-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-17
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 08 Jun 2009
 Last revised: 08 Jun 2009

 Package: ntp

 Summary: Stack-based buffer overflow in ntp

 More information:
    The Network Time Protocol (NTP) is used to synchronize the time of a computer
    client or server to another server or reference time source, such as a radio or
    satellite receiver or modem.

    Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP
    before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. (CVE-2009-0159)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/ntp-4.2.4p3-6.src.rpm
      3440367 311a060a5e0b7e75b6e9f85019d41f6c

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/ntp-4.2.4p3-6.i586.rpm
      1204985 d537853b4af887a3b755931f61dff64a

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   ntp-4.2.4p3-4.src.rpm
      3447067 f5c809425cbc78c4a392e239f8828c4a

   Binary Packages
   Size: MD5

   ntp-4.2.4p3-4.x86_64.rpm
      1228879 a23f3b53a6c23b7b5d18bd7d70a5d7d2
   ntp-server-4.2.4p3-4.x86_64.rpm
       245711 cf7a6ec4cfc2359878ebc78b9906fc1e

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   ntp-4.2.4p3-4.src.rpm
      3447067 f5c809425cbc78c4a392e239f8828c4a

   Binary Packages
   Size: MD5

   ntp-4.2.4p3-4.i686.rpm
      1208884 a6b16af92fe895fc1cc97ee72f4e1713
   ntp-server-4.2.4p3-4.i686.rpm
       240866 b1e8bf630137d136e34d065d85ab4b87

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/ntp-4.2.4p3-4.src.rpm
      3439312 567a351192efa1c2710d4ed50fe3b45f

   Binary Packages
   Size: MD5

   ntp-4.2.4p3-4.x86_64.rpm
      1228879 a23f3b53a6c23b7b5d18bd7d70a5d7d2
   ntp-server-4.2.4p3-4.x86_64.rpm
       245711 cf7a6ec4cfc2359878ebc78b9906fc1e

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/ntp-4.2.4p3-4.src.rpm
      3447067 f5c809425cbc78c4a392e239f8828c4a

   Binary Packages
   Size: MD5

   ntp-4.2.4p3-4.i686.rpm
      1208884 a6b16af92fe895fc1cc97ee72f4e1713
   ntp-server-4.2.4p3-4.i686.rpm
       240866 b1e8bf630137d136e34d065d85ab4b87

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   ntp-4.2.0-11.src.rpm
      2540976 acd1a94ba2acefcfa5b609c2c6daac9d

   Binary Packages
   Size: MD5

   ntp-4.2.0-11.i586.rpm
      1017267 a1b5846126bc11a697a378a8948673ea
   ntp-server-4.2.0-11.i586.rpm
       190192 7f349b62d74576317baacd2ec61d4440

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/ntp-4.2.0-11.src.rpm
      2531382 a3b626a52b426eea7c0046efb2b4eda5

   Binary Packages
   Size: MD5

   ntp-4.2.0-11.i686.rpm
      1131445 459121f758a616a604930ed561d79415

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/ntp-4.2.0-11.src.rpm
      2525333 2d224db5ba308c82e35e62acd60afded

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ntp-4.2.0-11.x86_64.rpm
      1032000 19645afd1a7a12da84f80f00edb5da0e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ntp-debug-4.2.0-11.x86_64.rpm
      1310017 5e83e2d8a0625228455e38d6fd1ecf7a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ntp-server-4.2.0-11.x86_64.rpm
       211991 5a6390ec2a74c36ae7a945804bc6bf4b

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   xntp3-5.93-20.src.rpm
      1975993 8e20c830c52f8448e97ff7490df13577

   Binary Packages
   Size: MD5

   xntp3-5.93-20.i586.rpm
       256797 c3eba171ffdef32771cece24418a757f
   xntp3-server-5.93-20.i586.rpm
        90743 e2444d170c11061b76c71afcdc3bc5f2

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ntp-4.2.0-11.src.rpm
      2540976 acd1a94ba2acefcfa5b609c2c6daac9d

   Binary Packages
   Size: MD5

   ntp-4.2.0-11.i586.rpm
      1017267 a1b5846126bc11a697a378a8948673ea
   ntp-debug-4.2.0-11.i586.rpm
      1296626 d9441215c3b7e1faa82b7c4b233a1f4f
   ntp-server-4.2.0-11.i586.rpm
       190192 7f349b62d74576317baacd2ec61d4440


 References:

 CVE
   [CVE-2009-0159]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159

 --------------------------------------------------------------------------
 Revision History
    08 Jun 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkosmU4ACgkQK0LzjOqIJMyoIQCfVF7qHpmQgVB7BxosJZFaJq0F
s2YAn2/JPQU7hfwfhuR0PNjVzckXm5p1
=UZxV
-----END PGP SIGNATURE-----