-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-33
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 17 Mar 2005
 Last revised: 17 Mar 2005

 Package: nfs-utils

 Summary: NFS denial of service attack

 More information:
    The nfs-utils package provides a daemon for the kernel NFS server and
    related tools, which provide a much higher level of performance than
    the traditional Linux NFS server used by most users.

    The statd daemon in the nfs-utils package ignores the SIGPIPE signal;
    this can allow remote attackers to cause a denial of service.

 Impact:
    The vulnerability could allow remote attackers to cause a denial of service.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u nfs-utils

 [other]
 # turbopkg
 or
 # zabom update nfs-utils
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   nfs-utils-0.3.1-9.src.rpm
       303949 c1031ba23dd8f7ad0a10149f6aaaca8c

   Binary Packages
   Size: MD5

   nfs-utils-0.3.1-9.i586.rpm
       168124 c9973e9d740743cfee405d5081fa9eee

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   nfs-utils-0.3.1-9.src.rpm
       303949 43feacc08634f05e7e0041a4e6568965

   Binary Packages
   Size: MD5

   nfs-utils-0.3.1-9.i586.rpm
       168274 fbd7593615923991d9335d358e476f91

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/nfs-utils-1.0.6-13.src.rpm
       408853 724e6b5a60aea2816886be377d6da0a9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/nfs-utils-1.0.6-13.i586.rpm
       170567 a252f001ba81a7cb647324a3d91be811

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/nfs-utils-1.0.6-13.src.rpm
       408853 f81ae1aa7f77b47e8fc2855712f2d709

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/nfs-utils-1.0.6-13.i586.rpm
       126786 2be0391770e1ef2670cd6a0c24cd393d

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/nfs-utils-0.3.1-9.src.rpm
       303949 6de4bbf9ae6cc1660e9b09fa9fb8b2b6

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nfs-utils-0.3.1-9.i586.rpm
       168389 a5d112145d46fc0809f54bdef3fdf249

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/nfs-utils-0.3.1-9.src.rpm
       303949 9e6825d4195eb1bb8003dc1075483479

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/nfs-utils-0.3.1-9.i586.rpm
       168434 ef124afa45cbbd0bdd510bb47a617a26

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/nfs-utils-0.3.1-9.src.rpm
       303949 4e2b5a106407d0d39b0927fad824c7c0

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/nfs-utils-0.3.1-9.i586.rpm
       167217 9700fe313ba272a2e96a6df8d1f5270d

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/nfs-utils-0.3.1-9.src.rpm
       303949 23d6c2626d08753764f6a7e964f2f6ed

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/nfs-utils-0.3.1-9.i586.rpm
       167229 46f8c2445403b4edb00d497f890aee56


 References:

 CVE
   [CAN-2004-0946]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0946
   [CAN-2004-1014]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014

 --------------------------------------------------------------------------
 Revision History
    17 Mar 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCOSDyK0LzjOqIJMwRAjcWAKCHoLF8nFSzPruRVG+6hIoPaFxBpQCgkHVP
AzMEfEvunTgm1S5Hdvga9z0=
=DU1k
-----END PGP SIGNATURE-----