[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:45602] [Translate] [SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 937-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 12th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : tetex-bin
Vulnerability : バッファオーバフロー
Problem type : リモート
Debian-specific: いいえ
CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
CERT advisory :
BugTraq ID :
Debian Bug : 342292
"infamous41md" さんおよび Chris Evans さんにより、Portable Document
Format (PDF) 向けプログラム xpdf にヒープベースのバッファオーバフローが
発見されました。この欠陥は、teTeX のバイナリファイルパッケージ tetex-bin
にも存在します。この欠陥を攻撃することで、アプリケーションのクラッシュ
が可能で、さらに任意のコードが実行できる可能性があります。
前安定版 (oldstable) ディストリビューション (woody) では、この問題はバー
ジョン 1.0.7+20011202-7.7 で修正されています。
安定版 (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 2.0.2-30sarge4 で修正されています。
不安定版 (unstable) ディストリビューション (sid) では、この問題は tetex
-bin へのリンクとなるバージョン 0.4.3-2 の poppler で修正されています。
直ぐに tetex-bin パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
を用いて、apt-get パッケージマネージャに以下記載の sources.list を与えて
次のコマンドを使ってください。
apt-get update
これは内部データベースを更新します。
apt-get upgrade
これで修正されたパッケージをインストールします。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.0 愛称 woody
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
Size/MD5 checksum: 874 4fe4cb1a4bb2d39afc7f92948bafe6af
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
Size/MD5 checksum: 10328904 be3ba73c70f6c50637069868c56a7d9e
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
Size/MD5 checksum: 84666 14987fa20077b5ce0a10f64d0df7e25f
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
Size/MD5 checksum: 53260 7736b2f52cbdd476e8d4b8339b5d8b72
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
Size/MD5 checksum: 4569310 e5063538a36c4fd7aa514f2e8711aea0
ARM architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
Size/MD5 checksum: 65270 472d8a8a0f9823eab4b57a9a95515c01
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
Size/MD5 checksum: 43782 d2dde880cf11acfdaa89d51dbc3735d5
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
Size/MD5 checksum: 3704454 62ecd37b4548deed4aa633083eda9e3a
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
Size/MD5 checksum: 62610 b019a923fe66e306fe5864373f35e24a
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
Size/MD5 checksum: 40920 f42ec41bd53e2a99315aae7f3dd5657a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
Size/MD5 checksum: 3137616 24d0d5e485fd32f004aba99607d5b267
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
Size/MD5 checksum: 89722 3ff4685d8757f3f34f69d1d3038b99ee
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
Size/MD5 checksum: 63476 2d5255d1a7e38287f68692f0fe5dd171
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
Size/MD5 checksum: 5599966 6cd21572aad64c291f728cfd8ddf5753
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
Size/MD5 checksum: 79344 6cd09b3241459a76bc333ec2cca26eb3
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
Size/MD5 checksum: 49540 042b7d2e4889fbed4165d86e3841c396
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
Size/MD5 checksum: 4107634 2253868a707890f55508be0a8d2b5084
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
Size/MD5 checksum: 61938 328fa7a34388dbdd0bf3d77199f46e83
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
Size/MD5 checksum: 41538 6e3a03abbf8382b2aaed4abc95115e34
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
Size/MD5 checksum: 2923636 fcd6d90ba74b613de76fd32834c2f250
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
Size/MD5 checksum: 75074 410d60865596a9e67e0dc721b703610e
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
Size/MD5 checksum: 42556 9a09bb7af1668ce16cee128f67d2da50
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
Size/MD5 checksum: 3941504 a6f1b0d37fc2f6dcbfd9d6c245551cf1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
Size/MD5 checksum: 74864 db91b18d0295fd07a1771f0fdc910730
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
Size/MD5 checksum: 42760 293b2e9ea53c8664208b4eaa5d7d038b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
Size/MD5 checksum: 3899710 d160c22beba8a431496557b59218ebee
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
Size/MD5 checksum: 73944 edc0023d5a5f6c7810e5e39518e9075c
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
Size/MD5 checksum: 45460 1fa491c88047f14874e162129943a0f2
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
Size/MD5 checksum: 3588892 ec0621101b8f88a8e6886611f476a23b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
Size/MD5 checksum: 64262 f8383550467d7d3f0dddb35694b4b453
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
Size/MD5 checksum: 43938 dc3005de68ffb1f120af9b98a4138ad7
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
Size/MD5 checksum: 3441798 30d05314a39832a47b3b91f900e78d10
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
Size/MD5 checksum: 70704 dc6dd4572fe8dc8d79d645190dd5b9e8
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
Size/MD5 checksum: 48910 cfe4a6905dbd392494d200a64240604d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
Size/MD5 checksum: 3599016 000aa70472574b64334c612e8dc6f79b
Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
Size/MD5 checksum: 1004 983ccc6f8176a0beedda5df8a06e3537
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
Size/MD5 checksum: 154375 3d72a9201f38d2dde021df25b6e1649c
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
Size/MD5 checksum: 11677169 8f02d5940bf02072ce5fe05429c90e63
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
Size/MD5 checksum: 89842 6de1e46a20510337254c069cec4d8590
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
Size/MD5 checksum: 65424 ceb0f7a0bba00d19b0e787d465ccfe2d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
Size/MD5 checksum: 5135466 f1ee07be1b52761c5c421252e69b5fec
AMD64 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
Size/MD5 checksum: 72772 c7912ef834249631873ca38061306b32
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
Size/MD5 checksum: 61922 7601e110af324ee3cb90aec31c1a2c4b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
Size/MD5 checksum: 4356908 4fd1dd53475b92b7d3ded8bc23a84d23
ARM architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
Size/MD5 checksum: 67808 ee9b99d5159d1651f6a29768b4cf0854
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
Size/MD5 checksum: 58142 48e671e8b106b363d8761b3d20acc5ec
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
Size/MD5 checksum: 4300642 c8049249d1904b75c38081129bc5467e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
Size/MD5 checksum: 66218 d349881df541b5f7383e5a5390ac238a
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
Size/MD5 checksum: 59176 81412a2ee64924929205b718813970bb
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
Size/MD5 checksum: 3939522 fe9e13180506bb76b073be1e289d214e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
Size/MD5 checksum: 89822 abc527d1eccb607d0731be6200352e75
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
Size/MD5 checksum: 73492 b7ba1d9e84583256f33a1c5abe76162e
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
Size/MD5 checksum: 5909228 984e273287f9d5dbee2e8310ab43ae69
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
Size/MD5 checksum: 78310 0e86d99930bf65fdc9c3479089a6a20b
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
Size/MD5 checksum: 66644 21cab5ff1f28857f08b1771de7c3f461
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
Size/MD5 checksum: 4612710 fdab445f3c33ae90180d3c834044fc40
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
Size/MD5 checksum: 63502 78c53919dcfe97aedbc80b1fc887e204
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
Size/MD5 checksum: 58736 69a55de426d9e122adc441b26c9bb062
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
Size/MD5 checksum: 3600916 b05f9a5118f7028e5c437c5749bfe79f
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
Size/MD5 checksum: 75558 6449710e39b1ebad2c982bcad599e7f0
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
Size/MD5 checksum: 59190 d1fa5b3b77fd4a24d1bc65fb5bce6a90
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
Size/MD5 checksum: 4602728 8454c9ddb3922c981e8d5cc5bf59ad1e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
Size/MD5 checksum: 75546 7bbac980fa4a95d71ebd4de2fe2b2b5b
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
Size/MD5 checksum: 59430 ea2fd76fbc73cad63efef3b939c89aa1
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
Size/MD5 checksum: 4559108 fc52f040b130e7954230cffdd91d1145
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
Size/MD5 checksum: 74904 8a3d0d1292f0978eab3b39d6f96a97e9
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
Size/MD5 checksum: 63372 09c6961bbf8e5280ab1f618dd443106c
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
Size/MD5 checksum: 4382198 62e8dec6600f7fdcee4e11bc29258766
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
Size/MD5 checksum: 71844 48a4bded5ebdb5719f5b72fc0bb4ea60
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
Size/MD5 checksum: 63614 9fdebe54556dba9bb6fd3cdd5bab2034
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
Size/MD5 checksum: 4269024 36f0cf0d6f8f73f569af231b7b47c53e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
Size/MD5 checksum: 70022 7cfdf14b376e0249ae24bb77fb1ae73a
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
Size/MD5 checksum: 60990 f25104fe0c734c162f75876bdaf797aa
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
Size/MD5 checksum: 4156948 a5ae0e1018b2ddc41de89accf9aa10d6
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------