[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:41631] [Translate] [SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality



かねこです。
URL 等は元記事を確認ください。

------>8------------>8------------>8------------>8------------>8
- --------------------------------------------------------------------------
Debian Security Advisory DSA 458-3                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 10th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : python2.2
Vulnerability  : バッファオーバフロー
Problem-Type   : リモート
Debian-specific: いいえ
CVE Ids        : CAN-2004-0150
BugTraq ID     : 9836
Debian Bug     : 248946 269548

このセキュリティ勧告は、DSA 458-2 の改定版で、gethostbyaddr ルーチンで発
生した問題を修正したものです。

元の勧告は以下です。

  Sebastian Schmidt さんにより、Python の getaddrinfo 関数にバッファオー
  バフローバグが発見されました。この関数はリモートの攻撃者から DNS 経由で
  与えられた IPv6 アドレスでスタック上のメモリを上書きしてしまいます。

  このバグは、python 2.2 と 2.2.1 にのみ存在し、IPv6 サポートが無効になっ
  ている時のみに問題になります。Debian woody の python2.2 パッケージはこ
  れが問題となる条件に当てはまります (python パッケージは当てはまりません)。

現安定版 (stable) woody では、これはバージョン 2.2.1-4.6 で修正されてい
ます。

不安定版 (unstable) sid には、この問題はありません。

すぐに python2.2 パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
	でファイルを取得できます。
dpkg -i file.deb
        で参照されたファイルをインストールできます。

を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。

apt-get update
        これは内部データベースを更新します。
apt-get upgrade
        これで修正されたパッケージをインストールします。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。

Debian GNU/Linux 3.0 愛称 woody
- ------------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc
      Size/MD5 checksum:     1150 65937052d54f0c7b0cc3af1edddc1925
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
      Size/MD5 checksum:    92911 a4e0ecb2438f2fd253e8314cca65327b
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
      Size/MD5 checksum:  6536167 88aa07574673ccfaf35904253c78fc7d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb
      Size/MD5 checksum:   113072 5f7e9187d077e1692088e6945d5c7ae7
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
      Size/MD5 checksum:  1313122 2af0221c188e29ff449b438949d73614
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb
      Size/MD5 checksum:    50170 ef6cc05e32cfe7fc4ada960c37ecd6c7
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb
      Size/MD5 checksum:   477836 445ea46dcdac693d5a46b6168950e337

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:  2138618 71014802aca636504b0489184fd99481
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:   863846 c02b730460cfcd58e7feaf45d955850c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:    18172 8a7cb26f7d8d2e9c551010037180b4b5
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:    21812 7ea83935f55be726e4a7d3bfb7e5856e
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:    86310 e65ff0d1a43d76438003cefa82f7102f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb
      Size/MD5 checksum:    52408 9cc59f32c82565169f9a2686fd2d273e

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb
      Size/MD5 checksum:  1952012 104fba9e75b4d8e696f612627492ba5c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
      Size/MD5 checksum:   774610 57a868d154434c5cf1488d1fb841fb29
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb
      Size/MD5 checksum:    16984 6e9a3fd519fae3420b38c5481ac11a61
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb
      Size/MD5 checksum:    20234 9f15f04284c29f052d4266c382854d90
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb
      Size/MD5 checksum:    84596 da71c2d6ac6e66b4f497b0fb15767214
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb
      Size/MD5 checksum:    49838 8de1ee7609f5b5936b073ff4d8f5db9b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb
      Size/MD5 checksum:  1888932 ad8bbd2aafa3038da2c1aecc43b22ab5
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
      Size/MD5 checksum:   684160 cf84251b2a3efe623dcab22015788f99
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb
      Size/MD5 checksum:    16806 c53ae6b16722d589aa5aa276baa566ea
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb
      Size/MD5 checksum:    20196 c67a9714c3796edae6013c0fddc7fa20
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb
      Size/MD5 checksum:    83434 7cb475335d8d49d34b727548947ab98b
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb
      Size/MD5 checksum:    48840 dc78a697c07f4d56d50adffed1452098

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:  2489870 9143be378efb6984da09a01d71144a3b
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:   936662 e44335efece83c86a250ab75791df698
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:    19600 426f4c3cb688edd0dfb55b504186d982
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:    25532 ed0686f89dc05de69c3ab1fbe55cd9ab
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:    90470 7ff395f0aa2734f65a0b6a789bca58d4
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb
      Size/MD5 checksum:    56500 8d2a98c254747e64a99c87bbbbaedc3b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:  2356496 9c2e106c35a485817330372bb509644d
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:   924892 e80da41da2bb55974989a86336e5583c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:    18334 21f548e9db72ef0711b204d71f768a39
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:    24126 3f8ec452923ac1547f722c72e765bdda
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:    88150 22621499539fb13cbc5252fde509689f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb
      Size/MD5 checksum:    55044 41e75afc65e1222939327f6f6cd511d3

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:  1894508 1b9969831f244341db4107dd13efae71
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:   661006 d55e77df7256f2925110b3cd55463cd3
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:    16914 5575632b2e8b9da89be0dbe841a5bac4
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:    19862 93a4bf6758fe9dce5f26a39cb5af1cbf
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:    84314 47fa5ee8d6301a363fe8b5138bc7a0d9
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb
      Size/MD5 checksum:    49652 7ac82b67f7714e3c739c428d4cc58b4a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb
      Size/MD5 checksum:  1952692 a2aa6b12ee9a854531c0993559f994af
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
      Size/MD5 checksum:   790322 df223152f26bd5509e2785f670e4e3b9
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb
      Size/MD5 checksum:    16996 9a3427165c71f0c47fc9836dfbd1c90c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb
      Size/MD5 checksum:    20264 e757f24a9dc5f17f00f47c848416bbbe
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb
      Size/MD5 checksum:    83424 81dcc21741159e388ba7105e241bdae8
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb
      Size/MD5 checksum:    49010 02d6217b66020e01dcacb1c0b452e222

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:  1947624 0f0f0048c110806d090971d5c49d6324
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:   790292 b2b78a3e202fd1f629569cd8b18ad78f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:    17014 2a8d7f63f912931241b359905a1770d7
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:    20288 be0b06c3b8c31d21aade281a26ace17a
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:    83390 dc6cab7251d7c9379577fedf27a162e8
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb
      Size/MD5 checksum:    48950 eaff5cbd52740cdabd4bbde65e70079b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:  1998612 2aa395086b89e212b13e08cde48fcb00
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:   775480 f12b92c5c95fb9a2690756cff7f67f94
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:    17124 5bdad3ccc38b8424045462c8f8fbcf1c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:    20830 7ea5f274f679cc3f165d9f2b290a12e6
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:    85036 33536b14f05ae3ea41aaf45b99939608
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb
      Size/MD5 checksum:    50364 09868f875519c40ea919b0326732b40e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb
      Size/MD5 checksum:  1940578 8aa88725b01ec65f9851d8b02214268c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
      Size/MD5 checksum:   692730 8da1a5ada48bc2e358d65ff703a51ded
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb
      Size/MD5 checksum:    17364 6dc8793cdc3f4c9a1e16773360fdd4a0
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb
      Size/MD5 checksum:    20606 bbd4112275acebf6df1e49884adaf9e7
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb
      Size/MD5 checksum:    85418 0d22d96774004214091360e8e2027d9f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb
      Size/MD5 checksum:    49908 213367943a126d7a5b9936369bcbf386

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:  2036856 2c05e46687d01ab3e5fad8461e0ec802
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:   738218 a3f4fd77c5b92e9f8476c016e03d9906
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:    20108 e016583febe12d5bb26cdbb524eafd71
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:    19756 e7148222583dd66dc72fd50d667a4ee4
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:    84240 88c89b96ddede09ebd8fa7502cda42ca
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb
      Size/MD5 checksum:    49618 77f444e08be3d7176da149b90439f655


  これらのファイルは次の版の安定版リリース時そちらに移されます。

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------