[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:47201] [Translate] [SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1167-1                    security@debian.org
http://www.debian.org/security/                                 Steve Kemp
September 4th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : apache
Vulnerability  : 入力のサニタイズ漏れ
Problem-Type   : リモート
Debian-specific: いいえ
CVE ID         : CVE-2006-3918 CVE-2005-3352
Debian Bug     : 381381 343466

複数の、リモートから攻撃可能な欠陥が、最も広く使われているウェブサーバ
Apache に発見されました。この欠陥を攻撃することで、任意のウェブスクリプト
の実行が可能です。The Common Vulnerabilities and Exposures project では以
下の問題を認識しています。

CVE-2005-3352

   Apache サーバの mod_imap コンポーネントに、クロスサイトスクリプティング
   バグが存在します。

CVE-2006-3918

   Apache が、HTTP リクエストの Expect ヘッダを、エラーメッセージに含めて
   送り返される場合に適正にサニタイズしていないため、クロスサイトスクリプ
   ティング攻撃が可能です。

安定版  (stable) ディストリビューション (sarge) では、この問題はバージョン
1.3.33-6sarge3 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョ
ン 1.3.34-3 で修正されています。

直ぐに apache パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc
      Size/MD5 checksum:     1119 38df6fe54a784dfcbf3e1510e099865e
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz
      Size/MD5 checksum:   373584 2af62cfb3d6523134bf52d32567d396a
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
      Size/MD5 checksum:  3105683 1a34f13302878a8713a2ac760d9b6da8

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb
      Size/MD5 checksum:   334696 494bae0fb839c498146119864a215a45
    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb
      Size/MD5 checksum:  1333060 d580b14b6d0dcd625d2e5d8cd052e172
    http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb
      Size/MD5 checksum:   212750 62b603132ddffa8f1d209e25efaf710b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum:   428394 f046f50e83b2001911b075426a00496e
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum:   904410 11ab4e174f28b2ad55a4b8fe9164ec70
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum:  9223374 18af7b52030a8235808f758c9adc2233
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum:   569796 3df0cdde9f4293b732b00535e288638d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb
      Size/MD5 checksum:   542832 a76d1fe52c6c7b604a4406b09b553dfb
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb
      Size/MD5 checksum:   505212 cd448b4a36c588e832fb3450ee568383

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum:   401596 25172b26459154f43f6d6a30ca984223
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum:   876800 90566c369fb5bd3aef95cb1a982c4673
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum:  9163050 0039650aceb91734f4d28d71ed03b0b7
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum:   524552 974a82bc6cad36fceca1beb7e6e8a751
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb
      Size/MD5 checksum:   513922 cee41d6c34a440aa2641c6298afaec78
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb
      Size/MD5 checksum:   492634 a42522ddd4b1b0df67c214fe8fe30702

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum:   384426 562d9db8c2d0c08e8ef3a5ac3c066991
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum:   841502 b59f5bd9cd60afad9511e8d32234b605
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum:  8986156 f297c94b1571043f0758a114f4cffacb
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum:   496134 3b1126c47884892ab32dabd4ee7fa724
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb
      Size/MD5 checksum:   489830 06f770b97e273e91684b90b98cb9416c
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb
      Size/MD5 checksum:   479416 e1de8c552383fab6a73a2a2a33033392

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum:   406792 500ae39ef6507daec78c6cb98fc5fa6b
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum:   905596 ba4e1b726c573a28cabe4f192ec47a7e
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum:  9100666 3afce64bfeb0d49d87acbebfad937aa2
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum:   536310 0ed71b8af8923bbe73743f87a5b0d15d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb
      Size/MD5 checksum:   518938 f60b6a4fe07eddc4ae9ad2907e9a10de
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb
      Size/MD5 checksum:   508866 e7166be9bedc95e600b8e6f99c6a0773

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum:   386824 316be5f99dbce3d7a99b423bf6aad4f0
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum:   860258 a5739eae75197bcdfefb3f88357046fa
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum:  9125070 44dac7aa9af92c2d35805600d9942f56
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum:   505036 d3507dbad7cc29b5d5f48838d37788f2
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb
      Size/MD5 checksum:   493906 6cddd1409210e44d146e562437fe9b0e
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb
      Size/MD5 checksum:   486920 7a4ebd8d698d8b27d86cde501b2e37ea

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum:   463582 d6727fb64033b7e9e5fec02c99ddccb4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum:   972070 993bc5598b3f8d3b323d7142f0af068a
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum:  9356472 4f04357801f9adf640b923ba55141d06
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum:   627670 67723ecb16c6354f9917cfb2994688ce
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb
      Size/MD5 checksum:   586218 9d531536098a6132db6e5e55c8c61f7d
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb
      Size/MD5 checksum:   532970 2b4d80404ec866768b13eea9cccba0c8

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum:   371224 11e27383df4c492e780b602b5a691177
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum:   847290 bda6118d92b6f4266a68e5c769915d77
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum:  8973936 d5f3af955891e755a6f82ad2ddc4251f
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum:   448792 7cc02085c7a8854f7f99bf0486db8ef1
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb
      Size/MD5 checksum:   477488 9f1961a7b2298f33ca700f65b598a575
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb
      Size/MD5 checksum:   489430 2db034e4701a55c718919dad83f2c570

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum:   403474 c2078bea81d4674b94cc6928c818d91f
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum:   851594 7adcef101424558b208e458a7f26e5bb
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum:  9049020 ad184b1edc27be6777add8a2dcee59bb
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum:   485348 b067dad315f0eb43e35ef310ffcd8f11
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb
      Size/MD5 checksum:   510036 11237943a107b9e5aab03b164946f192
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb
      Size/MD5 checksum:   443674 cb61d4a7fb04bdfb149e91e6f162e3a5

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum:   403812 544f672fc2fcc2386f0dfc52270370c2
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum:   850096 1c86bed17e26ab9a0d7fabde05f54496
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum:  9054440 6dfa3da28646f6ef2cda58e6583bd42a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum:   485576 1e22bdda682380f75e383ef6daa9810d
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb
      Size/MD5 checksum:   510906 e8cc83ab983be776b2b8d5efa966cc93
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb
      Size/MD5 checksum:   443550 df9c83e96b60d05415de5e7437c85c4d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum:   398792 fde3379aa1722e4928b0dcebacde8cd3
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum:   921430 1752e1761d599f75bec0a5440a0c5000
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum:  9252778 6598265b624c8081d067b51a4a2bd7b2
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum:   515538 bed60fc9b7535fb76df1dc47b3b75d31
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb
      Size/MD5 checksum:   510564 c6d6fa3c927fba3205d4d8cd7255f946
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb
      Size/MD5 checksum:   490806 bd21c1a2c18c159f9be20147bd56a033

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum:   403296 cdb74b97915f5bba992d43aa5072bf69
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum:   868460 0af306030af56192e6a4a0ddbc857fbd
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum:  9183208 92aa1ac6e882540971f228ccb7b8581e
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum:   490244 d70328a7357a3f0d0f4750ac44f14b7a
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb
      Size/MD5 checksum:   514702 ceb61f369cccf94aa44aa43675eaf715
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb
      Size/MD5 checksum:   460598 505caef969194a36e151a2ad11436c09

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum:   385712 1b7269518bb8477b617e80e4441e346c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum:   849494 119987a73dc8781ba2f11db3b38fa32d
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum:  9046496 53bb97f85c73563d247165532dac13c5
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum:   504378 ca133fd06dd62da415ef8382453cf657
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb
      Size/MD5 checksum:   492194 b97d2a3cd2d95a8b77dc9ab54f52bd13
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb
      Size/MD5 checksum:   490386 1dca7784debdba341f27d1b388bb0eb2


      これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------