[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:42805] [Translate] [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
かねこです。
URL 等は元記事を確認ください。
------>8------------>8------------>8------------>8------------>8
- --------------------------------------------------------------------------
Debian Security Advisory DSA 666-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 4th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : python2.2
Vulnerability : 設計上の欠陥
Problem-Type : リモート
Debian-specific: いいえ
CVE ID : CAN-2005-0089
Python 開発チームにより、言語仕様上の欠陥が発見されました。
SimpleXMLRPCServer ライブラリがリモートの攻撃者に内部の登録オブジェクトま
たはモジュールに対する意図しないアクセスを許します。この欠陥は Python
XML-RPC サーバはオブジェクトを _dispatch メソッドを使わず、
register_instance() メソッドで登録している場合にのみ影響を受けます。
register_function() メソッドだけを使っているサーバはこの欠陥の影響を受けま
せん。
安定版 (stable) ディストリビューション (woody) では、この問題はバージョン
2.2.1-4.7 で修正されています。woody 収録の他のバージョンには欠陥はありま
せん。
不安定版 (unstable) ディストリビューション (sid) では、各バージョンに対し
て以下のバージョンでおのおの修正されています。
testing unstable
Python 2.2 2.2.3-14 2.2.3-14
Python 2.3 2.3.4-20 2.3.4+2.3.5c1-2
Python 2.4 2.4-5 2.4-5
直ぐに Python パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.0 愛称 woody
- ------------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
Size/MD5 checksum: 1150 85a315a9618c391ce64b37d90a4b6160
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
Size/MD5 checksum: 93937 2a941445a90fb85e18dd721beee86566
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d
Architecture independent components:
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
Size/MD5 checksum: 113210 f4e5e838b593a8def4278cfbc07e2394
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
Size/MD5 checksum: 1315614 38d7c923c64c5312c9a5508b7a5ad303
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
Size/MD5 checksum: 50288 f6bbdb75092381c536612a83edf8e924
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
Size/MD5 checksum: 478208 db866fa391f1f850a5e56aaaf1eafe4d
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 2139086 5cda0158ec7f3c945848c79fe01222d4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 863972 674a650e0ad435888bee81c1ea35a6ee
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 18270 570725d263b40224bb2e02051a5b0ba4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 21906 48cdabc2f821952bf36db4469f6f4258
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 86394 7a85cc7fba5b4c31ff11191bf6a46687
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
Size/MD5 checksum: 52514 28a63b110be9ad6cbe9ecc0cfb9a0e11
ARM architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
Size/MD5 checksum: 1952432 aebc037d78eaf677674de178809a588f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
Size/MD5 checksum: 774696 07feb185349ac64863755c815bd1c158
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
Size/MD5 checksum: 17076 5d4582d4f6153290b923c5bcd877df8a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
Size/MD5 checksum: 20322 9c8b3fb274d7ab940a2cdf66e1757893
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
Size/MD5 checksum: 84678 9f34987930e3ab3b57564ce6e1573dfb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
Size/MD5 checksum: 49930 6335375b36b8dd0a84b85fa406bf31af
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
Size/MD5 checksum: 1887968 c433c5dab40c9a40401f753d3429f10a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
Size/MD5 checksum: 684216 27f2959507f56b5fde64f9570a5b0669
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
Size/MD5 checksum: 16880 c862eae493fb99c89255dbcb1658dc30
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
Size/MD5 checksum: 20270 0bf9c9453cb32dd4a7bccb73ef0e3081
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
Size/MD5 checksum: 83506 30f744958cc90e6ec2c3dc7b5bf493f0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
Size/MD5 checksum: 48906 30778077a089ecc3b7db06c86b44f0c7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 2490164 9220114e75d322486b0ed913290b086e
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 936768 a04b6b7c02f920a80a448e8992a0b69d
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 19688 9935cfb13fe1767e690069eeb02a13b1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 25620 c1ebfe7ba4719488559a8bdd4c76631c
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 90544 869cdd0347d6592526c97b19f0479316
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
Size/MD5 checksum: 56560 4a395d9ab5ca9966f5151867c9217887
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 2357088 9a444a7afcb97c787ec4319d0241589d
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 925014 2d3590f17319201a251d4728ccbe0ea7
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 18420 e48bcd48bd268b7a1e3344cbeb47627d
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 24218 c05b459cff729578f3db24c888a398cc
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 88238 55f881414b7284040c0492bce30d1eae
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
Size/MD5 checksum: 55136 9e2b25c2d89a2090431c99869b99aa9a
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 1894844 ac1ae3c1c47a7440981ba070c240c238
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 661046 36de9244bd994c06b828c3d61b9ebfe6
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 17008 c05c234760d49e779d584afdf0f7b5e8
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 19958 29d909b72afbf884381ff04754c6dee9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 84390 7c33456556934c93775a87164f971b48
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
Size/MD5 checksum: 49730 65ce6ce72bd20d91ceaef6140069dab2
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
Size/MD5 checksum: 1953104 220170cd500d702d5cee30842155ba89
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
Size/MD5 checksum: 790394 94443815141ac2bffaa4b86dc26ba6db
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
Size/MD5 checksum: 17080 e2e946b5c38e1aca66a0efe4fa7719d2
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
Size/MD5 checksum: 20352 c10c5b001af1bfc395423f2269c22e62
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
Size/MD5 checksum: 83514 400a716e1feeef9a170933b68d0ea2b3
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
Size/MD5 checksum: 49106 259562cbc3a62d001c88a5ca627b3da5
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 1948366 b98830256b99b2c3038a13d312098975
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 790470 b0a9736cf354eebadbd510b770d5be3b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 17116 71c2ccf27bf04f89c95c20f5bcd0031e
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 20380 392b8561e6743589f3ecc5faa74f5a5e
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 83502 8b3e908f1bb0c7fd1569f3ff3642a773
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
Size/MD5 checksum: 49068 aed6e8a847e2510735845d6f8c842a22
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 1999004 b50f4bce7c6129b614e849cddd9f4a05
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 775550 cebf3449bb1401c81d9c02956bfa6072
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 17216 fba6f12e2a103b8dffb69de4c53a9b52
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 20926 cc71efdeff475b546e0bd2b658cad361
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 85108 28cf54ac30182aea9eb78e7e75587a30
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
Size/MD5 checksum: 50466 b55e9e08952ded765ba7fb4865972d93
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
Size/MD5 checksum: 1940928 012d96ec06e9f36de8ff7cba2af5510f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
Size/MD5 checksum: 692834 e35687e5401892a431a25ccf7c14816c
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
Size/MD5 checksum: 17458 c294f4a99b4ab832a16db63ccb8e1de2
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
Size/MD5 checksum: 20702 a25e0672101fccac0f15e3c904b79c88
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
Size/MD5 checksum: 85490 a6299ac965787af1257d69fb8dbdb063
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
Size/MD5 checksum: 50002 896271b9ee3b2bf6e49fc34ffb03e1c9
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 2037298 697d42e83005453061d90a04521a2c8a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 738328 36f92e836b6d457198cb94d11f6e0567
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 20212 27217d51337be6b9f70f1ad0e5d4f6b0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 19856 87a2823ed346ef6c5ef271b82cca256f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 84330 dcb5057290e76192cd35823ecdf16451
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb
Size/MD5 checksum: 49724 0e2ece8db3597681b02dee48528b6a28
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------