[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:46260] [Translate] [SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1021-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 28th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : netpbm-free
Vulnerability : 安全でないプログラムの実行法
Problem type : ローカル (リモート)
Debian-specific: いいえ
CVE ID : CVE-2005-2471
Debian Bug : 319757
Debian Audit Project の Max Vozeler さんにより、Postscript から PBM, PGM
及び PNM 画像形式に変換するコンバータ pstopnm が Ghostscript を安全でない
方法で呼び出しており、特殊な形式の Postscript ファイルの変換の際に任意の
シェルコマンドの実行が可能であることが発見されました。
前安定版 (oldstable) ディストリビューション (woody) では、この問題はバー
ジョン 9.20-8.6 で修正されています。
安定版 (stable) ディストリビューション (sarge) では、この問題はバージョ
ン 10.0-8sarge3 で修正されています。
不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョ
ン 10.0-9 で修正されています。
直ぐに netpbm-free パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 3.0 愛称 woody
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc
Size/MD5 checksum: 664 4d28f633be81630bd2845aff41590abb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz
Size/MD5 checksum: 53735 721ed5b2af8111f48d0ffab313fece69
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Size/MD5 checksum: 1882851 0f153116c21bc7d2e167e574a486c22f
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb
Size/MD5 checksum: 77934 e2e0bb84761a35a46b2a0db57a145646
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb
Size/MD5 checksum: 135660 afc6e169bced434e661835106c597f64
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb
Size/MD5 checksum: 1414088 692774770e3aac3a165e45b62f466623
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb
Size/MD5 checksum: 64334 f61ca7f799f0fb20461d4d6b4e6ea946
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb
Size/MD5 checksum: 125684 1f11e24c409c3e5128383587483ce236
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb
Size/MD5 checksum: 1128062 6b5f3f419ee8d9f07cbc1e557adc89c2
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb
Size/MD5 checksum: 62644 7f3ece42e96b1ec7a5b52638580788e9
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb
Size/MD5 checksum: 103602 45e47348eff9e48f9687363d9733fe41
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb
Size/MD5 checksum: 1078848 55877f41a6b4aa14072de2356e192c5c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb
Size/MD5 checksum: 96688 782325e8e697a8a4e9ea79dfc345018d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb
Size/MD5 checksum: 170642 5292926ad4b91df8310b0430e97b051d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb
Size/MD5 checksum: 1608894 c4c511f5dd7a23e26e8788c9b6f7701d
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb
Size/MD5 checksum: 84104 d5ab411020701cb2eb869497435d507f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb
Size/MD5 checksum: 123122 d67f46ae8c79acbd7a572999b4909d13
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb
Size/MD5 checksum: 1337970 d939151b2a783d3c89c009330e5bc491
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb
Size/MD5 checksum: 62236 c2a234c3dfb2f0aa4fe8f139c21d11d1
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb
Size/MD5 checksum: 102440 3bd3b1f2d960d1689f7e06676ee4ad07
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb
Size/MD5 checksum: 1016786 1e08722ae46252fdba678f4d28bdac7a
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb
Size/MD5 checksum: 67080 7988f7d23d859a04d0a42dcdb57e2370
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb
Size/MD5 checksum: 123652 6f7b169efe40754df02ac1ffe4f5bc86
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb
Size/MD5 checksum: 1180936 721c0e7e0c8bef40ff9b83aa9533f823
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb
Size/MD5 checksum: 66914 b1d80946941c3306f5aa8b0262aae87d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb
Size/MD5 checksum: 123740 e5dff11f31132d4f0b808ceb8629ea3f
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb
Size/MD5 checksum: 1180002 553799f08fab46c8789467103daed1a7
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb
Size/MD5 checksum: 69122 96ffb9c4f60901d822ecb005ed24994e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb
Size/MD5 checksum: 118036 56d9b95e050f7b2cb4c014806032e150
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb
Size/MD5 checksum: 1153944 c308b576e056202af50e1e49052ae994
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb
Size/MD5 checksum: 66876 82a3e0716816282db92f24a5798b570e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb
Size/MD5 checksum: 116214 8d1a403a99823b689fce638c5c5bc0a8
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb
Size/MD5 checksum: 1130592 ac158fbc6f38cf55e0ed0f779a688850
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb
Size/MD5 checksum: 65482 0d710f633cd9baf5172149ad9902ae20
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb
Size/MD5 checksum: 118780 63fe4c0bbfdac11772170184c27d2f30
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb
Size/MD5 checksum: 1435764 fd632f3008eac5b07759b8e811704bd4
Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc
Size/MD5 checksum: 751 9bb07cc5b5f1dc68e673fc4d634ea47a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz
Size/MD5 checksum: 46144 e647ebd57851ee4143f1a323847972fa
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 82754 0dcf5824a2cac073efc3e0fe23d1d169
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 146060 f9968efb1999ec81f46bf5f3f7d9c1a2
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 91676 9144928b38ea7e7cd6690891b6d45e15
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 146468 9121761edebde4bbc5e52d2136132539
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb
Size/MD5 checksum: 1594994 e6ce747f3430efa7a397080719ac5342
AMD64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 68838 9de4acc90dfea3a2151be1294cded32c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 118074 d1818d1fa6b50b2cca67b0d386a2d448
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 77218 f461a1534155d14d088d1a35cf94ca55
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 118470 d8ba27472d84604d44ec62980383e228
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb
Size/MD5 checksum: 1277544 95d31444582a35c1bec3b3de390175a5
ARM architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb
Size/MD5 checksum: 61906 c45a373869757a78a2dc56850d052bec
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb
Size/MD5 checksum: 114730 9d22f8d0d825f4cc46c2d42d371af074
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb
Size/MD5 checksum: 68990 1d3572760f38724c2827e1c89abfc633
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb
Size/MD5 checksum: 115128 7dd9c69212c671887ba327f1c9329845
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb
Size/MD5 checksum: 1226748 c4af4638688cd84e0375d8df116ab82f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb
Size/MD5 checksum: 65044 b1bc6d245794ac7e5a309412fdd16ee1
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb
Size/MD5 checksum: 110616 04ddd06a3123a5c845097999aa2a1ee0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb
Size/MD5 checksum: 72126 08703104d2bb7c079b49f5882f0d857e
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb
Size/MD5 checksum: 110794 0f222a569c99875b8a57ad67aaf8ba5a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb
Size/MD5 checksum: 1199592 f188e9a9b2a51ef9b14821b449a32762
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 96562 1c13844f22a43bd0a3c6bbc513077f44
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 154744 7c2ee1187e81edab894946e915e72ea3
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 107300 6be0ca5d5ab077bb835512a71a043fb0
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 155086 25b6bdb1b24d2cd3ed72b769ef3ad86e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb
Size/MD5 checksum: 1816682 af1cc6c400e6886fc54586f032fd0598
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 78046 a0e4c45e15e6fab90cfdec4dc390c5fd
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 128158 1b0773fce61c13522212db7ebf539a71
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 88692 e58e427d27e4a44b4716236f5aec9c12
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 128598 98c093ab671f3bab24f268b3c7585264
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb
Size/MD5 checksum: 1410222 0ba110fa378d121d062de06d408b16b6
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 62368 a45755f99286e6bb6b91a2bb1714b110
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 105462 6f055c7c83c58e9bad393d7bf7843f58
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 69684 cbc9edf8df5dff5eb8b36ea616ad5614
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 105692 c4e0a32abb85a0163a5c4dbff72aeb08
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb
Size/MD5 checksum: 1119318 46439a0c83a1f5ffec00d0c059bdcd28
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb
Size/MD5 checksum: 68774 ef59d0b8df5cf4f6169ffbbcafe48c4f
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb
Size/MD5 checksum: 120088 36a96b933b8c3402c30e0a88193cfd91
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb
Size/MD5 checksum: 75586 5ac797c97977f0ff5b88c3adea415161
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb
Size/MD5 checksum: 120448 efe1caff0de74873bcc3f963fa9ec96f
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb
Size/MD5 checksum: 1671220 2930529698c1278308e5b303b53d8fb1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 68478 7b3096ec24ce3c48e9f3dd2a0c361db5
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 120198 8b1fab1594d00bf345381c140118ff75
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 75248 a4a4ece604f1c66ec869b144f7ae85ac
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 120512 4852a2d6bddfb862adc3a316a779fb9d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb
Size/MD5 checksum: 1678132 9af4d1f2951bc3893e3324d9eddff6e5
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 71218 76d6b6f4cf2c8a158d335f6e54c23e05
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 123644 35c5e119de071196c444e3be4477a4ca
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 83410 99b0eb7540481c0c6df768a845efe230
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 123942 09ab06bb83a6c99cb798651ed2e7e608
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb
Size/MD5 checksum: 1521484 4a8459e40d8fb2abe1d995653ff21a11
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb
Size/MD5 checksum: 70518 4445977f65a5cae98c0865cada636133
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb
Size/MD5 checksum: 115276 86542c64b14be55f44cccf3c4000ed53
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb
Size/MD5 checksum: 77694 aee811d396c593dddbb7e419cfa54a69
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb
Size/MD5 checksum: 115734 1bdb57b109389b24e74b8e4ced024a4c
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb
Size/MD5 checksum: 1256970 cf95c5fe46657084c6d57d3280577b1b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 67822 77ebd64234266c031a4ef3d7224bd0eb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 117370 578ee01c401f5e431b94a1f313c1563c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 74580 5ccffb3fab23b591c9ef2356492f5e10
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 117754 30fcb12a7d466a46854963d7d5e1233b
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb
Size/MD5 checksum: 1279526 9fd316722e0358d32b3e5d4cd616f4df
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------