[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:49765] [Translate] [SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA 1407-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 18, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : cupsys
Vulnerability : バッファオーバフロー
Problem type : リモート
Debian-specific: いいえ
CVE Id(s) : CVE-2007-4351
Alin Rad Pop さんにより、Common UNIX Printing System の IPP パケット処理
部に境界を 1 誤るバグがあり、任意のコード実行の恐れがあることが発見され
ました。
安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
1.2.7-4etch1 で修正されています。arm 向けの更新パッケージは後日提供予定
です。
旧安定版の cupsys パッケージでは、任意のコード実行は行えません。
直ぐに cupsys パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 4.0 alias etch
- -------------------------------
安定何の更新は alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 及び
sparc の各アーキテクチャで提供されます。
ソースアーカイブ:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.diff.gz
Size/MD5 checksum: 102236 6a73afdc41561116f156326fd9d7fd0a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.dsc
Size/MD5 checksum: 1084 0331998422b6b0e7d8461050918762a0
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch1_all.deb
Size/MD5 checksum: 892958 b72f4306cdcc411968bc54491ac6696b
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch1_all.deb
Size/MD5 checksum: 45176 6ca4f99c22bf3e6eec0079e8a01a68ef
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 1096368 6523296d1d1613a7cfd36bd265c974f7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 184368 c7e3133c196127974d6b71c67358c246
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 39260 b8d5365d556d5b64963e3b6178d68b22
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 86290 45dfb12be30b25e61cf8bf460e97911e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 174548 b1ee2a0d2bb0735d0b2bbf7c0e40476e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 94398 15b3f227f555b1941989759912973848
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 1608552 b80b721d60e124eb4c05f435030871ea
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_alpha.deb
Size/MD5 checksum: 72420 6737d2589f6a677163c4c87e635dd0fd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 1085590 2be48ac8d50f01f7ecf2a5b114ec6d05
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 161610 4239e0f75c12f2210a3df46906dcd04c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 85250 0ea980db61895312baaf357a226bf184
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 80708 cefeab800fbd1e48171372203d23f603
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 52852 af100770f7496a6e3ab8d03283c3c170
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 1574368 fbcc426835208cdf90a16c2d8d876ea5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 36356 4ced6fa9d3fa0f490d42b706d6fbc2d7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_amd64.deb
Size/MD5 checksum: 142542 cb294af1bf5f3a86e088cb0a4ba2b89e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 85262 cea796443cbc5a4b297d4fdff69c60dd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 154608 7d5653bf254a432d58e3ecd87235c686
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 90248 3ac94bf54aaaf6f125feae5fb373b4a7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 1611698 1c118850dcdd0f59e950d9a6259b2bae
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 39264 93dd50135016228f41f32434672cb9de
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 171474 626f51ffccd4614f965ce72223810a88
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 1031688 d467fa526d60f87c1e400db486656ed6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_hppa.deb
Size/MD5 checksum: 57030 db19780579849019066db485b6b39190
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 138282 713073b5aded91b6913869844b81c2b9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 997326 94683e30e3e2eaf169836932d5b10283
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 53068 1f45072161216e0123e010464a11c79e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 159754 6b8efa259423318ea71cd27542be73a0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 85710 9afd174e17e093ca4f447e2d044ea1f0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 1547682 8b9edf0c2c0a33fc1000a4f78ead6633
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 36476 3f7704fef2bcc894e4c89a905435509d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_i386.deb
Size/MD5 checksum: 79880 88410a323f4a62751b74f8cae2ed5eae
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 105812 01d0ce80c4286050e3edc221860a7ad7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 73942 cef607c3148bff5a5a18c1c97cad0212
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 1769578 d74f8dde8f1c474f28209ec3117ea228
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 192376 4b8265610a77f7c88c67aeeeba29a52e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 1107086 0e2c971cd8cbf4003188c5ef0755c5d1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 46338 98fa8223613e2ddb6158f7b91f738be5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 106230 21cfc1eec3a0373d4b36da7acaa36940
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_ia64.deb
Size/MD5 checksum: 203338 ddbf93df0b74df0556c696845a185b5b
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 1550544 be10b6e99f8545fb66b963498030fad8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 1096062 48ee341d4561148e8a05e6f1504f8522
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 150772 b9d7903a33330a462c5989594a0bee02
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 57380 2704bb60a3790ee503f84cf84f9155e7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 85804 c6e8ac67003ca1d670a9153bf56dab14
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 35962 1d30fa64056e5adb82c58183c45bbf18
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 77144 95712323adff30308861f025003cc8ca
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mips.deb
Size/MD5 checksum: 157838 97fb801349f707ea7a9e025a4b8250f3
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 1552214 f7e0ea2187c3185591b039579b632d2a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 150896 f5dc0011462eee9d29b72e6fac926853
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 85994 c932793d6b6cc3f77d0dae4ab460835f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 1083620 c77413f9100f79102126f85f140d7aba
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 77458 a5c5193f32e34bd16aa3fa76de70c0fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 57698 85e531161014ca61af1099bb850ebfb8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 157656 4ce6453e82e7b72a815381598eafd07c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mipsel.deb
Size/MD5 checksum: 36068 2ea446ca5109029b7ccb0bdf0afe684f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 162316 b290c4e2dcb2b912a27b11bf80d87e4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 136868 2d33cd080d75b72088cc2ecf13d890da
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 51790 c23ca3c579d934530f08cb8bc855a8f7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 89992 267ec05945cfbae784a6c87267937c55
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 1141630 06459bf9702b34cc3afa6ef3823eb8f1
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 1574926 367061720048ddf3bf9e3f17a56f8c66
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 87506 7146748e5fd7019f8cd16deabbb8f54c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_powerpc.deb
Size/MD5 checksum: 41300 04feb8070d8165446e11d2e4a53ece65
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 144940 120e43e71eb720990d496b3a0a119dfa
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 1035610 938128905022c0db54f428c6e0ac3eeb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 82342 4cf018726ae078bbd304fb7237f94773
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 52262 842555bf6876b92abf05a83faed86da3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 1586112 798b5fe4d6e57dbd33875d5e4a9e73f8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 165758 7ca2038408cc51fec6b17eb6d3904fb9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 86780 cd22242f0e6e248acaad203ac2cc6b30
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_s390.deb
Size/MD5 checksum: 37424 e3f7421d734703aa060d36c343175a79
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 84224 95f8cc3f21eb202aeb64180e0f5ba7a4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 36038 38e101fd5d6a2ea622f58b5164a62fbc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 78520 8c6a75d59ac7caa3e8c9d94a664f4c18
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 158214 cff2c1a256a44403f5817eb0d0444b7f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 992380 b8c029eae7c897df49cf4c3a8bebb14e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 139564 38b3799ab3fe2b52efa680505fcf01bc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 1561256 6d6f9839358339e0be70009d3e053e71
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_sparc.deb
Size/MD5 checksum: 51590 e698beb0a58fd4f4f40692bac8f6ada0
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------