-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-32
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 10 Mar 2005
 Last revised: 10 Mar 2005

 Package: imap

 Summary: CRAM-MD5 vulnerability discovered in IMAP

 More information:
    The imap package provides server daemons for both IMAP (Internet Message
    Access Protocol) and POP (Post Office Protocol) mail access protocols.

    A logic error exists in the CRAM-MD5 code of IMAP.

 Impact:
    A vulnerablility in an authentication method for IMAP servers could
    allow a remote attacker to access any user's mailbox.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server]
 # turbopkg
 or
 # zabom -u imap imap-devel

 [Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
 # turbopkg
 or
 # zabom -u imap imap-devel imap-server imap-libs

 [other]
 # turbopkg
 or
 # zabom update imap-devel imap-server imap-libs
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   imap-2002b-11.src.rpm
      2121208 b53c919df7dac7cfb1a83123850f86b1

   Binary Packages
   Size: MD5

   imap-2002b-11.i586.rpm
      2121616 c6e4c7e362dceb4c93fd5b88621c2bba
   imap-devel-2002b-11.i586.rpm
      1036920 1a9127fd12f9bfcca7a63690623e8412
   imap-libs-2002b-11.i586.rpm
       555180 0b2f5a08064d41ca7cfcce988a842f22

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   imap-2002b-11.src.rpm
      2121208 dfaa33e39ea8b86286c18d8861c707cd

   Binary Packages
   Size: MD5

   imap-2002b-11.i586.rpm
      2121915 0ef89c3c0c4b84503ec6fd4b16d499b2
   imap-devel-2002b-11.i586.rpm
      1036926 8f8442be1ef6485c30bf1041930e2790
   imap-libs-2002b-11.i586.rpm
       555208 a303513afdaeeffc565076993eadd7ef

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/imap-2004a-5.src.rpm
      2161248 59eec4f6fad7772e8a56095a0a711d3b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imap-2004a-5.i586.rpm
      1915812 7f28a154c25361be7d9054576d5a9b0d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imap-debug-2004a-5.i586.rpm
      1319487 4453360c889aeffd9412b9beabc595c0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/imap-devel-2004a-5.i586.rpm
       747963 085cbd3b6dd5f27cd1404e8fdd1d0f6e

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/imap-2002b-11.src.rpm
      2121208 fa522a3ebf7cfcb81b37d0939e5792aa

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imap-2002b-11.i586.rpm
      1856808 7fdb2fb91ebcd4c21668125971083a78
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imap-devel-2002b-11.i586.rpm
       741803 9644faf75f54a941081cef4b63c21fc1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/imap-libs-2002b-11.i586.rpm
       362232 63e7c739e4fa39307baaec1eb268d1f9

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/imap-2002b-11.src.rpm
      2121208 7eb38b56c661507a035dc0d73cbf8827

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imap-2002b-11.i586.rpm
      2121813 79cd52f110ea02360261fc2d09a7d699
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imap-devel-2002b-11.i586.rpm
      1036922 84c6c3455ae85b06a380220424ef80c5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/imap-libs-2002b-11.i586.rpm
       555197 b039ee4189108b50e81bf7a26845a264

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/imap-2002b-11.src.rpm
      2121208 df0447b576530cd26fb46a89cc5e53e0

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imap-2002b-11.i586.rpm
      2121877 c0b5b5cf7ee8e1bd6adffe07e62a29be
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imap-devel-2002b-11.i586.rpm
      1036880 afa4bc4485570f139e420c9f9730f3c8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/imap-libs-2002b-11.i586.rpm
       555101 c954a5dc6e540942cf12b8af398e2c1d

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/imap-2002b-11.src.rpm
      2121208 6c6041dbb5dfb37a8dbf60f6d8894a4e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imap-2002b-11.i586.rpm
      2067785 9c8e974dd367d11193af0616aefcf90b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imap-devel-2002b-11.i586.rpm
      1023836 1ac53eeda052878df4b37893d93c5a86
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/imap-libs-2002b-11.i586.rpm
       544430 16b1aca91364817bccdbf7dafd21aca4

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/imap-2002b-11.src.rpm
      2121208 ee8fbd792e5229ba0f72c10b72f54d5c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imap-2002b-11.i586.rpm
      2067886 e97cfa6557cbd3dfe04c9467deaa4b4f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imap-devel-2002b-11.i586.rpm
      1023974 b12dafb104353f50a787d4c4c91cfa1b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/imap-libs-2002b-11.i586.rpm
       544443 2faa8b876a858ae6aa5bf4951d9b4c61


 References:

 CVE
   [CAN-2005-0198]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198

 --------------------------------------------------------------------------
 Revision History
    10 Mar 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCOSDuK0LzjOqIJMwRAjSnAJ0VpzZJ0F3Lx/OdtSEbc0rNwb6tWwCdHGMh
d2QBbq2T1slrSUN/uj77p9s=
=LEdi
-----END PGP SIGNATURE-----