以前に発表されたproftpdのセキュリティフィクスのpowerpc版がまちがって作ら れていたようで、その修正版がリリースされました。 #アーキテクチャもインテリジェントに見ないといかんかなぁ。 ------------------------------- 現在の Debian 安定版 (2.2 potato) にセキュリティに関する深刻な問題が発見 されました。 対象パッケージ: proftpd 対処済みのパッケージに更新するには、 deb http://security.debian.org/ stable/updates main を /etc/apt/sources.list に追加し、 apt-get update ; apt-get upgrade を実行してください。 詳細については添付のアナウンスをご覧ください。
--- Begin Message ---
- From: Wichert Akkerman <wichert@xxxxxxxxxx>
- Subject: [SECURITY] [DSA-032-2] proftp runs as root, /var symlink removal
- Date: Fri, 9 Mar 2001 00:57:48 +0100
- Priority: urgent
- Resent-date: Fri, 9 Mar 2001 09:38:09 +0900 (JST)
- Resent-from: debian-security-announce@lists.debian.org
- Resent-message-id: <G8j-ZC.A.sXB.vSCq6@murphy>
- Resent-sender: debian-security-announce-request@lists.debian.org
- X-debian: PGP check passed for security officers
- X-envelope-sender: wichert@xxxxxxxxxx
- X-loop: debian-security-announce@lists.debian.org
- X-mailing-list: <debian-security-announce@lists.debian.org> archive/latest/220
- Message-id: <200103082357.f28NvmA27719@xxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-032-2 security@debian.org http://www.debian.org/security/ Wichert Akkerman March 9, 2001 - ------------------------------------------------------------------------ Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes This is an update to the DSA-032-1 advisory. The powerpc package that was listed in that advisory was unfortunately compiled on the wrong system which caused it to not work on a Debian GNU/Linux 2.2 system. A fixed package with version 1.2.0pre10-2.0potato1.1 has been installed on security.debian.org. For information on the fixed vulnerabilities please see the DSA-032-1 advisory. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------- PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/proftpd_1.2.0pre10-2.0potato1.1_powerpc.deb MD5 checksum: 710e1b324dc8962c14919d0e58078740 These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOqgceajZR/ntlUftAQFe/wMAoe47v8i4odbSrs3++tlhUKuaERjEeP7l M5SLn8088hu+mG+NFF7KZBUKN8gsorG7y1ABmbbh3+k5PmqJOS57L1EHW/4mhrH/ IB9V+9ZBsS2RO9lr/+3eUXH+EUrARsEH =3qb3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- End Message ---
Attachment:
pgpLbl3vIze93.pgp
Description: PGP signature