[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:41240] [Translate] [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow
かねこです。
URL 等は元記事を確認ください。
------>8------------>8------------>8------------>8------------>8
- --------------------------------------------------------------------------
Debian Security Advisory DSA 458-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
Aughst 31st, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : python2.2
Vulnerability : バッファオーバフロー
Problem-Type : リモート
Debian-specific: いいえ
CVE Ids : CAN-2004-0150
BugTraq ID : 9836
Debian Bug : 248946
このセキュリティ勧告は、DSA 458-1 で localhost 以外の入力で gethostbyaddr
がセグメンテーションフォールトを起こす問題を修正したものです。同時にこの更
新で、全アーキテクチャで IPv6 が無効化されています。
元の勧告は以下です。
Sebastian Schmidt さんにより、Python の getaddrinfo 関数にバッファオー
バフローバグが発見されました。この関数はリモートの攻撃者から DNS 経由で
与えられた IPv6 アドレスでスタック上のメモリを上書きしてしまいます。
このバグは、python 2.2 と 2.2.1 にのみ存在し、IPv6 サポートが無効になっ
ている時のみに問題になります。Debian woody の python2.2 パッケージはこ
れが問題となる条件に当てはまります (python パッケージはあてはまりません)。
現安定版 (stable) woody では、これはバージョン 2.2.1-4.5 で修正されてい
ます。
不安定版 (unstable) sid には、この問題はありません。
すぐに python2.2 パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.0 愛称 woody
- ------------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5.dsc
Size/MD5 checksum: 1150 cf66b7df147cd3abe5f7996ef1d798a1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5.diff.gz
Size/MD5 checksum: 92754 6e8bdacbe3ab45e44614062d88d8058a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d
Architecture independent components:
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.5_all.deb
Size/MD5 checksum: 112964 4b3199bd24e653365a70a84a7e776e71
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.5_all.deb
Size/MD5 checksum: 1314152 f6159965926afd04d721ed7b1f26766a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.5_all.deb
Size/MD5 checksum: 50044 d0a163f95e67375503f44d1cbd06a766
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.5_all.deb
Size/MD5 checksum: 477718 caff59139f30f7afb067ff7adf4def81
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 2138578 a33063f19dfaa15665c20d58cdb73bf0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 863826 d58d2a8280abb6617a32e151494258a0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 18048 212a1f4d3c361c516a0b1415152a6b0b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 21686 7bf08f71e1c0eb371cbb2783497b19f4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 86200 f37e71e03c8ffdc3c93707f4b35340ed
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 52292 fae41d3795662264abdeab61e545dc75
ARM architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_arm.deb
Size/MD5 checksum: 1951870 822b2d62e146e1eaefa8d6f501528f56
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_arm.deb
Size/MD5 checksum: 774482 040afadb3bd8f4f6a9de9c5244725875
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_arm.deb
Size/MD5 checksum: 16860 cd400949fd539fc97580ce35c05f0bcd
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_arm.deb
Size/MD5 checksum: 20102 4aa03c8213d64b7f84b1415cf3b676a1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_arm.deb
Size/MD5 checksum: 84480 af25e64589130d50ea5ac9be616f66fc
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_arm.deb
Size/MD5 checksum: 49704 3bde8cb677e9aa8ce0d9223866914f82
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_i386.deb
Size/MD5 checksum: 1888726 436d2ed1731063b83fca919845480fa9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_i386.deb
Size/MD5 checksum: 684000 51122edfefa820a42d80edb8e3983b6b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_i386.deb
Size/MD5 checksum: 16658 29d9a3dea27ae4b5f3daab542192f590
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_i386.deb
Size/MD5 checksum: 20040 7540f4b9f60ad14126fcd66d6e7da3aa
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_i386.deb
Size/MD5 checksum: 83280 2ced34d765dc4916885251a8d3b70548
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_i386.deb
Size/MD5 checksum: 48678 ac6e9fdad6443eb316e767fd570812f2
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 2489766 94e9bb04dc16839e7c58c804fbdb532d
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 936530 8e7e149b9a88476312ed4843d1b409cd
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 19466 96eb4f653a816458ea185be60bfadb01
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 25410 0073429e3953ac49859f354019a250b5
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 90336 55464dae099820960f7e18e3641f2f4b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 56362 9505164b5a445e25424c3d2999193af4
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 2356458 a5347c22d8e5fff386931a205a408fd9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 924798 db38537800027eeac634fd3d86033bf9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 18198 2a1e0e73f5f8e2a502d083a134734489
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 24008 5bc5d723dbf8967d8abfebd6eb246051
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 88038 9d2d5a229986c09cc24f18e00ba7f4ec
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 54914 76a19df9685652a813fc7cb6d78631e8
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 1894230 638aaee1095e8a9f7e195dac11dbf9db
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 660790 9303e0a962e847b073156efc4fdf9490
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 16778 073a581cf3aacc8e3d190162badea45a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 19720 cb652d481c6dc183924438d29a9c2dc7
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 84166 c929a6e6f2e465406e318c495461ab12
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 49494 ad110ab5d060a7d40913615ca7baa190
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_mips.deb
Size/MD5 checksum: 1952764 aae122721f5f0417a90be9cc2cd651e4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_mips.deb
Size/MD5 checksum: 790258 4a65c4709a023a9c6391ec7fd6d87b5f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_mips.deb
Size/MD5 checksum: 16868 954c72b264e65069549cf15d896bafc0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_mips.deb
Size/MD5 checksum: 20136 2277a007679ca89f27c12cb48066d850
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_mips.deb
Size/MD5 checksum: 83296 5d0540445a5e9f994fba2ef86a0edf92
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_mips.deb
Size/MD5 checksum: 48882 2df2ffa6eadf8df8324229cd7124eb2a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 1947544 556a6c3a1b9601652d0c4875b038b939
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 790136 14f595e7373683cd647bb69144552359
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 16878 46f24850ebabf78dc9b51cb5ff9408be
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 20152 a81e9b7db0c15603bac6210207b09b6c
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 83248 e2c8b60375307c2aad8ab27f72498561
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 48822 95a0795df1d65d250ff9c9592114c71d
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 1998458 31062fa45fe2301a7d3ad9d6f0f26bd4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 775322 3917f645b81febfa0b945d936a326c10
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 16992 190c42311e3ac49edbafd6d716239086
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 20692 65fda13391da2bb6ac5cc0d5c5240254
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 84894 90ede0567beaf59e73f8ba7d1576bd67
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 50218 0448a5f92d10b9170e2a28e29ceb5f91
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_s390.deb
Size/MD5 checksum: 1940432 f970a892475237f0f8a1cb23774009d9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_s390.deb
Size/MD5 checksum: 692566 034e05df689e471713732f8ffec64baf
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_s390.deb
Size/MD5 checksum: 17234 2dc518f352a8750405caf5381998e51a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_s390.deb
Size/MD5 checksum: 20474 17c7bf9dd87d040fc843420fcd21d10a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_s390.deb
Size/MD5 checksum: 85278 903c1d5a078c215b7518c635e28eb743
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_s390.deb
Size/MD5 checksum: 49756 786da3d0572811f2b113c2f7a7a82b2a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 2036844 5afa6fef3493a74ebfb5b62940e54549
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 738110 512c476def1ccd06acf18d71cc79d3ac
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 19980 eb2c3f81a9161de148d0d3b78ffac1b9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 19632 3900b210f66c620462aa8e6000b070a4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 84110 5ad581c3e6cde9f851e7cd54b530068b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 49476 7d9584eb01d6793667d2b19cc47727ce
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------