[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:42805] [Translate] [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access



かねこです。
URL 等は元記事を確認ください。

------>8------------>8------------>8------------>8------------>8
- --------------------------------------------------------------------------
Debian Security Advisory DSA 666-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 4th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : python2.2
Vulnerability  : 設計上の欠陥
Problem-Type   : リモート
Debian-specific: いいえ
CVE ID         : CAN-2005-0089

Python 開発チームにより、言語仕様上の欠陥が発見されました。
SimpleXMLRPCServer ライブラリがリモートの攻撃者に内部の登録オブジェクトま
たはモジュールに対する意図しないアクセスを許します。この欠陥は Python 
XML-RPC サーバはオブジェクトを _dispatch メソッドを使わず、
register_instance() メソッドで登録している場合にのみ影響を受けます。
register_function() メソッドだけを使っているサーバはこの欠陥の影響を受けま
せん。

安定版 (stable) ディストリビューション (woody) では、この問題はバージョン
2.2.1-4.7 で修正されています。woody 収録の他のバージョンには欠陥はありま
せん。

不安定版 (unstable) ディストリビューション (sid) では、各バージョンに対し
て以下のバージョンでおのおの修正されています。 

               testing                   unstable
Python 2.2     2.2.3-14                  2.2.3-14
Python 2.3     2.3.4-20               2.3.4+2.3.5c1-2
Python 2.4      2.4-5                     2.4-5

直ぐに Python パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
	でファイルを取得できます。
dpkg -i file.deb
        で参照されたファイルをインストールできます。

を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。

apt-get update
        これは内部データベースを更新します。
apt-get upgrade
        これで修正されたパッケージをインストールします。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。

Debian GNU/Linux 3.0 愛称 woody
- ------------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
      Size/MD5 checksum:     1150 85a315a9618c391ce64b37d90a4b6160
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
      Size/MD5 checksum:    93937 2a941445a90fb85e18dd721beee86566
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
      Size/MD5 checksum:  6536167 88aa07574673ccfaf35904253c78fc7d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
      Size/MD5 checksum:   113210 f4e5e838b593a8def4278cfbc07e2394
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
      Size/MD5 checksum:  1315614 38d7c923c64c5312c9a5508b7a5ad303
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
      Size/MD5 checksum:    50288 f6bbdb75092381c536612a83edf8e924
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
      Size/MD5 checksum:   478208 db866fa391f1f850a5e56aaaf1eafe4d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:  2139086 5cda0158ec7f3c945848c79fe01222d4
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:   863972 674a650e0ad435888bee81c1ea35a6ee
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:    18270 570725d263b40224bb2e02051a5b0ba4
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:    21906 48cdabc2f821952bf36db4469f6f4258
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:    86394 7a85cc7fba5b4c31ff11191bf6a46687
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
      Size/MD5 checksum:    52514 28a63b110be9ad6cbe9ecc0cfb9a0e11

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
      Size/MD5 checksum:  1952432 aebc037d78eaf677674de178809a588f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
      Size/MD5 checksum:   774696 07feb185349ac64863755c815bd1c158
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
      Size/MD5 checksum:    17076 5d4582d4f6153290b923c5bcd877df8a
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
      Size/MD5 checksum:    20322 9c8b3fb274d7ab940a2cdf66e1757893
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
      Size/MD5 checksum:    84678 9f34987930e3ab3b57564ce6e1573dfb
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
      Size/MD5 checksum:    49930 6335375b36b8dd0a84b85fa406bf31af

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
      Size/MD5 checksum:  1887968 c433c5dab40c9a40401f753d3429f10a
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
      Size/MD5 checksum:   684216 27f2959507f56b5fde64f9570a5b0669
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
      Size/MD5 checksum:    16880 c862eae493fb99c89255dbcb1658dc30
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
      Size/MD5 checksum:    20270 0bf9c9453cb32dd4a7bccb73ef0e3081
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
      Size/MD5 checksum:    83506 30f744958cc90e6ec2c3dc7b5bf493f0
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
      Size/MD5 checksum:    48906 30778077a089ecc3b7db06c86b44f0c7

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:  2490164 9220114e75d322486b0ed913290b086e
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:   936768 a04b6b7c02f920a80a448e8992a0b69d
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:    19688 9935cfb13fe1767e690069eeb02a13b1
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:    25620 c1ebfe7ba4719488559a8bdd4c76631c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:    90544 869cdd0347d6592526c97b19f0479316
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
      Size/MD5 checksum:    56560 4a395d9ab5ca9966f5151867c9217887

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:  2357088 9a444a7afcb97c787ec4319d0241589d
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:   925014 2d3590f17319201a251d4728ccbe0ea7
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:    18420 e48bcd48bd268b7a1e3344cbeb47627d
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:    24218 c05b459cff729578f3db24c888a398cc
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:    88238 55f881414b7284040c0492bce30d1eae
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
      Size/MD5 checksum:    55136 9e2b25c2d89a2090431c99869b99aa9a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:  1894844 ac1ae3c1c47a7440981ba070c240c238
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:   661046 36de9244bd994c06b828c3d61b9ebfe6
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:    17008 c05c234760d49e779d584afdf0f7b5e8
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:    19958 29d909b72afbf884381ff04754c6dee9
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:    84390 7c33456556934c93775a87164f971b48
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
      Size/MD5 checksum:    49730 65ce6ce72bd20d91ceaef6140069dab2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
      Size/MD5 checksum:  1953104 220170cd500d702d5cee30842155ba89
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
      Size/MD5 checksum:   790394 94443815141ac2bffaa4b86dc26ba6db
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
      Size/MD5 checksum:    17080 e2e946b5c38e1aca66a0efe4fa7719d2
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
      Size/MD5 checksum:    20352 c10c5b001af1bfc395423f2269c22e62
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
      Size/MD5 checksum:    83514 400a716e1feeef9a170933b68d0ea2b3
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
      Size/MD5 checksum:    49106 259562cbc3a62d001c88a5ca627b3da5

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:  1948366 b98830256b99b2c3038a13d312098975
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:   790470 b0a9736cf354eebadbd510b770d5be3b
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:    17116 71c2ccf27bf04f89c95c20f5bcd0031e
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:    20380 392b8561e6743589f3ecc5faa74f5a5e
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:    83502 8b3e908f1bb0c7fd1569f3ff3642a773
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
      Size/MD5 checksum:    49068 aed6e8a847e2510735845d6f8c842a22

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:  1999004 b50f4bce7c6129b614e849cddd9f4a05
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:   775550 cebf3449bb1401c81d9c02956bfa6072
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:    17216 fba6f12e2a103b8dffb69de4c53a9b52
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:    20926 cc71efdeff475b546e0bd2b658cad361
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:    85108 28cf54ac30182aea9eb78e7e75587a30
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
      Size/MD5 checksum:    50466 b55e9e08952ded765ba7fb4865972d93

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
      Size/MD5 checksum:  1940928 012d96ec06e9f36de8ff7cba2af5510f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
      Size/MD5 checksum:   692834 e35687e5401892a431a25ccf7c14816c
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
      Size/MD5 checksum:    17458 c294f4a99b4ab832a16db63ccb8e1de2
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
      Size/MD5 checksum:    20702 a25e0672101fccac0f15e3c904b79c88
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
      Size/MD5 checksum:    85490 a6299ac965787af1257d69fb8dbdb063
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
      Size/MD5 checksum:    50002 896271b9ee3b2bf6e49fc34ffb03e1c9

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:  2037298 697d42e83005453061d90a04521a2c8a
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:   738328 36f92e836b6d457198cb94d11f6e0567
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:    20212 27217d51337be6b9f70f1ad0e5d4f6b0
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:    19856 87a2823ed346ef6c5ef271b82cca256f
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:    84330 dcb5057290e76192cd35823ecdf16451
    http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb
      Size/MD5 checksum:    49724 0e2ece8db3597681b02dee48528b6a28

  これらのファイルは次の版の安定版リリース時そちらに移されます。

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------