[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:44780] [Translate] [SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 821-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 28th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : python2.3
Vulnerability : 整数オーバフロー
Problem type : リモート
Debian-specific: いいえ
CVE ID : CAN-2005-2491
BugTraq ID : 14620
Debian Bug : 324531
整数オーバフローと、その結果としてのバッファオーバフローが the Perl
Compatible Regular Expressions library (PCRE) に発見されており、この欠陥
を攻撃することでリモートの攻撃者が任意のコードを実行可能です。このバグは
Python にも同様に存在していました。この欠陥を攻撃するには、攻撃者が前に
使用した正規表現を指定することができる必要があります。
前安定版 (oldstable) ディストリビューション (woody) には、Python 2.3 パ
ッケージは収録されいてません。
安定版 (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 2.3.5-3sarge1 で修正されています。
不安定版 (unstable) ディストリビューション (sid) では、この問題はバージ
ョン 2.3.5-8 で修正されています。
直ぐに python2.3 パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.dsc
Size/MD5 checksum: 1146 c9037ce6cf68a2d5df19f97f5a355682
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz
Size/MD5 checksum: 2351981 7e1a2c22a67933614ae542df35b3acb5
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
Size/MD5 checksum: 8512566 9c35e5ca3c487e1c1f70f2fb1ccbfffe
Architecture independent components:
http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge1_all.deb
Size/MD5 checksum: 233926 223cf091cba908e4c0dd60c982399979
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb
Size/MD5 checksum: 2859596 854e1efeddbe977279de799b251a8888
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge1_all.deb
Size/MD5 checksum: 512922 39616088287ba21d40668128023dd4eb
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_alpha.deb
Size/MD5 checksum: 2996296 ad472f01175b101810f4cd8230ce42ca
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb
Size/MD5 checksum: 1754306 e38df20cc079ea0136dc466cb0d4ddcf
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_alpha.deb
Size/MD5 checksum: 27464 7504460294b6c214660f24b3b1e60821
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_alpha.deb
Size/MD5 checksum: 31240 97a090aa2a0615471f7cfa6a003e474e
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_alpha.deb
Size/MD5 checksum: 110618 7b929ad7408161e72ff494fdd91f4d5c
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_amd64.deb
Size/MD5 checksum: 3036606 e6cfb948cc51ba1016fa72ab1d8d881b
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb
Size/MD5 checksum: 1593708 acb2012f860ea2394ce4d59d208e0fff
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_amd64.deb
Size/MD5 checksum: 27044 349f90ebf6e00a7ec83e3c3414940d9a
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_amd64.deb
Size/MD5 checksum: 31828 94326ce547a1d484713f89baee196f05
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_amd64.deb
Size/MD5 checksum: 109686 43f9cbc02557f8ec84c6b5fa0255957f
ARM architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_arm.deb
Size/MD5 checksum: 2879988 034c30c2424f90fbd31a1403dd9f6a82
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb
Size/MD5 checksum: 1647238 e12e1d4f9910461132fdabbeca0026d3
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_arm.deb
Size/MD5 checksum: 26516 97e2e80623f47801e2ec9d6fb0d599b7
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_arm.deb
Size/MD5 checksum: 30226 0e97036a09f3980decc8a4c6797d26e3
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_arm.deb
Size/MD5 checksum: 107422 a91658f445c4625b85a96eb624180b07
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_i386.deb
Size/MD5 checksum: 2905678 98c6326533466d01da1fa8afb985a018
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb
Size/MD5 checksum: 1481426 fd12921c4b72a2bc5c09c13cf61fff5f
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_i386.deb
Size/MD5 checksum: 26730 ad2698329ba7c99eac5eaa6b1a590b94
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_i386.deb
Size/MD5 checksum: 30734 5fcd7972c7cdb88ba861570d200d1373
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_i386.deb
Size/MD5 checksum: 107718 93b3439f064954d9b9a7734418f25945
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_ia64.deb
Size/MD5 checksum: 4097268 941b9351e0db7233d6d379d61c21bc0c
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb
Size/MD5 checksum: 2418656 f5095a4c0e64c40df5835dd39feb4b53
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_ia64.deb
Size/MD5 checksum: 29250 cf50a7f65b150c20ee3cc01896d76faf
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_ia64.deb
Size/MD5 checksum: 37324 00a7d379871edaa77d3d3d5127557405
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_ia64.deb
Size/MD5 checksum: 119882 c1c22e8a7fc81cee8b69cc8e69177733
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_hppa.deb
Size/MD5 checksum: 3331026 af94d889af10a0ca9c66d9e9c7658195
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb
Size/MD5 checksum: 1829952 559368afecc529bb082e972ed1241dc2
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_hppa.deb
Size/MD5 checksum: 27980 8e8161e99f46a6315dd32c6129a39122
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_hppa.deb
Size/MD5 checksum: 33242 a9132783cbb7b82e68ceb134e166b726
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_hppa.deb
Size/MD5 checksum: 113166 1f665f77188b5742b82cc3b06372bbfc
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_m68k.deb
Size/MD5 checksum: 2823218 51ea413401b265d7d2f038ad08078d99
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb
Size/MD5 checksum: 1341758 c2db9f478fbe042b273316b607229c7a
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_m68k.deb
Size/MD5 checksum: 26480 d6c586100796c29844c68d8a7f142f8e
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_m68k.deb
Size/MD5 checksum: 29928 47654db712fc8c407cf2bcec667b6f4c
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_m68k.deb
Size/MD5 checksum: 107350 bbeda7026257db6542d759836c5ea657
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mips.deb
Size/MD5 checksum: 3052804 d86677fd7da130bbe0eb12f7feed6afa
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb
Size/MD5 checksum: 1695770 bab1799c14aed77f5c7b93eb178cd440
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mips.deb
Size/MD5 checksum: 26750 cbd5a034f9176c022a0f2d5b0e67e538
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mips.deb
Size/MD5 checksum: 31016 e6f5a98ac27b1a490bc6a83e6eb60047
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mips.deb
Size/MD5 checksum: 107168 9bdc576c77d0df3bb44791728c873487
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mipsel.deb
Size/MD5 checksum: 3036644 fe41f2845e6cbfd26c75a37fd802b1d4
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb
Size/MD5 checksum: 1698196 9b2a5bac079a0852d8b1a1c9b935f006
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mipsel.deb
Size/MD5 checksum: 26708 40128db94333954fa097b22a12e3bb94
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mipsel.deb
Size/MD5 checksum: 30976 7ae310f8fd1a36608a071ca3ddaa82dc
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mipsel.deb
Size/MD5 checksum: 107030 7b05bc85af9aa073d0a1e354f1627279
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_powerpc.deb
Size/MD5 checksum: 3186708 9596c70ad278108753e5219f51a955f5
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb
Size/MD5 checksum: 1709096 de765af43abb979be6890ba992fd5e93
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_powerpc.deb
Size/MD5 checksum: 28488 1a1fd9f26106641fa8483b3eea5c77e0
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_powerpc.deb
Size/MD5 checksum: 32870 4c222048fe64f6d19f970c05a692ec3c
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_powerpc.deb
Size/MD5 checksum: 110322 41e8198a07581a3a24578da3f52c3293
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_s390.deb
Size/MD5 checksum: 3090704 1d3ee4927c950022c34b3a4731d99ec2
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb
Size/MD5 checksum: 1622750 e1b5aa7d3aeb253e4663cf57072dc65b
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_s390.deb
Size/MD5 checksum: 27582 2c799b90959cbd69a79f56a567bba4d0
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_s390.deb
Size/MD5 checksum: 32334 fdd2e66b7deb14c1420ea2f049309c16
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_s390.deb
Size/MD5 checksum: 111940 4b7fb0eb4f410866bd9acf79bf08861f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_sparc.deb
Size/MD5 checksum: 3100398 b9c89fb6f83a5b7c16d9f277acc79ac0
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb
Size/MD5 checksum: 1667050 28cf9751961eba5ff4dfb47ff8910a89
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_sparc.deb
Size/MD5 checksum: 26822 94e6d6084772d367e349cba332a4a19b
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_sparc.deb
Size/MD5 checksum: 31264 2d10cf3eb2a88929aa2efa7062237a32
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_sparc.deb
Size/MD5 checksum: 109600 957cab76890ca1f6a96b9a3474fff17c
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------