[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:44436] [Translate] [SECURITY] [DSA 761-2] New heartbeat packages fix insecure temporary files
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 761-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 15th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : heartbeat
Vulnerability : 安全でない一時ファイルの扱い
Problem-Type : ローカル
Debian-specific: いいえ
CVE ID : CAN-2005-2231
DSA-761-1 の heartbeat のセキュリティ更新にはバグがあり、問題を悪化させ
ていました。この勧告でこの問題を修正しています。念のため元の勧告を再掲し
ます。
Eric Romang さんにより、高可用性 (High-Availability) Linux のサブシス
テムheartbeat が複数の箇所で安全でないやり方で一時ファイルを作成してい
ることが発見されました。
安定版 (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 1.2.3-9sarge3 で修正されています。
直ぐに heartbeat パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.dsc
Size/MD5 checksum: 881 3544d0263e793b04ec3b893faa7d4358
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.diff.gz
Size/MD5 checksum: 267445 c38c21332c83fbbc6f04b7a95923c52b
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
Size/MD5 checksum: 1772513 9fd126e5dff51cc8c1eee223c252a4af
Architecture independent components:
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge3_all.deb
Size/MD5 checksum: 45276 af7385c286cf97611abc63694536f31b
Alpha architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 574458 0dbd8af2534f7f2097f3da75c6a4efb1
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 150592 66e74571efad4f25aa1f7ea3ed3a31a0
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 70874 c1fe65aeda6313eff97e2f7a7e739a7f
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 53904 cb69e40fd6a1de6e87a72bd6a72e6ebe
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 31064 cc3d581be9eba80478df3fb0dbbd2512
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 94070 202897bb3f00c9c890b6ab42585e5ed6
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_alpha.deb
Size/MD5 checksum: 31516 f83006aa4c97225cb5a52178e9360e84
AMD64 architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 525780 8360b452456be24df79c7ae29c53277b
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 126042 8a3b8b4e6c22c6a0fb1f7b459d211117
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 61684 ddba93c0e7d37b4714a6f52cdfd3c595
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 52370 45c27593a16b94baf9647b6efca179d9
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 29892 d15f73d6ce9f43a56abf7817ccbf08a8
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 88908 1ad33906c529089fe40738304af1c1e0
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_amd64.deb
Size/MD5 checksum: 30926 26ddc4fbea838b972065b38bd29d249a
ARM architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 498386 d88b235816220da27c4f316c957f99f8
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 123574 cf0088e68cc23bed1ac17d6e21715a73
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 63160 731e5e243017d9a40aaa89ef4dae492b
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 49016 171e6fdbf0f72c525ac8695381f6d523
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 29790 d82e6a7fdd5def2bcb0614a9276e5f88
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 77380 14c49b6f70827caa9391ecab91981b30
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_arm.deb
Size/MD5 checksum: 30222 4fe0b9cb97d0721ed7b944c99bfffc0b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 493636 af1e9089f5b799762ab2819a51557fde
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 117570 2ae72b36cdb8b61a4dd411f738d53ae3
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 58876 38fc2cfb6d0f14e378b32e925d25a6db
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 48056 5d12b336be8605f155d549243c4e8deb
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 29524 9b9e293795e1db55ca75c12e8c8aabf3
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 79122 369ae7c1032c7ce9589149a0135354c7
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_i386.deb
Size/MD5 checksum: 30374 8b4c4a4aa922a8d5fa213b431bcffe53
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 648244 9356cd18494dce44a0f27ba9f3c76425
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 152630 b392e15e62434d99c8321e5efe8a5508
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 74132 67f3e84093e5550ccc0f83aeebcd406f
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 62390 70d3376d7002c9db165aa74d54961bbf
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 31194 99e6fb826d61ba6b720d02a3fcbfe976
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 104558 84c4e5c68b0273ef8be60c5f48628e29
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_ia64.deb
Size/MD5 checksum: 32444 030f7f481056357ba4d8c10d3427e2a9
HP Precision architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 550550 f21382efe966438294ad461f09620acb
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 135880 86957e78d857d893755e3022ac1d648c
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 68154 25d5a17fc0e3b63d5f3b02c659545d7b
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 55528 f13105c363b0137240048e09bb9ae07f
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 30300 fc862d73793810ba0f5dcbf0ca11f1bb
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 92774 bf04ac77fa0eb7eebcd74fe2cdad355f
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_hppa.deb
Size/MD5 checksum: 31380 2e379ced3aea02eea24640ce35dcf0ed
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 480640 5a8df01756ad70aae2f0022b286f1970
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 113482 6c8947d7a9337589e5f0795f2b2bafaf
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 56470 40a4e3f316137d2a77c0414e5f8c0170
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 48254 6998bfa6ccb10114a9eb118d48075cbe
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 29418 dfa6314f2678a398be309767cea40623
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 81896 9d2b5c93cb079805802a25230e412654
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_m68k.deb
Size/MD5 checksum: 30204 912a312571782a54275d1ea43c81f06f
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 536388 9e98c4c8d575ad8d1f3e5cd8ae1ad45e
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 132540 ede0ee1b34414f6eeb1f4d45847356e3
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 65458 0a08a5ceccf9744ca4ead2d0be51fd9a
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 48326 cff2af32d2a51a98884947c98da6a3a3
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 30128 5390bf7e0ac461eb12e0b9c11fb9ef5d
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 80600 43d2f82e08ffd5f4ad6bf32d66fd7ade
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mips.deb
Size/MD5 checksum: 32594 db05fce36a3c9ba63dff462136457c84
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 537016 79a6f30758663e974f925d3afc0e3eeb
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 132674 f4ad130febbe95b21e1e4f517324f53e
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 65236 378b548016fa5c4e2df45b1f0e7f97c6
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 48546 58a80e13f3d66595e785c3aca0feccce
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 30166 e4c11c0f413db63ca3b76bc75ca39a38
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 80524 4ce68cf47764f0092916fbfd74c91e0f
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mipsel.deb
Size/MD5 checksum: 32586 027dec3fbc1b16c5c7cb35c114aed1d3
PowerPC architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 554938 5b72952dedccb187fb0db7438df7b019
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 127506 aae35f8d1888ce532f3ca54a4d62da7f
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 61738 7f65568832507e6ff8e721f14f903367
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 53396 cb699f884c3a04703432e0b665154bd2
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 30016 28c769722b7cb30630e729cfa403a3f0
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 98590 816a4be11149be0b23ef71a83f8e8e63
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_powerpc.deb
Size/MD5 checksum: 33170 a480a5e90263e088c61d2fd0c69b684c
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 530432 8cd269f9be98c289ff34daf10900002e
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 126658 aba07d35c7128edb4de04afb60714a69
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 62370 08c42b465904968c333dbd0ba4a75a74
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 52828 5cc46349891c9343927606216ee37c17
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 29904 5cf21f62deb179b7b7bf3d9f133a1ccd
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 84810 0763f53019af2eaee8a40124d40002d5
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_s390.deb
Size/MD5 checksum: 30878 9eed7728d9e74166b3ebe358d87e0f75
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 500874 b2f9e4558a891a32f8589bab66229377
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 121122 7ea5e33cb775d6761ce5895ea81d2bfe
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 62918 b832c80146fad1ba2792e58247a2eafc
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 49994 b62c3a0612ae68351087f8dbb9575bc2
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 29756 56d9d3a1815670b063e7404a238fe52e
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 81156 395c0e3f7c9f26a40751d49f101293c6
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_sparc.deb
Size/MD5 checksum: 30300 9bb0898aecf070952a06990a111a620d
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------