[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:44780] [Translate] [SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 821-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 28th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : python2.3
Vulnerability  : 整数オーバフロー
Problem type   : リモート
Debian-specific: いいえ
CVE ID         : CAN-2005-2491
BugTraq ID     : 14620
Debian Bug     : 324531

整数オーバフローと、その結果としてのバッファオーバフローが the Perl
Compatible Regular Expressions library (PCRE) に発見されており、この欠陥
を攻撃することでリモートの攻撃者が任意のコードを実行可能です。このバグは
Python にも同様に存在していました。この欠陥を攻撃するには、攻撃者が前に
使用した正規表現を指定することができる必要があります。

前安定版 (oldstable) ディストリビューション (woody) には、Python 2.3 パ
ッケージは収録されいてません。

安定版  (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 2.3.5-3sarge1 で修正されています。


不安定版 (unstable) ディストリビューション (sid) では、この問題はバージ
ョン 2.3.5-8 で修正されています。


直ぐに python2.3 パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
	でファイルを取得できます。
dpkg -i file.deb
        で参照されたファイルをインストールできます。

を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。

apt-get update
        これは内部データベースを更新します。
apt-get upgrade
        これで修正されたパッケージをインストールします。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.dsc
      Size/MD5 checksum:     1146 c9037ce6cf68a2d5df19f97f5a355682

http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz
      Size/MD5 checksum:  2351981 7e1a2c22a67933614ae542df35b3acb5

http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
      Size/MD5 checksum:  8512566 9c35e5ca3c487e1c1f70f2fb1ccbfffe

  Architecture independent components:


http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge1_all.deb
      Size/MD5 checksum:   233926 223cf091cba908e4c0dd60c982399979

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb
      Size/MD5 checksum:  2859596 854e1efeddbe977279de799b251a8888

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge1_all.deb
      Size/MD5 checksum:   512922 39616088287ba21d40668128023dd4eb

  Alpha architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_alpha.deb
      Size/MD5 checksum:  2996296 ad472f01175b101810f4cd8230ce42ca

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb
      Size/MD5 checksum:  1754306 e38df20cc079ea0136dc466cb0d4ddcf

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_alpha.deb
      Size/MD5 checksum:    27464 7504460294b6c214660f24b3b1e60821

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_alpha.deb
      Size/MD5 checksum:    31240 97a090aa2a0615471f7cfa6a003e474e

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_alpha.deb
      Size/MD5 checksum:   110618 7b929ad7408161e72ff494fdd91f4d5c

  AMD64 architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_amd64.deb
      Size/MD5 checksum:  3036606 e6cfb948cc51ba1016fa72ab1d8d881b

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb
      Size/MD5 checksum:  1593708 acb2012f860ea2394ce4d59d208e0fff

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_amd64.deb
      Size/MD5 checksum:    27044 349f90ebf6e00a7ec83e3c3414940d9a

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_amd64.deb
      Size/MD5 checksum:    31828 94326ce547a1d484713f89baee196f05

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_amd64.deb
      Size/MD5 checksum:   109686 43f9cbc02557f8ec84c6b5fa0255957f

  ARM architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_arm.deb
      Size/MD5 checksum:  2879988 034c30c2424f90fbd31a1403dd9f6a82

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb
      Size/MD5 checksum:  1647238 e12e1d4f9910461132fdabbeca0026d3

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_arm.deb
      Size/MD5 checksum:    26516 97e2e80623f47801e2ec9d6fb0d599b7

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_arm.deb
      Size/MD5 checksum:    30226 0e97036a09f3980decc8a4c6797d26e3

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_arm.deb
      Size/MD5 checksum:   107422 a91658f445c4625b85a96eb624180b07

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_i386.deb
      Size/MD5 checksum:  2905678 98c6326533466d01da1fa8afb985a018

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb
      Size/MD5 checksum:  1481426 fd12921c4b72a2bc5c09c13cf61fff5f

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_i386.deb
      Size/MD5 checksum:    26730 ad2698329ba7c99eac5eaa6b1a590b94

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_i386.deb
      Size/MD5 checksum:    30734 5fcd7972c7cdb88ba861570d200d1373

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_i386.deb
      Size/MD5 checksum:   107718 93b3439f064954d9b9a7734418f25945

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_ia64.deb
      Size/MD5 checksum:  4097268 941b9351e0db7233d6d379d61c21bc0c

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb
      Size/MD5 checksum:  2418656 f5095a4c0e64c40df5835dd39feb4b53

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_ia64.deb
      Size/MD5 checksum:    29250 cf50a7f65b150c20ee3cc01896d76faf

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_ia64.deb
      Size/MD5 checksum:    37324 00a7d379871edaa77d3d3d5127557405

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_ia64.deb
      Size/MD5 checksum:   119882 c1c22e8a7fc81cee8b69cc8e69177733

  HP Precision architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_hppa.deb
      Size/MD5 checksum:  3331026 af94d889af10a0ca9c66d9e9c7658195

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb
      Size/MD5 checksum:  1829952 559368afecc529bb082e972ed1241dc2

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_hppa.deb
      Size/MD5 checksum:    27980 8e8161e99f46a6315dd32c6129a39122

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_hppa.deb
      Size/MD5 checksum:    33242 a9132783cbb7b82e68ceb134e166b726

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_hppa.deb
      Size/MD5 checksum:   113166 1f665f77188b5742b82cc3b06372bbfc

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_m68k.deb
      Size/MD5 checksum:  2823218 51ea413401b265d7d2f038ad08078d99

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb
      Size/MD5 checksum:  1341758 c2db9f478fbe042b273316b607229c7a

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_m68k.deb
      Size/MD5 checksum:    26480 d6c586100796c29844c68d8a7f142f8e

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_m68k.deb
      Size/MD5 checksum:    29928 47654db712fc8c407cf2bcec667b6f4c

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_m68k.deb
      Size/MD5 checksum:   107350 bbeda7026257db6542d759836c5ea657

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mips.deb
      Size/MD5 checksum:  3052804 d86677fd7da130bbe0eb12f7feed6afa

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb
      Size/MD5 checksum:  1695770 bab1799c14aed77f5c7b93eb178cd440

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mips.deb
      Size/MD5 checksum:    26750 cbd5a034f9176c022a0f2d5b0e67e538

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mips.deb
      Size/MD5 checksum:    31016 e6f5a98ac27b1a490bc6a83e6eb60047

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mips.deb
      Size/MD5 checksum:   107168 9bdc576c77d0df3bb44791728c873487

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mipsel.deb
      Size/MD5 checksum:  3036644 fe41f2845e6cbfd26c75a37fd802b1d4

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb
      Size/MD5 checksum:  1698196 9b2a5bac079a0852d8b1a1c9b935f006

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mipsel.deb
      Size/MD5 checksum:    26708 40128db94333954fa097b22a12e3bb94

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mipsel.deb
      Size/MD5 checksum:    30976 7ae310f8fd1a36608a071ca3ddaa82dc

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mipsel.deb
      Size/MD5 checksum:   107030 7b05bc85af9aa073d0a1e354f1627279

  PowerPC architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_powerpc.deb
      Size/MD5 checksum:  3186708 9596c70ad278108753e5219f51a955f5

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb
      Size/MD5 checksum:  1709096 de765af43abb979be6890ba992fd5e93

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_powerpc.deb
      Size/MD5 checksum:    28488 1a1fd9f26106641fa8483b3eea5c77e0

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_powerpc.deb
      Size/MD5 checksum:    32870 4c222048fe64f6d19f970c05a692ec3c

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_powerpc.deb
      Size/MD5 checksum:   110322 41e8198a07581a3a24578da3f52c3293

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_s390.deb
      Size/MD5 checksum:  3090704 1d3ee4927c950022c34b3a4731d99ec2

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb
      Size/MD5 checksum:  1622750 e1b5aa7d3aeb253e4663cf57072dc65b

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_s390.deb
      Size/MD5 checksum:    27582 2c799b90959cbd69a79f56a567bba4d0

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_s390.deb
      Size/MD5 checksum:    32334 fdd2e66b7deb14c1420ea2f049309c16

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_s390.deb
      Size/MD5 checksum:   111940 4b7fb0eb4f410866bd9acf79bf08861f

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_sparc.deb
      Size/MD5 checksum:  3100398 b9c89fb6f83a5b7c16d9f277acc79ac0

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb
      Size/MD5 checksum:  1667050 28cf9751961eba5ff4dfb47ff8910a89

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_sparc.deb
      Size/MD5 checksum:    26822 94e6d6084772d367e349cba332a4a19b

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_sparc.deb
      Size/MD5 checksum:    31264 2d10cf3eb2a88929aa2efa7062237a32

http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_sparc.deb
      Size/MD5 checksum:   109600 957cab76890ca1f6a96b9a3474fff17c


 これらのファイルは次の版の安定版リリース時そちらに移されます。

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------