--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2002-77
http://www/turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Analog
System stop by local user
Release date : 2002-11-30
Solution: package : analog-5.24-2
Problematical point
* Making use of vulnerability of the anlgform.pl, local user can cause system to stop
Solution:
Using turbopkg command, please do automatic operation update.
When necessary, update is done automatically.
Use the following command to verify the version currently installed.
# rpm -qa | grep package name
When automatic operation update is used, all objects update.
Select the package, and use the rpm command to select when you would like to update.
Execution example
---------------------------------------------------------------------
1. In super user modification
$ su -
2. Password of super user input
Password:
3. Starting the turbopkg
# turbopkg
4. Menu selection
" Update "
" FTP server "
" Update sight "
Optional sight selection
5. In general user modification
# exit
---------------------------------------------------------------------
< Turbolinux 8 Server >
< Turbolinux 8 Workstation >
< Turbolinux 7 Server >
< Turbolinux 7 Workstation >
analog-5.24-2.i586.rpm
< Turbolinux Advanced Server 6 >
< Turbolinux Server 6.1 >
analog-5.24-2.i386.rpm
< Turbolinux Server 6.5 >
< Turbolinux Workstation 6.0 >
* Because the analog package is not recorded in the above-mentioned product, it is not necessary to update.
* Upon the maintenance of our company FTP sight, we determined that update of the turbopkg is neccesary. Details the below-mentioned URL reference.
http://www.turbolinux.co.jp/download/zabom.html
Package updates:
http://www.turbolinux.co.jp/update/