[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:49791] [SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation
中野です。
URL 等は Debian-security-announce メーリングリストの元記事を確認ください。
------------------------------------------------------------------------
Debian Security Advisory DSA-1412-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 24, 2007 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : ruby1.9
Vulnerability : プログラムエラー
Problem type : ローカル/リモート
Debian-specific: いいえ
CVE Id(s) : CVE-2007-5162 CVE-2007-5770
オブジェクト指向スクリプト言語の Ruby に、いくつかの脆弱性が見付かりました。
The Common Vulnerabilities and Exposures プロジェクトは以下の問題を特定
しました。
CVE-2007-5162
Ruby の HTTP(S) モジュールは SSL 証明書の検証を十分なかたちで行って
おらず、中間者 (man-in-the-middle) 攻撃を可能にしてしまうことが
わかりました。
CVE-2007-5770
Ruby の FTP, Telnet, IMAP, POP, SMTP 用各モールは、SSL 証明書の検証を
十分なかたちで行っておらず、中間者 (man-in-the-middle) 攻撃を可能に
してしまうことがわかりました。
安定版 (stable) ディストリビューション (etch) では、これらの問題は
バージョン 1.9.0+20060609-1etch1 で修正されています。sparc 向けの
パッケージは今後提供される予定です。
旧安定版 (old stable) ディストリビューション (sarge) には、ruby1.9
パッケージは含まれていません。
直ぐに ruby1.9 パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian (安定版)
---------------
安定版のアップデートは、alpha, amd64, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 向けのものが用意されています。
ソースアーカイブ:
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.dsc
Size/MD5 checksum: 1102 ab126186fcdf6957657ecc7a796d2716
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.diff.gz
Size/MD5 checksum: 24635 627c1adebe5c30393f61c78bd7ed8524
アーキテクチャ非依存のパッケージ:
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch1_all.deb
Size/MD5 checksum: 317966 ba31da840a0129e36f8e5e3cdbdc38f2
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch1_all.deb
Size/MD5 checksum: 693558 9609c753abeb56de1340a6861df37882
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch1_all.deb
Size/MD5 checksum: 228790 c7680de3c4f480e47b50362dfbbc6cc2
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch1_all.deb
Size/MD5 checksum: 255110 8ab705f6d663c5f9514bd658ab7e6cf6
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch1_all.deb
Size/MD5 checksum: 265132 9cf18d3bc7adea316ac681e63b1f941a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 324370 e17822d9a9e40bda497f300118bef0cc
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 235830 fbdee75ddf6467da59dd7fba95661d38
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 958976 5d5c6f6b5d9ff8ee73d7b4c3e76d9933
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 216232 5103972d418efcf11b74d85e742e275f
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 216884 e9dedb7b4604176f79cd4e58b4a17755
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 1879324 5f1e231d02c18d628783ea7ae9a12cb8
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 216888 18be35a4de25e208bccdab734ec741da
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 1890058 202b057c31c1f290ea93d297f470ba03
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_alpha.deb
Size/MD5 checksum: 341360 507106ae5d966124e720eeade516ccf1
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 1877670 6b504064d3b9da06c8d1fe8be0b0bf3a
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 1848808 dbb9ee9eeeb2c5613f70a8e3d2637617
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 234876 156535028b15b94577dc4e4633e5ebff
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 806586 773c43721a32c24e44e8c8094f91650f
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 215426 6ebf982794e096d2c5bebf24f92f9ec6
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 322810 91e135d2d5f379ed0faf858c646e2148
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 215916 c3f89134875c80ff6b7c3b88bbc56bef
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 345242 e7664eae307b6959ad357c0b5ef421fc
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
Size/MD5 checksum: 215976 7a1a5115707c78c760a4c6503fdd3f98
arm architecture (ARM)
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 1791476 300dc9be30ca522c432b00ee915c6026
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 214922 536a4d80d79ddf8bdd8c49319ee19cd1
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 215586 75f2e47fe038c2a7d0e004a802e9f4a6
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 236560 99c45bcd8332240fd79f2c6065d0dd4e
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 364396 b9effa7cd406b65cd4316becddafff37
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 310900 a93b0e66cbd77a78f8f18f48ebef6e13
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 792192 532c1d78b722ebdf42019a5979ddc054
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 1875584 7c71b01f46cacd514ca4f08c5b5d8941
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_arm.deb
Size/MD5 checksum: 215652 e10b801d1d05b5aff98731b03045d351
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 236898 446710e9933b7170337a333049eaee5f
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 1751226 4444b1884c784b71902ad2a61ba3f567
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 757158 711d62d5e869c1f9006559326798a52b
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 214942 38982b66583c25c7522103a3a9eb54bc
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 215982 79d148e2fc2175a2a70c661b08139000
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 345026 bbe0ac1615f698cf82099baceb00a7c6
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 1867168 25ed04efb273ff4897d7b05247417ada
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 215746 00a851c1c75103533176fc7fd998da20
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_i386.deb
Size/MD5 checksum: 308928 3358300bb639a29c2e8b21ced7cdc7a1
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 351012 fff4cf6d236b0108031334afdd65d658
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 220024 b9085af8454b394bfac281c9b79bd515
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 219546 83eb67d7a5163abb2f5ea650a188dd75
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 235712 8ae5a0e86166574544af29c25eebbae7
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 1094592 0822d1188d9fc3d6cb960ca10a741687
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 1862882 b54dd65c54f2b5345a7b6dbd5393c06c
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 220020 91e0487d7d3b8739d9fc537797be1936
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 2224142 7311bd4900754e9c1dbd8b22b39e7899
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
Size/MD5 checksum: 350428 7337d9dc53bee9e59787d8e752ed149b
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 215780 c9abc5b3f35adb569bb8ad8ba447b021
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 234938 6f396aaaed493d095ad2d7b9eb206594
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 215554 9e42ee927f755d845938188b7368661f
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 214906 5da2a002ded39e8ce78bcf9062fb9fcb
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 300588 16420c8046f02807aba930c5fde83ebd
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 371722 217781278232fccf78863910d43b6590
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 1677222 69e58910f6d5e63c941b98b3d2855d43
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 1836498 cd3c713268cf294228fa733a942152af
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mips.deb
Size/MD5 checksum: 871412 8190ec0ff4b79d1d0a92f09500043e44
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 1836126 ec3b66a7b3195ade4ed5d6d57d73cf28
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 215454 14d24e9a40eddef48859eb62046a3eb6
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 234944 303fe8a90a774955f064283a02f1e423
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 857548 d569e105874998930cff4f5f7939229e
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 366862 d480d18423806370c3b592719d3bab0c
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 215668 79862a039354f6d83ee43f9cfdc7d2e6
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 298912 dff65dea9cecbb757adf7f1773206ced
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 1666810 5d341dda049770f918991569bff711c4
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
Size/MD5 checksum: 214776 8ba9bb28cdb11ee703d2224eb0a37b6d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 236652 79b759321a1138c27ffbf0c774ef9819
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 217902 50b4417179daab09a66b260be6018e90
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 776090 943815a68257420ea136c304eed752da
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 217580 41bf17420cfc61124d4213a94d684bed
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 1806780 fb9d4b73688f7eafc93ad7d90df625d8
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 1843594 22b896c414bd19519b2efb2c3bad6c65
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 372310 ff19b747cd3b9447a84148e71d2d0b38
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 217016 b685e2ac4b0e6d210a14b2f1be487b84
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
Size/MD5 checksum: 311920 f20c826b2821561036f5ff19fcf5e3d3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 883230 b77c23acbd3cb613a7fa593c7b1bf7f3
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 234848 75d10185a3e6dba382cc58e2035421bd
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 216842 093dd943dc7e721d6b4dd56d3befebc0
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 1848348 85aaa572df8cde87d68f96b45773b44e
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 217390 184dab4eb2a1f1c283ca7f8eefd66e6e
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 370828 048a63b5dc4dd0f856c1104709e47e4c
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 1854598 a7733b20dbe1ef6a4b1bb9816ee2200e
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 327236 675462810c4a01de85938624d77a17b8
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_s390.deb
Size/MD5 checksum: 216922 c365f4c180dff842703689d87dde31e8
これらのファイルは次の版の安定版リリース時そちらに移されます。
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>