-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2004-0038

Package name:      apache, libpng, python
Summary:           Several bugfixes
Date:              2004-06-30
Affected versions: Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  apache:
    Apache is a full featured web server that is freely available, and also
    happens to be the most widely used.

  libpng:
    libpng is a library of functions for creating and manipulating PNG
    (Portable Network Graphics) image format files.

  python:
    Python is an interpreted, interactive, object-oriented programming
    language often compared to Tcl, Perl, Scheme or Java. Python includes
    modules, classes, exceptions, very high level dynamic data types and
    dynamic typing. Python supports interfaces to many system calls and
    libraries.


Problem description:
  apache:
    A DoS attack that could make the web server consume a lot of memory
    and eventually crash was discovered.  See CAN-2004-0493 on 
    http://cve.mitre.org/ for more information.

  libpng:
    The patch used for our libpng update on 2004-06-23 was discovered not
    to be complete.  An improved patch was provided by Josh Bressers of 
    Red Hat software.

  python:
    A bug in CacheFTPHandler stopped swup from working properly with ftp
    repositories.  This bug only affects Trustix Secure Linux 2.0.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  Most updates for Trustix Secure Linux are made available for public
  testing some time before release.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/horizon/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.0/> and
  <URI:http://www.trustix.org/errata/trustix-2.1/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0038>


MD5sums of the packages:
- --------------------------------------------------------------------------
7965199464de30bb350795035399d0db  2.1/rpms/apache-2.0.49-9tr.i586.rpm
174463c74c9ced7186e3a98dafbca80d  2.1/rpms/apache-dbm-2.0.49-9tr.i586.rpm
254da14f55b9c232015e59d0d23777b2  2.1/rpms/apache-devel-2.0.49-9tr.i586.rpm
f540316cf19dde1e934a7027259a8aea  2.1/rpms/apache-manual-2.0.49-9tr.i586.rpm
e2a076679ca4329c6b26a38795f17812  2.1/rpms/libpng-1.2.5-11tr.i586.rpm
4b6b26e54a177043e4b6eac2ec39680a  2.1/rpms/libpng-devel-1.2.5-11tr.i586.rpm
1715bb2580d8d284de9197978a61d96a  2.1/rpms/libpng-tools-1.2.5-11tr.i586.rpm
512ad5cd3716657c8d40b341b448fe2a  2.0/rpms/apache-2.0.49-4tr.i586.rpm
c83c0358631b9e7d5b0a38285f370dfb  2.0/rpms/apache-devel-2.0.49-4tr.i586.rpm
369aa2b4a1c3e157d137d8b7350a768a  2.0/rpms/apache-manual-2.0.49-4tr.i586.rpm
c1f0a307339f23a30741d0a143d097b9  2.0/rpms/libpng12-1.2.5-6tr.i586.rpm
29d7d26d4d333473a516d96691b188d1  2.0/rpms/libpng12-devel-1.2.5-6tr.i586.rpm
c7215e641ba87adcb0a6b6a8ca343cf2  2.0/rpms/python-2.2.3-9tr.i586.rpm
af4f9fab383bd5cf451bb41e854871ec  2.0/rpms/python-dbm-2.2.3-9tr.i586.rpm
8521f8989c722bafaba23d23d2175e69  2.0/rpms/python-devel-2.2.3-9tr.i586.rpm
8f1afd77dc72469c6b9ddeb9842e2687  2.0/rpms/python-docs-2.2.3-9tr.i586.rpm
563836cc7a27da2d6abcbf88ce24eac1  2.0/rpms/python-gdbm-2.2.3-9tr.i586.rpm
efff83f4dfe8bf1c41974b4e43d453f7  2.0/rpms/python-modules-2.2.3-9tr.i586.rpm
0d36290b2f76c9a77af186f68693f7b1  e2/rpms/apache-2.0.49-9tr.i586.rpm
d2432ff1463ebb00f767c92191e08823  e2/rpms/apache-dbm-2.0.49-9tr.i586.rpm
f96a38ec47eb3a16da66e716bbcae63b  e2/rpms/apache-devel-2.0.49-9tr.i586.rpm
4174492054384147ae59d0e66081e88f  e2/rpms/apache-manual-2.0.49-9tr.i586.rpm
8452347b07ceee8ea4de76788fd50894  e2/rpms/libpng-1.2.5-11tr.i586.rpm
ae7741280f84d4e7c526f6b437be06d5  e2/rpms/libpng-devel-1.2.5-11tr.i586.rpm
851a8874bd8a9282d575bf51d99135db  e2/rpms/libpng-tools-1.2.5-11tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD4DBQFA4qsoi8CEzsK9IksRApIBAJ98tn4+uhR1a/u3x3xwTOvzPK/cWQCXaztL
mUWm2g7H47RFK/5xmEwk/Q==
=fiqX
-----END PGP SIGNATURE-----