[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:44436] [Translate] [SECURITY] [DSA 761-2] New heartbeat packages fix insecure temporary files



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 761-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 15th, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : 安全でない一時ファイルの扱い
Problem-Type   : ローカル
Debian-specific: いいえ
CVE ID         : CAN-2005-2231

DSA-761-1 の heartbeat のセキュリティ更新にはバグがあり、問題を悪化させ
ていました。この勧告でこの問題を修正しています。念のため元の勧告を再掲し
ます。

  Eric Romang さんにより、高可用性 (High-Availability) Linux のサブシス
  テムheartbeat が複数の箇所で安全でないやり方で一時ファイルを作成してい
  ることが発見されました。


安定版  (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 1.2.3-9sarge3 で修正されています。

直ぐに heartbeat パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
	でファイルを取得できます。
dpkg -i file.deb
        で参照されたファイルをインストールできます。

を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。

apt-get update
        これは内部データベースを更新します。
apt-get upgrade
        これで修正されたパッケージをインストールします。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。

Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.dsc
      Size/MD5 checksum:      881 3544d0263e793b04ec3b893faa7d4358

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.diff.gz
      Size/MD5 checksum:   267445 c38c21332c83fbbc6f04b7a95923c52b

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:


http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge3_all.deb
      Size/MD5 checksum:    45276 af7385c286cf97611abc63694536f31b

  Alpha architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:   574458 0dbd8af2534f7f2097f3da75c6a4efb1

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:   150592 66e74571efad4f25aa1f7ea3ed3a31a0

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    70874 c1fe65aeda6313eff97e2f7a7e739a7f

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    53904 cb69e40fd6a1de6e87a72bd6a72e6ebe

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    31064 cc3d581be9eba80478df3fb0dbbd2512

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    94070 202897bb3f00c9c890b6ab42585e5ed6

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    31516 f83006aa4c97225cb5a52178e9360e84

  AMD64 architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:   525780 8360b452456be24df79c7ae29c53277b

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:   126042 8a3b8b4e6c22c6a0fb1f7b459d211117

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    61684 ddba93c0e7d37b4714a6f52cdfd3c595

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    52370 45c27593a16b94baf9647b6efca179d9

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    29892 d15f73d6ce9f43a56abf7817ccbf08a8

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    88908 1ad33906c529089fe40738304af1c1e0

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    30926 26ddc4fbea838b972065b38bd29d249a

  ARM architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:   498386 d88b235816220da27c4f316c957f99f8

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:   123574 cf0088e68cc23bed1ac17d6e21715a73

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    63160 731e5e243017d9a40aaa89ef4dae492b

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    49016 171e6fdbf0f72c525ac8695381f6d523

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    29790 d82e6a7fdd5def2bcb0614a9276e5f88

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    77380 14c49b6f70827caa9391ecab91981b30

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    30222 4fe0b9cb97d0721ed7b944c99bfffc0b

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:   493636 af1e9089f5b799762ab2819a51557fde

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:   117570 2ae72b36cdb8b61a4dd411f738d53ae3

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    58876 38fc2cfb6d0f14e378b32e925d25a6db

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    48056 5d12b336be8605f155d549243c4e8deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    29524 9b9e293795e1db55ca75c12e8c8aabf3

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    79122 369ae7c1032c7ce9589149a0135354c7

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    30374 8b4c4a4aa922a8d5fa213b431bcffe53

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   648244 9356cd18494dce44a0f27ba9f3c76425

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   152630 b392e15e62434d99c8321e5efe8a5508

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    74132 67f3e84093e5550ccc0f83aeebcd406f

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    62390 70d3376d7002c9db165aa74d54961bbf

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    31194 99e6fb826d61ba6b720d02a3fcbfe976

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   104558 84c4e5c68b0273ef8be60c5f48628e29

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    32444 030f7f481056357ba4d8c10d3427e2a9

  HP Precision architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:   550550 f21382efe966438294ad461f09620acb

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:   135880 86957e78d857d893755e3022ac1d648c

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    68154 25d5a17fc0e3b63d5f3b02c659545d7b

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    55528 f13105c363b0137240048e09bb9ae07f

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    30300 fc862d73793810ba0f5dcbf0ca11f1bb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    92774 bf04ac77fa0eb7eebcd74fe2cdad355f

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    31380 2e379ced3aea02eea24640ce35dcf0ed

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:   480640 5a8df01756ad70aae2f0022b286f1970

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:   113482 6c8947d7a9337589e5f0795f2b2bafaf

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    56470 40a4e3f316137d2a77c0414e5f8c0170

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    48254 6998bfa6ccb10114a9eb118d48075cbe

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    29418 dfa6314f2678a398be309767cea40623

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    81896 9d2b5c93cb079805802a25230e412654

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    30204 912a312571782a54275d1ea43c81f06f

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:   536388 9e98c4c8d575ad8d1f3e5cd8ae1ad45e

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:   132540 ede0ee1b34414f6eeb1f4d45847356e3

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    65458 0a08a5ceccf9744ca4ead2d0be51fd9a

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    48326 cff2af32d2a51a98884947c98da6a3a3

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    30128 5390bf7e0ac461eb12e0b9c11fb9ef5d

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    80600 43d2f82e08ffd5f4ad6bf32d66fd7ade

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    32594 db05fce36a3c9ba63dff462136457c84

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:   537016 79a6f30758663e974f925d3afc0e3eeb

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:   132674 f4ad130febbe95b21e1e4f517324f53e

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    65236 378b548016fa5c4e2df45b1f0e7f97c6

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    48546 58a80e13f3d66595e785c3aca0feccce

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    30166 e4c11c0f413db63ca3b76bc75ca39a38

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    80524 4ce68cf47764f0092916fbfd74c91e0f

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    32586 027dec3fbc1b16c5c7cb35c114aed1d3

  PowerPC architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:   554938 5b72952dedccb187fb0db7438df7b019

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:   127506 aae35f8d1888ce532f3ca54a4d62da7f

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    61738 7f65568832507e6ff8e721f14f903367

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    53396 cb699f884c3a04703432e0b665154bd2

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    30016 28c769722b7cb30630e729cfa403a3f0

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    98590 816a4be11149be0b23ef71a83f8e8e63

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    33170 a480a5e90263e088c61d2fd0c69b684c

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:   530432 8cd269f9be98c289ff34daf10900002e

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:   126658 aba07d35c7128edb4de04afb60714a69

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    62370 08c42b465904968c333dbd0ba4a75a74

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    52828 5cc46349891c9343927606216ee37c17

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    29904 5cf21f62deb179b7b7bf3d9f133a1ccd

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    84810 0763f53019af2eaee8a40124d40002d5

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    30878 9eed7728d9e74166b3ebe358d87e0f75

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:   500874 b2f9e4558a891a32f8589bab66229377

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:   121122 7ea5e33cb775d6761ce5895ea81d2bfe

http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    62918 b832c80146fad1ba2792e58247a2eafc

http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    49994 b62c3a0612ae68351087f8dbb9575bc2

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    29756 56d9d3a1815670b063e7404a238fe52e

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    81156 395c0e3f7c9f26a40751d49f101293c6

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    30300 9bb0898aecf070952a06990a111a620d


 これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------