[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:45602] [Translate] [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 937-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 12th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : バッファオーバフロー
Problem type   : リモート
Debian-specific: いいえ
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
                 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
CERT advisory  :
BugTraq ID     :
Debian Bug     : 342292

"infamous41md" さんおよび Chris Evans さんにより、Portable Document
Format (PDF) 向けプログラム xpdf にヒープベースのバッファオーバフローが
発見されました。この欠陥は、teTeX のバイナリファイルパッケージ tetex-bin
にも存在します。この欠陥を攻撃することで、アプリケーションのクラッシュ
が可能で、さらに任意のコードが実行できる可能性があります。
	
前安定版 (oldstable) ディストリビューション (woody) では、この問題はバー
ジョン 1.0.7+20011202-7.7 で修正されています。

安定版  (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 2.0.2-30sarge4 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題は tetex
-bin へのリンクとなるバージョン 0.4.3-2 の poppler で修正されています。

直ぐに tetex-bin パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
	でファイルを取得できます。
dpkg -i file.deb
        で参照されたファイルをインストールできます。

を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。

apt-get update
        これは内部データベースを更新します。
apt-get upgrade
        これで修正されたパッケージをインストールします。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 3.0 愛称 woody
- --------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
      Size/MD5 checksum:      874 4fe4cb1a4bb2d39afc7f92948bafe6af
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
      Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    84666 14987fa20077b5ce0a10f64d0df7e25f
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:    53260 7736b2f52cbdd476e8d4b8339b5d8b72
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
      Size/MD5 checksum:  4569310 e5063538a36c4fd7aa514f2e8711aea0

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    65270 472d8a8a0f9823eab4b57a9a95515c01
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:    43782 d2dde880cf11acfdaa89d51dbc3735d5
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
      Size/MD5 checksum:  3704454 62ecd37b4548deed4aa633083eda9e3a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    62610 b019a923fe66e306fe5864373f35e24a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:    40920 f42ec41bd53e2a99315aae7f3dd5657a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
      Size/MD5 checksum:  3137616 24d0d5e485fd32f004aba99607d5b267

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    89722 3ff4685d8757f3f34f69d1d3038b99ee
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:    63476 2d5255d1a7e38287f68692f0fe5dd171
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
      Size/MD5 checksum:  5599966 6cd21572aad64c291f728cfd8ddf5753

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    79344 6cd09b3241459a76bc333ec2cca26eb3
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:    49540 042b7d2e4889fbed4165d86e3841c396
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
      Size/MD5 checksum:  4107634 2253868a707890f55508be0a8d2b5084

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    61938 328fa7a34388dbdd0bf3d77199f46e83
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:    41538 6e3a03abbf8382b2aaed4abc95115e34
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
      Size/MD5 checksum:  2923636 fcd6d90ba74b613de76fd32834c2f250

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    75074 410d60865596a9e67e0dc721b703610e
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:    42556 9a09bb7af1668ce16cee128f67d2da50
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
      Size/MD5 checksum:  3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    74864 db91b18d0295fd07a1771f0fdc910730
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:    42760 293b2e9ea53c8664208b4eaa5d7d038b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
      Size/MD5 checksum:  3899710 d160c22beba8a431496557b59218ebee

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    73944 edc0023d5a5f6c7810e5e39518e9075c
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:    45460 1fa491c88047f14874e162129943a0f2
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
      Size/MD5 checksum:  3588892 ec0621101b8f88a8e6886611f476a23b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    64262 f8383550467d7d3f0dddb35694b4b453
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:    43938 dc3005de68ffb1f120af9b98a4138ad7
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
      Size/MD5 checksum:  3441798 30d05314a39832a47b3b91f900e78d10

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    70704 dc6dd4572fe8dc8d79d645190dd5b9e8
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:    48910 cfe4a6905dbd392494d200a64240604d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
      Size/MD5 checksum:  3599016 000aa70472574b64334c612e8dc6f79b


Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
      Size/MD5 checksum:     1004 983ccc6f8176a0beedda5df8a06e3537
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
      Size/MD5 checksum:   154375 3d72a9201f38d2dde021df25b6e1649c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
      Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    89842 6de1e46a20510337254c069cec4d8590
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:    65424 ceb0f7a0bba00d19b0e787d465ccfe2d
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
      Size/MD5 checksum:  5135466 f1ee07be1b52761c5c421252e69b5fec

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    72772 c7912ef834249631873ca38061306b32
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:    61922 7601e110af324ee3cb90aec31c1a2c4b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
      Size/MD5 checksum:  4356908 4fd1dd53475b92b7d3ded8bc23a84d23

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    67808 ee9b99d5159d1651f6a29768b4cf0854
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:    58142 48e671e8b106b363d8761b3d20acc5ec
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
      Size/MD5 checksum:  4300642 c8049249d1904b75c38081129bc5467e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    66218 d349881df541b5f7383e5a5390ac238a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:    59176 81412a2ee64924929205b718813970bb
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
      Size/MD5 checksum:  3939522 fe9e13180506bb76b073be1e289d214e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    89822 abc527d1eccb607d0731be6200352e75
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:    73492 b7ba1d9e84583256f33a1c5abe76162e
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
      Size/MD5 checksum:  5909228 984e273287f9d5dbee2e8310ab43ae69

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    78310 0e86d99930bf65fdc9c3479089a6a20b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:    66644 21cab5ff1f28857f08b1771de7c3f461
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
      Size/MD5 checksum:  4612710 fdab445f3c33ae90180d3c834044fc40

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    63502 78c53919dcfe97aedbc80b1fc887e204
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:    58736 69a55de426d9e122adc441b26c9bb062
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
      Size/MD5 checksum:  3600916 b05f9a5118f7028e5c437c5749bfe79f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    75558 6449710e39b1ebad2c982bcad599e7f0
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:    59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
      Size/MD5 checksum:  4602728 8454c9ddb3922c981e8d5cc5bf59ad1e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:    59430 ea2fd76fbc73cad63efef3b939c89aa1
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
      Size/MD5 checksum:  4559108 fc52f040b130e7954230cffdd91d1145

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    74904 8a3d0d1292f0978eab3b39d6f96a97e9
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:    63372 09c6961bbf8e5280ab1f618dd443106c
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
      Size/MD5 checksum:  4382198 62e8dec6600f7fdcee4e11bc29258766

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    71844 48a4bded5ebdb5719f5b72fc0bb4ea60
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:    63614 9fdebe54556dba9bb6fd3cdd5bab2034
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
      Size/MD5 checksum:  4269024 36f0cf0d6f8f73f569af231b7b47c53e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    70022 7cfdf14b376e0249ae24bb77fb1ae73a
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:    60990 f25104fe0c734c162f75876bdaf797aa
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
      Size/MD5 checksum:  4156948 a5ae0e1018b2ddc41de89accf9aa10d6


  これらのファイルは次の版の安定版リリース時そちらに移されます。

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------