-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2006-1
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 24 Jan 2006
 Last revised: 25 Jan 2006

 Package: httpd

 Summary: Two vulnerabilities discovered in apache

 More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server.  Apache is also the most popular Web server on the Internet.

    - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache.
    - The httpd allows remote attackers to cause a denial of service (crash).

 Impact:
    Allows remote attackers to cause a denial of service of the Apache server.

 Affected Products:
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server]
 # turbopkg
 or
 # zabom -u httpd httpd-debug httpd-devel httpd-manual mod_bwshare mod_ssl

 [Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home,
  Turbolinux Multimedia, Turbolinux Personal]
 # turbopkg
 or
 # zabom -u httpd
 ---------------------------------------------


 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   httpd-2.0.54-9.src.rpm
      7617054 bcfe302f4aa013ea4e364cbde4160af6

   Binary Packages
   Size: MD5

   httpd-2.0.54-9.i686.rpm
      1265893 71f275f25ab905ae282eb969479397aa
   httpd-devel-2.0.54-9.i686.rpm
       275969 75fffb630b0f11516f9b777230092dcb

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-17.src.rpm
      6849239 463a14f01fc8d9a398af749e2a1d0a7e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-17.x86_64.rpm
      1142552 e93445800e90655279d14f2d94515e85
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-17.x86_64.rpm
      3224790 0899f7ff2c625efb2e64bc375859d875
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-17.x86_64.rpm
       223781 67a195c18911e012f231e722626deb9c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-17.x86_64.rpm
      1132118 0030fbcd5db30b7f49e5ec7e382da0df
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-17.x86_64.rpm
        40822 37951034ce092befa7472cbb30735033
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-17.x86_64.rpm
        95622 b6a422bb7fe4d4f947c5314a911cb5a4

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-17.src.rpm
      6849239 3967dae710a5b52ff13e401d1622966b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-2.0.51-17.i586.rpm
      1031922 2b342120df3944d2acd3a01f1a5875b8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-debug-2.0.51-17.i586.rpm
      3241200 e6d2e4738aa0c788c8384297286b6d76
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-devel-2.0.51-17.i586.rpm
       223944 b6d97602ac419b4e00a751c0e383233c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-manual-2.0.51-17.i586.rpm
      1131949 4eddb218d6636a088869441bdc358d2e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_bwshare-2.0.51-17.i586.rpm
        40071 5939c0818a1142cc03e1a2b340ca6d9c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_ssl-2.0.51-17.i586.rpm
        88017 618303bfa3a22985c52a50d8faa2be83

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-18.src.rpm
      6320170 e884d2f378b683cdbb40447cb8ee2682

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-18.i586.rpm
       892861 fbd1b048a7bb5cdf5ab4f204eefa303d


 References:

 CVE
   [CAN-2005-3352]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3352
   [CAN-2005-3357]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3357

 --------------------------------------------------------------------------
 Revision History
    24 Jan 2006 Initial release
    25 Jan 2006 Typo Original released date
 --------------------------------------------------------------------------

 Copyright(C) 2006 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD1lVRK0LzjOqIJMwRAusCAJ4+FfuLcfemSuexS5BcOhhabkUZoQCglIK0
zgjJF6JBuVFaFWtwDwdmeQc=
=0N1S
-----END PGP SIGNATURE-----