysconfig usage and have a working init
script.
iptables:
- Make initscripts actually use their config files.
lilo:
- Added MAN_DIR=/usr/share/man during make install stage
mod_perl:
- New Upstream.
openldap:
- Rebuilt with --enable-crypt. Fix Bug #718.
php:
- Added mhash support, Bug #748
php4:
- Added mhash support, Bug #748
pptpd:
- Made changes in pptpd.init to specify right start and kill priority
Bug#711, Bug#708.
samba:
- Installed pam_smbpass.so to RPM_BUILD_ROOT and bundled with samba.
(Fix Bug #753)
squid:
- New Upstream
- Fixed a Set-Cookie race condition causing inconsistent cache behaviour
- Abort on misconfigured http_access rules to prevent unexpected results
from partial configuration
- FTP directory listings corrected again (broken by 2.5.STABLE9)
- Support for proxying huge objects greater than 2GB in size
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/> and
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0026/>
MD5sums of the packages:
- --------------------------------------------------------------------------
05332867d7b49cbb38c017d228219e40 2.2/rpms/anaconda-7.2.4-9tr.i586.rpm
43d1ad2c00f832b1f04fdafeba4264b1 2.2/rpms/anaconda-runtime-7.2.4-9tr.i586.rpm
5a97b5dee1f3edaa1ed1f034c9123ea8 2.2/rpms/bittorrent-4.0.2-1tr.i586.rpm
a800f37848a12f63141e9f5caec92257 2.2/rpms/iptables-1.2.11-5tr.i586.rpm
0a3778f3cb360a116eafd38cb3027c00 2.2/rpms/iptables-devel-1.2.11-5tr.i586.rpm
70e73eac0ebf86cb2d043026797e0578 2.2/rpms/iptables-ipv6-1.2.11-5tr.i586.rpm
59b10562349108a7cde08c1dcbd7437d 2.2/rpms/lilo-0.22.6-2tr.i586.rpm
cd64adc177136e10d5a3499beed8b46b 2.2/rpms/lilo-perl-0.22.6-2tr.i586.rpm
2a9fa60971a00b5d4c577e836a05abd1 2.2/rpms/mod_perl-2.0.0-1tr.i586.rpm
0f20bb6ebf2971195e82e51e120f466b 2.2/rpms/mod_perl-devel-2.0.0-1tr.i586.rpm
6a8b5f7f20eb5070f6510fc0828492e9 2.2/rpms/openldap-2.1.30-4tr.i586.rpm
2cc98316c5d84dab7dfc2ad1c021b777 2.2/rpms/openldap-devel-2.1.30-4tr.i586.rpm
812ad8aff0ff8a2fac2bc211c8d685af 2.2/rpms/openldap-libs-2.1.30-4tr.i586.rpm
742e4ffa02202dae66d64d3f24f24687 2.2/rpms/openldap-servers-2.1.30-4tr.i586.rpm
c1d4cf023ee2a3aafb18d016125ec3d4 2.2/rpms/openldap-utils-2.1.30-4tr.i586.rpm
7018b7dcdd67e583747b2acaf845e509 2.2/rpms/php-5.0.4-4tr.i586.rpm
867e6e5dc80aa3e517ee885092cfd211 2.2/rpms/php-cli-5.0.4-4tr.i586.rpm
29f866f1336ac6dd83c6ddcae34311d4 2.2/rpms/php-devel-5.0.4-4tr.i586.rpm
e6bea8cbd4093ef73ac88ea5777aa28d 2.2/rpms/php-exif-5.0.4-4tr.i586.rpm
4948caa62a765d0beecd63b77e0cbc35 2.2/rpms/php-gd-5.0.4-4tr.i586.rpm
50853c69041b4d3478bdbc3f00bbee0f 2.2/rpms/php-imap-5.0.4-4tr.i586.rpm
f81975056fb9a8a535ba156d95cf13a1 2.2/rpms/php-ldap-5.0.4-4tr.i586.rpm
3a7879cda57a0747cee14175a2fc9243 2.2/rpms/php-mhash-5.0.4-4tr.i586.rpm
fefaeaaa2bfc568595064eba4524c2d1 2.2/rpms/php-mysql-5.0.4-4tr.i586.rpm
5cf90824511326991347a2db35140cb8 2.2/rpms/php-mysqli-5.0.4-4tr.i586.rpm
3843cbda9c1e0fcc2b9f545e5b05d0bc 2.2/rpms/php-pgsql-5.0.4-4tr.i586.rpm
0aa31d45a2af7ec57d8e0be19828333e 2.2/rpms/php-zlib-5.0.4-4tr.i586.rpm
e74dc0f031f99b57045471bfaf050d3a 2.2/rpms/php4-4.3.11-3tr.i586.rpm
ab3e19286f6025298b7fa3953c184a7c 2.2/rpms/php4-cli-4.3.11-3tr.i586.rpm
f10be1388c55551b05582a09c18ac1d4 2.2/rpms/php4-devel-4.3.11-3tr.i586.rpm
af14a8cea7e2ba4211c181e91d165625 2.2/rpms/php4-domxml-4.3.11-3tr.i586.rpm
38364e451047515b4bf9d96fb4407559 2.2/rpms/php4-exif-4.3.11-3tr.i586.rpm
e3b98644c32126894b90a76cc2f07292 2.2/rpms/php4-gd-4.3.11-3tr.i586.rpm
cb40b167547c68e8a6802b6eba47b8ed 2.2/rpms/php4-imap-4.3.11-3tr.i586.rpm
c13d8f9a6d896cddeeb8d732f8ab71ce 2.2/rpms/php4-ldap-4.3.11-3tr.i586.rpm
bfa53edc66ced913a57a1cb7a3dc2918 2.2/rpms/php4-mhash-4.3.11-3tr.i586.rpm
db5e96f4542198abd86c185cf204f7e6 2.2/rpms/php4-mysql-4.3.11-3tr.i586.rpm
9fccec6bea2082e87f8e517f598c9c7d 2.2/rpms/php4-pgsql-4.3.11-3tr.i586.rpm
626c57931086c3935ba30ddbfa46f363 2.2/rpms/php4-test-4.3.11-3tr.i586.rpm
7472afc8897144a4ff9e3c0644f040ee 2.2/rpms/pptpd-1.1.4-3tr.i586.rpm
e230e3dd0a60e29ef04d1c7b4f64e5c7 2.2/rpms/samba-3.0.14a-2tr.i586.rpm
d4d93b879478f6a7564a8a867857c07c 2.2/rpms/samba-client-3.0.14a-2tr.i586.rpm
e3e6fcbbf6125b1222c775acfc743a37 2.2/rpms/samba-common-3.0.14a-2tr.i586.rpm
63e7a6dca495a34b5f502f802206055f 2.2/rpms/samba-mysql-3.0.14a-2tr.i586.rpm
de83e19d4ecdaef2fcedd252b6eba547 2.2/rpms/squid-2.5.STABLE10-1tr.i586.rpm
279bdc8be90d4625dad896dd5bd604ab 2.1/rpms/binutils-2.14-4tr.i586.rpm
243cf673f12016952a8e3d9640a6b354 2.1/rpms/openldap-2.1.25-4tr.i586.rpm
f6e8e453321429bf6d3545c9006f9245 2.1/rpms/openldap-devel-2.1.25-4tr.i586.rpm
0e382017971f827c9c6c072cc29a9b48 2.1/rpms/openldap-libs-2.1.25-4tr.i586.rpm
46bc44dad103772b203cf15a0c3a1d76 2.1/rpms/openldap-servers-2.1.25-4tr.i586.rpm
c7684b7d4679195de0a0e6dc55da1961 2.1/rpms/openldap-utils-2.1.25-4tr.i586.rpm
61745b3d346a03e9e9d995a72131add9 2.1/rpms/samba-3.0.14a-2tr.i586.rpm
036368a7983d2668a6e8ff2702711021 2.1/rpms/samba-client-3.0.14a-2tr.i586.rpm
2cbdfef7a5e6f03a50da375d9e4edd1b 2.1/rpms/samba-common-3.0.14a-2tr.i586.rpm
e6bf4257d31c53da3e77a0034fa4d1bc 2.1/rpms/samba-mysql-3.0.14a-2tr.i586.rpm
f99d7d2f2e0ae117b506c9f8b4279ca2 2.1/rpms/squid-2.5.STABLE10-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCnGV9i8CEzsK9IksRAt7XAKCsvMfhKzPmJ660R6JqTcWklWrPhgCfayaX
avgpjpHg65s0EcdY+kg9kA4=
=IYYB
-----END PGP SIGNATURE-----