Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > Trustix - multi [TSL-2005-0027]

June 2005

Trustix - multi [TSL-2005-0027]

ID: 00468
Ref: 433/2005
Date: 08 June 2005:16:38:35
Version: 1
Title: Trustix - multi [TSL-2005-0027]
Abstract: discusses issues with apache, bittorrent, cyrus-imapd, mailman, modperl, mysql and zlib
Vendors affected: Trustix
Operating systems affected: Trustix
Applications affected: Trustix

Title
=====
Trustix - multi [TSL-2005-0027]

Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2005-0027

Package name: apache bittorrent cyrus-imapd mailman mod_perl
mysql zlib
Summary: Package fixes
Date: 2005-06-06
Affected versions: Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2

- - --------------------------------------------------------------------------
Package description:
apache:
Apache is a full featured web server that is freely available, and also
happens to be the most widely used.

bittorrent:
BitTorrent gives you the same freedom to publish previously enjoyed by
only a select few with special equipment and lots of money.
You have something terrific to publish -- a large music or video file,
software, a game or anything else that many people would like to have.
But the more popular your file becomes, the more you are punished by
soaring bandwidth costs. If your file becomes phenomenally successful
and a flash crowd of hundreds or thousands try to get it at once, your
server simply crashes and no one gets it. There is a solution to this
vicious cycle. BitTorrent, the result of over two years of intensive
development, is a simple and free software product that addresses all
of these problems.

cyrus-imapd:
The Cyrus IMAP server is a scaleable enterprise mail system
designed for use from small to large enterprise environments using
standards-based technologies.

mailman:
Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives
each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can administer
his or her list entirely from the Web. Mailman also integrates most
things people want to do with mailing lists, including archiving, mail
<-> news gateways, and so on.

mod_perl:
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl runtime library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API. The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.

mysql:
MySQL is a true multi-user, multi-threaded SQL (Structured Query
Language) database server. MySQL is a client/server implementation
that consists of a server daemon (mysqld) and many different client
programs/libraries.

zlib:
The zlib compression library provides in-memory compression and
decompression functions, including integrity checks of the uncompressed
data. This version of the library supports only one compression method
(deflation), but other algorithms may be added later, which will have
the same stream interface. The zlib library is used by many different
system programs.

Problem description:
apache:
- Rebuilt with mod_perl to activate changes to Apache2, Bug #811
- Fixing default httpd.conf to reflect correct locations, Bug #701

bittorrent:
- Start bittorrent last, chkconfig changed to 99 01. Fix Bug #803.
- Added missing PreReq for chkconfig and tsl-utils. ( Ref. Bug #800)

cyrus-imapd:
- Changed chkconfig of cyrus to 76 24

mailman:
- New Upstream

mod_perl:
- Modified perl.conf according to new mod_perl version of 2.0.

mysql:
- Fixed duplicate packaging of /usr/bin/mysqladmin (Fix. Bug #823).
- Man page for mysqladmin now owned by mysql-shared.

zlib:
- New Upstream
- Vendor Fix for CAN-2005-0797. Note that this was fixed in an
earlier update for this package; this is merely a sync with upstream.
- Fix bug when decompressing dynamic blocks with no distance codes
- Do not return an error when using gzread() on an empty file


Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.


Location:
All Trustix Secure Linux updates are available from




About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.


Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.


Questions?
Check out our mailing lists:



Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:


The advisory itself is available from the errata pages at
and

or directly at



MD5sums of the packages:
- - --------------------------------------------------------------------------
ee3ed141fd3d5f579a44a3b066e25195 2.2/rpms/apache-2.0.54-4tr.i586.rpm
c46b0cc1c05c5877174cee5f47203f51 2.2/rpms/apache-dbm-2.0.54-4tr.i586.rpm
a3cc4e4b4d17da8ec1a2515207189548 2.2/rpms/apache-devel-2.0.54-4tr.i586.rpm
7a5de7f4f282378155a03a3fde683d80 2.2/rpms/apache-html-2.0.54-4tr.i586.rpm
ed5897cff7d20b45c161ded7268ea19b 2.2/rpms/apache-manual-2.0.54-4tr.i586.rpm
7fbbdf681fda1c2000e0ba1d80efe491 2.2/rpms/bittorrent-4.0.2-2tr.i586.rpm
cb05de0e52256b3b9534162613e10c28 2.2/rpms/cyrus-imapd-2.2.12-3tr.i586.rpm
dd5b6ff4ab025364d0d71c85bf64a0f9 2.2/rpms/cyrus-imapd-devel-2.2.12-3tr.i586.rpm
63572afae74552483ba0ee56b5767d8b 2.2/rpms/mailman-2.1.6-1tr.i586.rpm
e47e8ce3a58729d093fc3bdf64d4ae78 2.2/rpms/mailman-ca-2.1.6-1tr.i586.rpm
e5d8eeaa366c2946114fcf6a045303ef 2.2/rpms/mailman-cs-2.1.6-1tr.i586.rpm
5ac7233bb95a49dc05083080162f8cd0 2.2/rpms/mailman-de-2.1.6-1tr.i586.rpm
7b09b67608caa2492d7315d39b366202 2.2/rpms/mailman-es-2.1.6-1tr.i586.rpm
a273d49a8b41815b484a67e51cb54dab 2.2/rpms/mailman-et-2.1.6-1tr.i586.rpm
dbc0dc80379ee10f1d1839e24c644fda 2.2/rpms/mailman-eu-2.1.6-1tr.i586.rpm
5e538ea1c4556f0df2123b7d790c80a6 2.2/rpms/mailman-fi-2.1.6-1tr.i586.rpm
1401c93798954e06d04aec08465a17a9 2.2/rpms/mailman-fr-2.1.6-1tr.i586.rpm
2b6fea00c409d8a6ab35cbf971a79033 2.2/rpms/mailman-hr-2.1.6-1tr.i586.rpm
86ae11d575012ef5f929826651c28f30 2.2/rpms/mailman-hu-2.1.6-1tr.i586.rpm
ec7ae4aef9f5f325b8bd1dccd7758b9e 2.2/rpms/mailman-it-2.1.6-1tr.i586.rpm
9b8c25522fd8dd79d3aa95a3708f0122 2.2/rpms/mailman-ja-2.1.6-1tr.i586.rpm
ef159eee5b35c7567292d0736f9e6f1c 2.2/rpms/mailman-ko-2.1.6-1tr.i586.rpm
3c96add14111fff687eaf1ab772fa0b4 2.2/rpms/mailman-lt-2.1.6-1tr.i586.rpm
9577727da7909083ae5d742e2893adef 2.2/rpms/mailman-nl-2.1.6-1tr.i586.rpm
52cff2b104244741257536f62e3c9d31 2.2/rpms/mailman-no-2.1.6-1tr.i586.rpm
889808cbfe8f1c049e1a8164e254885d 2.2/rpms/mailman-pl-2.1.6-1tr.i586.rpm
9e679959d0b858e07c78afcb34103895 2.2/rpms/mailman-pt-2.1.6-1tr.i586.rpm
d50b873c7841cb9a9f9edaade4f7a1f9 2.2/rpms/mailman-pt_BR-2.1.6-1tr.i586.rpm
568a31d0a12b80f7a66cd24a66134b57 2.2/rpms/mailman-ro-2.1.6-1tr.i586.rpm
e22c33fe6006b0582800632bcf656e01 2.2/rpms/mailman-ru-2.1.6-1tr.i586.rpm
d3a1d77f2b04eec24aeeb493d3d19565 2.2/rpms/mailman-sl-2.1.6-1tr.i586.rpm
f9acc3bc94e81ef03bb4654624dfab8f 2.2/rpms/mailman-sr-2.1.6-1tr.i586.rpm
48a148e24e9c663872f426b00934a0c3 2.2/rpms/mailman-sv-2.1.6-1tr.i586.rpm
893aff8ebcbffb280ee497a2a99a1f54 2.2/rpms/mailman-uk-2.1.6-1tr.i586.rpm
ad4231a673e7dcdad8decc19eacd5f63 2.2/rpms/mailman-zh_CN-2.1.6-1tr.i586.rpm
55e8dfbebb8f35f073dd95d2e9ab68b3 2.2/rpms/mailman-zh_TW-2.1.6-1tr.i586.rpm
650e1f5046bab3454a07ac37d55ee91f 2.2/rpms/mod_perl-2.0.0-3tr.i586.rpm
66e7515d1b8de69234e1c5f831dd7710 2.2/rpms/mod_perl-devel-2.0.0-3tr.i586.rpm
9566fb29476a12ce0d07eb09726189cc 2.2/rpms/mysql-4.1.12-2tr.i586.rpm
82d9e2767ff040c7013ef591200bdb93 2.2/rpms/mysql-bench-4.1.12-2tr.i586.rpm
9766afc597c35b34a5844d18e199122c 2.2/rpms/mysql-client-4.1.12-2tr.i586.rpm
11f2b698e63408fa70d9db1bd7653fbf 2.2/rpms/mysql-devel-4.1.12-2tr.i586.rpm
e6fac55328a34185bf76a30c3d4924da 2.2/rpms/mysql-libs-4.1.12-2tr.i586.rpm
dc3db9c49ebc7cbcf90ef8febddcb078 2.2/rpms/mysql-shared-4.1.12-2tr.i586.rpm
1245f20895821174dd07203e5849598f 2.2/rpms/zlib-1.2.2-1tr.i586.rpm
a0cc680aeecee4d8f1f7f251a9364d2d 2.2/rpms/zlib-devel-1.2.2-1tr.i586.rpm

5c55a34b5df7e4dbd29c05247c674189 2.1/rpms/zlib-1.2.2-1tr.i586.rpm
3f1c01e97cfb774545613d4fb86dadf9 2.1/rpms/zlib-devel-1.2.2-1tr.i586.rpm
- - --------------------------------------------------------------------------


Trustix Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCpEmPi8CEzsK9IksRAkQaAKCSDYyf3/93tJOboYPf1tQPmnn+6wCcDoAn
Q4KQroB4IXIjVEdCWoCwDNo=
=0521
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |