[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:49576] [Translate] [SECURITY] [DSA 1390-1] New t1lib packages fix arbitrary code execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1390-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
October 18, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : t1lib
Vulnerability : バッファオーバフロー
Problem type : ローカル (リモート)
Debian-specific: いいえ
CVE Id(s) : CVE-2007-4033
Debian Bug : 439927
Hamid Ebadi さんにより、Type 1 フォントラスタライザライブラリの t1lib の
intT1_Env_GetCompletePath ルーチンにバッファオーバフローが発見されました。
この欠陥により、攻撃者が t1lib 共有ライブラリを用いているアプリケーショ
ンをクラッシュ可能で、さらに当該アプリケーションのセキュリティコンテキス
トの元での任意のコード実行の可能性があります。
安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
5.1.0-2etch1 で修正されています。
旧安定版 (oldstable) ディストリビューション (sarge) では、この問題はバー
ジョン 5.0.2-3sarge1 で修正されています。
直ぐに t1lib パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian 3.1 (oldstable)
- ----------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.
ソースアーカイブ:
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2.orig.tar.gz
Size/MD5 checksum: 1697086 cc5d4130b25bb8a1c930488b78930e9b
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2-3sarge1.diff.gz
Size/MD5 checksum: 315328 73b04c0083681da97813ced3783dbd02
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2-3sarge1.dsc
Size/MD5 checksum: 717 d82a7a9aaeca3868a1c01f3588a59137
Architecture independent packages:
http://security.debian.org/pool/updates/main/t/t1lib/libt1-doc_5.0.2-3sarge1_all.deb
Size/MD5 checksum: 607008 9f58a16450cc7c2ccd7477cc04c30fac
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_alpha.deb
Size/MD5 checksum: 55804 c5a1e15a9e13fb2ba0d85bcc943f6c6c
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_alpha.deb
Size/MD5 checksum: 171702 0ac97fe5a81fe188e6bd1ff0fc41baa8
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_alpha.deb
Size/MD5 checksum: 250490 e06881a3fa3c1a75e4a0f5a4c3b1ec4d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_amd64.deb
Size/MD5 checksum: 57148 0a0b216df77ba48431a63ebbedc0233c
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_amd64.deb
Size/MD5 checksum: 155504 51b66ac279d7c9fb4ea053aa6cc7aa2d
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_amd64.deb
Size/MD5 checksum: 186478 7c929716eaafbff8ee664e5836fcd864
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_hppa.deb
Size/MD5 checksum: 58626 6aee72f7f31daecfb528ee1986984b29
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_hppa.deb
Size/MD5 checksum: 173154 d0617135ef8abf2d326e1ed99ed24f79
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_hppa.deb
Size/MD5 checksum: 209586 fed03ca1e54caca0e601617392271387
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_i386.deb
Size/MD5 checksum: 171504 ad6838104a95c3a9f6933cdb072abaee
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_i386.deb
Size/MD5 checksum: 144334 e65ca2e30180f0ed3d9eadc6cc62216d
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_i386.deb
Size/MD5 checksum: 53630 68660615bdbb04de7c79c56efcfe4e96
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_ia64.deb
Size/MD5 checksum: 64650 96bee27e31af1a635d84c2d8eb6268a8
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_ia64.deb
Size/MD5 checksum: 214292 38787cea2e2c8ace9abe4dee966a1d73
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_ia64.deb
Size/MD5 checksum: 264602 49703884c7ae0ffb2690c0750b3f2e4b
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_m68k.deb
Size/MD5 checksum: 133396 bc072a1e6184f1024c8a7f048c2d78f3
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_m68k.deb
Size/MD5 checksum: 49158 d30c3aed647407d1a20c523100aeb794
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_m68k.deb
Size/MD5 checksum: 154468 4efbf0cdb5d9c768368df9b5aad30e87
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_mips.deb
Size/MD5 checksum: 49168 50fc0d43483c493622e718e5f462042e
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_mips.deb
Size/MD5 checksum: 147794 12a727e0e4fd36b0382440a8b8319b8d
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_mips.deb
Size/MD5 checksum: 207000 26a68997f70a36e44be0bf7bc5537c01
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_mipsel.deb
Size/MD5 checksum: 205948 fbc4fb9813fa26baf91691e6cb5ce947
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_mipsel.deb
Size/MD5 checksum: 148340 41ea1ee7ad054bbbfe1b3fcd96d4e459
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_mipsel.deb
Size/MD5 checksum: 48892 2a6d1dffa7d83cde39d151490fd046a2
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_powerpc.deb
Size/MD5 checksum: 152040 a6408141be03d8ec6e4049c5d2facf5d
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_powerpc.deb
Size/MD5 checksum: 200334 a0c24d192aff2888693c177a788ed9db
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_powerpc.deb
Size/MD5 checksum: 52856 10f1d19d94ba0aa70674e1d6ea811163
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_s390.deb
Size/MD5 checksum: 179304 da7130afa570f1dd64b52679e99f52ec
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_s390.deb
Size/MD5 checksum: 54932 a92f3cbd2126e32f7544cad05ee8111d
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_s390.deb
Size/MD5 checksum: 158040 ee5fd3597a990fb4baee99273a49cb9e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_sparc.deb
Size/MD5 checksum: 188928 e3ad4dee1d75eee85b75a162b9320181
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_sparc.deb
Size/MD5 checksum: 153722 d08b786567066b638ace4bd2a1358635
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_sparc.deb
Size/MD5 checksum: 54586 f0465a7a36d61a756af63b8eee712f37
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel,
powerpc, s390 and sparc.
ソースアーカイブ:
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0-2etch1.dsc
Size/MD5 checksum: 712 b7102b98ac02154dd4412e59b944e150
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0-2etch1.diff.gz
Size/MD5 checksum: 13648 c2969c0da7ce6875925412faf96e60c1
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0.orig.tar.gz
Size/MD5 checksum: 1838635 a05bed4aa63637052e60690ccde70421
Architecture independent packages:
http://security.debian.org/pool/updates/main/t/t1lib/libt1-doc_5.1.0-2etch1_all.deb
Size/MD5 checksum: 608800 ad8fa2fd7fa2fd06f04c3a5351384ea4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_alpha.deb
Size/MD5 checksum: 174382 5d37e43a0ce3f9fc88b96e7e9c96480e
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_alpha.deb
Size/MD5 checksum: 57436 3bbfade6697b24e2e6d0ef3f16b91baa
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_alpha.deb
Size/MD5 checksum: 254764 1e7a1d7e7e7c2604a5b1f824bed9cc0d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_amd64.deb
Size/MD5 checksum: 190548 574df64c18a06966c9a61a1b22d45179
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_amd64.deb
Size/MD5 checksum: 159478 dcc9ddce3a3b95148f806e47bed26430
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_amd64.deb
Size/MD5 checksum: 58958 2a2582d4888cd50595457fe75d6993d6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_arm.deb
Size/MD5 checksum: 57332 74e3b323300807d47df32293f2822df7
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_arm.deb
Size/MD5 checksum: 154304 d9eee39b52ac0fbc7124b7e42336336f
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_arm.deb
Size/MD5 checksum: 176120 322a0f62bcb958d47e793ca8d02fbd25
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_hppa.deb
Size/MD5 checksum: 57860 97d328d50b7466a4c5497e3d2266d668
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_hppa.deb
Size/MD5 checksum: 214110 6a95db459b4cec9975a5600a3d1a73b3
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_hppa.deb
Size/MD5 checksum: 168606 a27b5d4295dc13b880af73703d80e97a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_i386.deb
Size/MD5 checksum: 53786 09ffdbb73d67dce27e2e6fed44406287
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_i386.deb
Size/MD5 checksum: 146336 e7069f1db9b00800a6e6d7f6224514de
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_i386.deb
Size/MD5 checksum: 173816 7f8d112d1f7bf5adbf03c76546ffb73a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_ia64.deb
Size/MD5 checksum: 285398 9090d6aff007cf264f6feb2b777a3d94
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_ia64.deb
Size/MD5 checksum: 230594 14b80f3aac0713ce6d41f61c7156bbea
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_ia64.deb
Size/MD5 checksum: 68980 77c2c4c457e42e7d78ebef72e50adac9
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_mips.deb
Size/MD5 checksum: 214042 042b32f4290ba2d4a21eaec381f10786
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_mips.deb
Size/MD5 checksum: 154464 52b725ac8aa9e784de4439e940474ab0
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_mips.deb
Size/MD5 checksum: 51780 b7de2c891696a44e1b8833866a061a3b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_mipsel.deb
Size/MD5 checksum: 51694 8bf0bb3b0863525c79060be1277d9f45
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_mipsel.deb
Size/MD5 checksum: 154678 3aa1788adc5e9fc0b7ecee6daa0dfddf
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_mipsel.deb
Size/MD5 checksum: 212940 c0d6e778f8685d5826e5886518167775
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_powerpc.deb
Size/MD5 checksum: 204994 388d8547673de1e2fdbb7718732a5338
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_powerpc.deb
Size/MD5 checksum: 155704 32c9638207954d7d2a8e65a1058a7353
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_powerpc.deb
Size/MD5 checksum: 54924 536812ad1c6f7262284d4bcde11b37be
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_s390.deb
Size/MD5 checksum: 181332 0202609cf9d1fea670118d0eb90c8ca0
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_s390.deb
Size/MD5 checksum: 161772 ad015ceb7c89d3f0c73aa885c418aaf1
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_s390.deb
Size/MD5 checksum: 59272 30c65aa40d88c0a102881fdeaadc26cb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_sparc.deb
Size/MD5 checksum: 190592 73106752f7218fb6e27314e1b4e51305
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_sparc.deb
Size/MD5 checksum: 55328 7701a62f6c01e138b5d90aed4aa13895
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_sparc.deb
Size/MD5 checksum: 152788 7815f95c86042bf0da1ca73e5aaa814d
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------