[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:49765] [Translate] [SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA 1407-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 18, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : バッファオーバフロー
Problem type   : リモート
Debian-specific: いいえ
CVE Id(s)      : CVE-2007-4351

Alin Rad Pop さんにより、Common UNIX Printing System の IPP パケット処理
部に境界を 1 誤るバグがあり、任意のコード実行の恐れがあることが発見され
ました。

安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
1.2.7-4etch1 で修正されています。arm 向けの更新パッケージは後日提供予定
です。

旧安定版の cupsys パッケージでは、任意のコード実行は行えません。

直ぐに cupsys パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。



Debian GNU/Linux 4.0 alias etch
- -------------------------------

安定何の更新は alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 及び
sparc の各アーキテクチャで提供されます。

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
    Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.diff.gz
    Size/MD5 checksum:   102236 6a73afdc41561116f156326fd9d7fd0a
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.dsc
    Size/MD5 checksum:     1084 0331998422b6b0e7d8461050918762a0

Architecture independent packages:


http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch1_all.deb
    Size/MD5 checksum:   892958 b72f4306cdcc411968bc54491ac6696b

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch1_all.deb
    Size/MD5 checksum:    45176 6ca4f99c22bf3e6eec0079e8a01a68ef

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:  1096368 6523296d1d1613a7cfd36bd265c974f7

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:   184368 c7e3133c196127974d6b71c67358c246
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:    39260 b8d5365d556d5b64963e3b6178d68b22

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:    86290 45dfb12be30b25e61cf8bf460e97911e
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:   174548 b1ee2a0d2bb0735d0b2bbf7c0e40476e

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:    94398 15b3f227f555b1941989759912973848
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:  1608552 b80b721d60e124eb4c05f435030871ea

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_alpha.deb
    Size/MD5 checksum:    72420 6737d2589f6a677163c4c87e635dd0fd

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:  1085590 2be48ac8d50f01f7ecf2a5b114ec6d05
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:   161610 4239e0f75c12f2210a3df46906dcd04c

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:    85250 0ea980db61895312baaf357a226bf184

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:    80708 cefeab800fbd1e48171372203d23f603

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:    52852 af100770f7496a6e3ab8d03283c3c170
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:  1574368 fbcc426835208cdf90a16c2d8d876ea5
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:    36356 4ced6fa9d3fa0f490d42b706d6fbc2d7

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_amd64.deb
    Size/MD5 checksum:   142542 cb294af1bf5f3a86e088cb0a4ba2b89e

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:    85262 cea796443cbc5a4b297d4fdff69c60dd

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:   154608 7d5653bf254a432d58e3ecd87235c686

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:    90248 3ac94bf54aaaf6f125feae5fb373b4a7
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:  1611698 1c118850dcdd0f59e950d9a6259b2bae
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:    39264 93dd50135016228f41f32434672cb9de
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:   171474 626f51ffccd4614f965ce72223810a88
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:  1031688 d467fa526d60f87c1e400db486656ed6

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_hppa.deb
    Size/MD5 checksum:    57030 db19780579849019066db485b6b39190

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:   138282 713073b5aded91b6913869844b81c2b9
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:   997326 94683e30e3e2eaf169836932d5b10283

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:    53068 1f45072161216e0123e010464a11c79e
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:   159754 6b8efa259423318ea71cd27542be73a0

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:    85710 9afd174e17e093ca4f447e2d044ea1f0
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:  1547682 8b9edf0c2c0a33fc1000a4f78ead6633
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:    36476 3f7704fef2bcc894e4c89a905435509d

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_i386.deb
    Size/MD5 checksum:    79880 88410a323f4a62751b74f8cae2ed5eae

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:   105812 01d0ce80c4286050e3edc221860a7ad7

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:    73942 cef607c3148bff5a5a18c1c97cad0212
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:  1769578 d74f8dde8f1c474f28209ec3117ea228

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:   192376 4b8265610a77f7c88c67aeeeba29a52e
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:  1107086 0e2c971cd8cbf4003188c5ef0755c5d1
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:    46338 98fa8223613e2ddb6158f7b91f738be5

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:   106230 21cfc1eec3a0373d4b36da7acaa36940
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_ia64.deb
    Size/MD5 checksum:   203338 ddbf93df0b74df0556c696845a185b5b

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:  1550544 be10b6e99f8545fb66b963498030fad8
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:  1096062 48ee341d4561148e8a05e6f1504f8522

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:   150772 b9d7903a33330a462c5989594a0bee02

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:    57380 2704bb60a3790ee503f84cf84f9155e7

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:    85804 c6e8ac67003ca1d670a9153bf56dab14
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:    35962 1d30fa64056e5adb82c58183c45bbf18

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:    77144 95712323adff30308861f025003cc8ca
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mips.deb
    Size/MD5 checksum:   157838 97fb801349f707ea7a9e025a4b8250f3

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:  1552214 f7e0ea2187c3185591b039579b632d2a

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:   150896 f5dc0011462eee9d29b72e6fac926853

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:    85994 c932793d6b6cc3f77d0dae4ab460835f

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:  1083620 c77413f9100f79102126f85f140d7aba

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:    77458 a5c5193f32e34bd16aa3fa76de70c0fa

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:    57698 85e531161014ca61af1099bb850ebfb8

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:   157656 4ce6453e82e7b72a815381598eafd07c

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mipsel.deb
    Size/MD5 checksum:    36068 2ea446ca5109029b7ccb0bdf0afe684f

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:   162316 b290c4e2dcb2b912a27b11bf80d87e4d

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:   136868 2d33cd080d75b72088cc2ecf13d890da

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:    51790 c23ca3c579d934530f08cb8bc855a8f7

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:    89992 267ec05945cfbae784a6c87267937c55

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:  1141630 06459bf9702b34cc3afa6ef3823eb8f1
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:  1574926 367061720048ddf3bf9e3f17a56f8c66

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:    87506 7146748e5fd7019f8cd16deabbb8f54c

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_powerpc.deb
    Size/MD5 checksum:    41300 04feb8070d8165446e11d2e4a53ece65

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:   144940 120e43e71eb720990d496b3a0a119dfa
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:  1035610 938128905022c0db54f428c6e0ac3eeb

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:    82342 4cf018726ae078bbd304fb7237f94773

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:    52262 842555bf6876b92abf05a83faed86da3
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:  1586112 798b5fe4d6e57dbd33875d5e4a9e73f8
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:   165758 7ca2038408cc51fec6b17eb6d3904fb9

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:    86780 cd22242f0e6e248acaad203ac2cc6b30
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_s390.deb
    Size/MD5 checksum:    37424 e3f7421d734703aa060d36c343175a79

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:    84224 95f8cc3f21eb202aeb64180e0f5ba7a4
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:    36038 38e101fd5d6a2ea622f58b5164a62fbc

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:    78520 8c6a75d59ac7caa3e8c9d94a664f4c18
  http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:   158214 cff2c1a256a44403f5817eb0d0444b7f
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:   992380 b8c029eae7c897df49cf4c3a8bebb14e

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:   139564 38b3799ab3fe2b52efa680505fcf01bc
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:  1561256 6d6f9839358339e0be70009d3e053e71

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_sparc.deb
    Size/MD5 checksum:    51590 e698beb0a58fd4f4f40692bac8f6ada0


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------