-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2002-77 http://www/turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Analog System stop by local user Release date : 2002-11-30 Solution: package : analog-5.24-2 Problematical point * Making use of vulnerability of the anlgform.pl, local user can cause system to stop Solution: Using turbopkg command, please do automatic operation update. When necessary, update is done automatically. Use the following command to verify the version currently installed. # rpm -qa | grep package name When automatic operation update is used, all objects update. Select the package, and use the rpm command to select when you would like to update. Execution example --------------------------------------------------------------------- 1. In super user modification $ su - 2. Password of super user input Password: 3. Starting the turbopkg # turbopkg 4. Menu selection " Update " " FTP server " " Update sight " Optional sight selection 5. In general user modification # exit --------------------------------------------------------------------- < Turbolinux 8 Server > < Turbolinux 8 Workstation > < Turbolinux 7 Server > < Turbolinux 7 Workstation > analog-5.24-2.i586.rpm < Turbolinux Advanced Server 6 > < Turbolinux Server 6.1 > analog-5.24-2.i386.rpm < Turbolinux Server 6.5 > < Turbolinux Workstation 6.0 > * Because the analog package is not recorded in the above-mentioned product, it is not necessary to update. * Upon the maintenance of our company FTP sight, we determined that update of the turbopkg is neccesary. Details the below-mentioned URL reference. http://www.turbolinux.co.jp/download/zabom.html Package updates: http://www.turbolinux.co.jp/update/