[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:31621] Re: Forward: [SECURITY] [DSA 107-1] New jgroff packages fix printf format problem

From: "西尾高幸" <nishio@xxxxxxxxxxxx>
Subject: [debian-users:31621] Re: Forward: [SECURITY] [DSA 107-1] New jgroff packages fix printf format problem
Date: Thu, 31 Jan 2002 09:53:08 +0900
X-http-user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 3.0pl#17]; post only (only members can post)
X-remote-addr: 192.168.1.30
References: <20020130174726.BFCA953814@xxxxxxxxxxxxxxxxxxxxxx>
Message-id: <200201310053.g0V0r4C02355@xxxxxxxxxxxxxxxxx>
X-mail-count: 31621
X-mailer: GIDEON WHITEBOX INTRANET Mailer ver 2.0

HP更新しました


> 現在の Debian 安定版 (2.2 potato) にセキュリティに関する深刻な問題が発見
> されました。
> 
> 対象パッケージ: jgroff
> 
> 対処済みのパッケージに更新するには、
> 
> deb http://security.debian.org/ stable/updates main
> 
> を /etc/apt/sources.list に追加し、
> 
> apt-get update ; apt-get upgrade
> 
> を実行してください。
> 
> 詳細については添付のアナウンスをご覧ください。
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 107-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> January 30th, 2002  
> - --------------------------------------------------------------------------
> 
> Package        : jgroff
> Vulnerability  : format print
> Problem-Type   : local
> Debian-specific: no
> 
> Basically, this is the same Security Advisory as DSA 072-1, but for
> jgroff instead of groff.  The package jgroff contains a version
> derived from groff that has japaneze character sets enabled.  This
> package is available only in the stable release of Debian, patches for
> japanese support have been merged into the main groff package.
> 
> The old advisory said:
> 
> Zenith Parse found a security problem in groff (the GNU version of
> troff).  The pic command was vulnerable to a printf format attack
> which made it possible to circumvent the `-S' option and execute
> arbitrary code.
> 
> wget url
> 	will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
> 
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
> 
> 
> Debian GNU/Linux 2.2 alias potato
> - ------------------------------------
> 
>   Source archives:
> 
>     http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.diff.gz
>       MD5 checksum: ba0fffab320b5881f467c4f52788169a
>     http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.dsc
>       MD5 checksum: e37b47561a5988793fa1da9a145d2ac0
>     http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja.orig.tar.gz
>       MD5 checksum: dc1d97074ac73ab0e645a1b80d9639f2
> 
>   Alpha architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-alpha/jgroff_1.15+ja-3.4_alpha.deb
>       MD5 checksum: 5f5eb9347ba9d88e76f10d85350c7c88
> 
>   ARM architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-arm/jgroff_1.15+ja-3.4_arm.deb
>       MD5 checksum: 46adbcf3aa0eb0b4772a6a1364d92c72
> 
>   Intel ia32 architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-i386/jgroff_1.15+ja-3.4_i386.deb
>       MD5 checksum: 1980d28cf9c24231e3583ba994402388
> 
>   Motorola 680x0 architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-m68k/jgroff_1.15+ja-3.4_m68k.deb
>       MD5 checksum: 02327d6d85d7a51b2654af373e5508b2
> 
>   PowerPC architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-powerpc/jgroff_1.15+ja-3.4_powerpc.deb
>       MD5 checksum: 3f08beb01d355399e11bfaa4d28433f1
> 
>   Sun Sparc architecture:
> 
>     http://security.debian.org/dists/stable/updates/main/binary-sparc/jgroff_1.15+ja-3.4_sparc.deb
>       MD5 checksum: a0443303f539c40f3b9415b7035abc7d
> 
> 
>   These files will probably be moved into the stable distribution on
>   its next revision.
> 
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8WCtNW5ql+IAeqTIRAvAKAJoDI02PccSOEOOXpBeE5TFa+Ge1nwCfTAUD
> emMefqtyAlRej9L40ew8TyE=
> =BINw
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

References:
- [debian-users:31618] Forward: [SECURITY] [DSA 107-1] New jgroff packages fix printf format problem
  - From: Kenshi Muto

Prev by Date: [debian-users:31620] ptex + gs-aladdin-vflib で漢字イタリック書体について
Next by Date: [debian-users:31622] Re: ptex + gs-aladdin-vflib で漢字イタリック書体について
Previous by thread: [debian-users:31618] Forward: [SECURITY] [DSA 107-1] New jgroff packages fix printf format problem
Next by thread: [debian-users:31620] ptex + gs-aladdin-vflib で漢字イタリック書体について
Index(es):
- Date
- Thread