-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-11
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 07 Apr 2004
 Last revised           : 07 Apr 2004

 Package : httpd

 Summary : Two issues have been discovered in httpd

 More information :
    Apache is a powerful, full-featured, efficient, and freely-available Web server.

    - Apache does not filter terminal escape sequences from its error logs,
      which could make it easier for attackers to insert those sequences
      into terminal emulators containing vulnerabilities related to escape sequences.

    - Memory leak in ssl_engine_io.c for mod_ssl in Apache 2.

 Impact :
    The vulnerabilities may allow an attacker to cause a denial of service of httpd.

 Affected Products :
    - Turbolinux 10 Desktop

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turboupdate

 # turbopkg

 # zabom update httpd
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.47-8.src.rpm
      6270514 bf9ca0708d5834ce5e299786a0e2a284

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.47-8.i586.rpm
       884255 ce07501b44185392ff26f888eead50c5


 Reiferences :

 The Apache HTTP Server Project
   [Apache HTTP Server 2.0.49 Released]
   http://www.apache.org/dist/httpd/Announcement2.html

 CVE
   [CAN-2003-0020]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
   [CAN-2004-0113]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113


 --------------------------------------------------------------------------
 Revision History
    07 Apr 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAc2XOK0LzjOqIJMwRAkPhAKC+KbUWRyOv773ZCGQpcwrX04fHIQCeMOFG
hkhIt2FVgVXcf8fXchA2QuM=
=w0CZ
-----END PGP SIGNATURE-----