[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:31621] Re: Forward: [SECURITY] [DSA 107-1] New jgroff packages fix printf format problem
HP更新しました
> 現在の Debian 安定版 (2.2 potato) にセキュリティに関する深刻な問題が発見
> されました。
>
> 対象パッケージ: jgroff
>
> 対処済みのパッケージに更新するには、
>
> deb http://security.debian.org/ stable/updates main
>
> を /etc/apt/sources.list に追加し、
>
> apt-get update ; apt-get upgrade
>
> を実行してください。
>
> 詳細については添付のアナウンスをご覧ください。
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 107-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> January 30th, 2002
> - --------------------------------------------------------------------------
>
> Package : jgroff
> Vulnerability : format print
> Problem-Type : local
> Debian-specific: no
>
> Basically, this is the same Security Advisory as DSA 072-1, but for
> jgroff instead of groff. The package jgroff contains a version
> derived from groff that has japaneze character sets enabled. This
> package is available only in the stable release of Debian, patches for
> japanese support have been merged into the main groff package.
>
> The old advisory said:
>
> Zenith Parse found a security problem in groff (the GNU version of
> troff). The pic command was vulnerable to a printf format attack
> which made it possible to circumvent the `-S' option and execute
> arbitrary code.
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 2.2 alias potato
> - ------------------------------------
>
> Source archives:
>
> http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.diff.gz
> MD5 checksum: ba0fffab320b5881f467c4f52788169a
> http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.dsc
> MD5 checksum: e37b47561a5988793fa1da9a145d2ac0
> http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja.orig.tar.gz
> MD5 checksum: dc1d97074ac73ab0e645a1b80d9639f2
>
> Alpha architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-alpha/jgroff_1.15+ja-3.4_alpha.deb
> MD5 checksum: 5f5eb9347ba9d88e76f10d85350c7c88
>
> ARM architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-arm/jgroff_1.15+ja-3.4_arm.deb
> MD5 checksum: 46adbcf3aa0eb0b4772a6a1364d92c72
>
> Intel ia32 architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-i386/jgroff_1.15+ja-3.4_i386.deb
> MD5 checksum: 1980d28cf9c24231e3583ba994402388
>
> Motorola 680x0 architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-m68k/jgroff_1.15+ja-3.4_m68k.deb
> MD5 checksum: 02327d6d85d7a51b2654af373e5508b2
>
> PowerPC architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-powerpc/jgroff_1.15+ja-3.4_powerpc.deb
> MD5 checksum: 3f08beb01d355399e11bfaa4d28433f1
>
> Sun Sparc architecture:
>
> http://security.debian.org/dists/stable/updates/main/binary-sparc/jgroff_1.15+ja-3.4_sparc.deb
> MD5 checksum: a0443303f539c40f3b9415b7035abc7d
>
>
> These files will probably be moved into the stable distribution on
> its next revision.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8WCtNW5ql+IAeqTIRAvAKAJoDI02PccSOEOOXpBeE5TFa+Ge1nwCfTAUD
> emMefqtyAlRej9L40ew8TyE=
> =BINw
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>