[debian-users:39630] Forward: [SECURITY] [DSA 448-1] New pwlib packages fix multiple vulnerabilities

[Kenshi Muto <kmuto@xxxxxxxxxxxxxxx>]

現在の Debian 安定版 (3.0 woody) にセキュリティに関する深刻な問題が発見
されました。

対象パッケージ: pwlib

対処済みのパッケージに更新するには、

deb http://security.debian.org/ stable/updates main contrib non-free

を /etc/apt/sources.list に追加し、

apt-get update ; apt-get upgrade

を実行してください。

詳細については添付のアナウンスをご覧ください。

--- Begin Message ---

• From: Matt Zimmerman <mdz@debian.org>
• Subject: [SECURITY] [DSA 448-1] New pwlib packages fix multiple vulnerabilities
• Date: Sun, 22 Feb 2004 19:38:26 -0800
• Content-disposition: inline
• List-archive: <http://lists.debian.org/debian-security-announce/>
• List-help: <mailto:debian-security-announce-request@lists.debian.org?subject=help>
• List-id: <debian-security-announce.lists.debian.org>
• List-post: <mailto:debian-security-announce@lists.debian.org>
• List-subscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>
• List-unsubscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>
• Old-return-path: <mdz@xxxxxxxxx>
• Priority: urgent
• Resent-date: Sun, 22 Feb 2004 21:38:57 -0600 (CST)
• Resent-from: debian-security-announce@lists.debian.org
• Resent-message-id: <YbNPJ.A.TmF.OXXOAB@murphy>
• Resent-sender: debian-security-announce-request@lists.debian.org
• X-bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.15.13
• X-debian: PGP check passed for security officers
• X-loop: debian-security-announce@lists.debian.org
• X-mailing-list: <debian-security-announce@lists.debian.org>
• X-original-to: kmuto@xxxxxxxxxxxxxxx
• X-original-to: debian-security-announce@lists.debian.org
• X-spam-checker-version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on hydra.topstudio-unet.ocn.ne.jp
• X-spam-level:
• X-spam-status: No, hits=-103.7 required=10.0 tests=AWL,BAYES_00, USER_IN_WHITELIST autolearn=ham version=2.61
• X-virus-scanned: by amavisd-new-20030616-p5 (Debian) at topstudio.co.jp
• Message-id: <20040223033826.GV20928@xxxxxxxxx>
• User-agent: Mutt/1.5.5.1+cvs20040105i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 448-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
February 22nd, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pwlib
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2004-0097
Debian bug     : 233888

Multiple vulnerabilities were discovered in pwlib, a library used to
aid in writing portable applications, whereby a remote attacker could
cause a denial of service or potentially execute arbitrary code.  This
library is most notably used in several applications implementing the
H.323 teleconferencing protocol, including the OpenH323 suite,
gnomemeeting and asterisk.

For the current stable distribution (woody) this problem has been
fixed in version 1.2.5-5woody1.

For the unstable distribution (sid), this problem will be fixed soon.
Refer to Debian bug #233888 for details.

We recommend that you update your pwlib package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.dsc
      Size/MD5 checksum:      639 2e057d4bb38abbdfebe95ca2962a2733
    http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.diff.gz
      Size/MD5 checksum:    34683 4f5b334e860eea238244d82d8084f6bb
    http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5.orig.tar.gz
      Size/MD5 checksum:   749440 b320577dd1cff37cceea57c45de9de85

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_alpha.deb
      Size/MD5 checksum:   130708 899913e27abbbaf9181e363fc5c00184
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_alpha.deb
      Size/MD5 checksum:   868610 579711836aa1cf6310b445f4f769074d
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_alpha.deb
      Size/MD5 checksum:  2270224 d51adae04e7caa1fb8c0c77c02ec366d
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_alpha.deb
      Size/MD5 checksum:  1543738 9903ecfadacc28839ba71daebb2ce272

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_arm.deb
      Size/MD5 checksum:   133952 48cb63c89f21dad3e721bbc44d350824
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_arm.deb
      Size/MD5 checksum:   861230 a1d5d4f66be1c134039139e1d4b686fd
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_arm.deb
      Size/MD5 checksum:  1841968 a17d84ac845f1bd3ce70f6aab66026f6
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_arm.deb
      Size/MD5 checksum:  1502856 d97cd24a9fca26db167d92ead0aa6077

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_i386.deb
      Size/MD5 checksum:   112508 656f942f7909fb0d76f39973111d5839
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_i386.deb
      Size/MD5 checksum:   788502 c389e02adcf493e704c2a5a1b129a883
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_i386.deb
      Size/MD5 checksum:  1838780 aacb8d43274e1bed588659640d174a2d
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_i386.deb
      Size/MD5 checksum:  1301568 c96d4b6b4004dd20dcf93f2b3081dcc3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_ia64.deb
      Size/MD5 checksum:   146510 f0f35a5d97c4e9c1bc4d71bc0c1f8d60
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_ia64.deb
      Size/MD5 checksum:   996212 e1bf67b0d5e64ba7910bc602b871e330
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_ia64.deb
      Size/MD5 checksum:  2466746 bf2a8caa6963954d1f7e95a978f76a5e
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_ia64.deb
      Size/MD5 checksum:  1774658 7231677252682b0260e5c57469cb420f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_hppa.deb
      Size/MD5 checksum:   149596 707e83b5967383808e7f353754864cbd
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_hppa.deb
      Size/MD5 checksum:   991818 24b024ec88157f7d30bd853883b3aabd
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_hppa.deb
      Size/MD5 checksum:  2847570 b60a52e989ec6fe77edff22547013d13
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_hppa.deb
      Size/MD5 checksum:  1993572 dafc6b5a2adec05e389489c344b70a75

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_m68k.deb
      Size/MD5 checksum:   104312 e70cd451ac98f4d01615e1ec5096c816
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_m68k.deb
      Size/MD5 checksum:   858732 d513f7ca86a75a0b58cc2f120d47f05b
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_m68k.deb
      Size/MD5 checksum:  1891398 db5ec25f3f813da5be85a504ceae83bb
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_m68k.deb
      Size/MD5 checksum:  1297004 b963c654b1cb7b66101b3cbe83c3494e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_mips.deb
      Size/MD5 checksum:   126130 86cb6659d891e1b9fecc915c1e06ea71
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_mips.deb
      Size/MD5 checksum:   758362 72c65ab5fd677f9a0f546f895142fe54
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_mips.deb
      Size/MD5 checksum:  1998404 15532db557ca3a7358330d30a3273cf1
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_mips.deb
      Size/MD5 checksum:  1457282 248b40bcf4cb8a5a5c5b4074b457d001

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_powerpc.deb
      Size/MD5 checksum:   107404 eadf9a2ae2a8672669b7692c53cf1e9e
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_powerpc.deb
      Size/MD5 checksum:   918814 3b180bd91862ae1f55f0d590359e6ffa
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_powerpc.deb
      Size/MD5 checksum:  2269394 12646912e9fead507821e021806b4dc5
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_powerpc.deb
      Size/MD5 checksum:  1659834 9077a25b959e5a7b4d804936ee7f69bb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_s390.deb
      Size/MD5 checksum:    97532 1b421333f3099dc46539dc4df4078ce7
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_s390.deb
      Size/MD5 checksum:   832288 5f4ce30d3fc952317ca233dbd986ad3e
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_s390.deb
      Size/MD5 checksum:  1930542 e738de76f0665c761f5ff309ed238fa2
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_s390.deb
      Size/MD5 checksum:  1307926 08e82668880d288c18f472bf291a187c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_sparc.deb
      Size/MD5 checksum:   105478 19ef591ed5fbd335e3a1d6cf33e177f6
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_sparc.deb
      Size/MD5 checksum:   781956 52cb039ef81f2ff5dd1e8b897063e304
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_sparc.deb
      Size/MD5 checksum:  1906046 049defa3090dc3a97a73c6e6d194d603
    http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_sparc.deb
      Size/MD5 checksum:  1367208 b10e687e83792b0897872431bee9e118

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAOXWZArxCt0PiXR4RAsiXAJ48z1yNupkT11kdzWHh9UOO/4l7kACfUK6e
Th6O4khHENy4mb0qJc4V3jA=
=05/e
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---