[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50227] [Translate] [SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1512-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
March 05, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : evolution
Vulnerability  : フォーマット文字列バグ attack
Problem type   : リモート
Debian-specific: いいえ
CVE Id(s)      : CVE-2008-0072

Ulf Härnhammar さんにより、電子メール機能を持つグループウェア
Evolution の暗号化された電子メールのパーザにフォーマット文字列バグが発見
されました。もしユーザが細工された電子メールを開いた場合、コード実行の恐
れがあります。

安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
2.6.3-6etch2 で修正されています。

旧安定版 (oldstable) ディストリビューション (sarge) では、この問題はバー
ジョン 2.0.4-2sarge3 で修正されています。一部のアーキテクチャでは Sarge
向けの更新パッケージはまだ提供されていませんが、できしだい提供の予定です。

不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョ
ン 2.12.3-1.1 で修正されています。

直ぐに evolution パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

ソースアーカイブ:


http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
    Size/MD5 checksum:   294256 892634ed1c28416dea721a0ee1374d84
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
    Size/MD5 checksum:     1459 e4a9b6f334108cae7550c9a0953e8e2b
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
    Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
    Size/MD5 checksum:   160454 b6f68df817e14a3c52422e4f0e810bd3

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
    Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
    Size/MD5 checksum:   160482 947be2b50da1219d1cbcf9dab63b2280

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
    Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
    Size/MD5 checksum:   160482 5b6f5d955d309e47fea09e97b24d7d58

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
    Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
    Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
    Size/MD5 checksum:   160440 8887e35cc887febad15f9b6cf08694fe

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
    Size/MD5 checksum:   160488 6c9a8ba39a6bab1a47dd1da8e99a5205

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
    Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
    Size/MD5 checksum:   160438 a6e0c9b90c90b6815fd607899aeb7583

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb
    Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab

Debian GNU/Linux 4.0 alias etch
- -------------------------------

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
    Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
    Size/MD5 checksum:     2269 25a2e18e12a838535c3fd74525696fa0
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
    Size/MD5 checksum:    37993 5f7815f2c6a24f3a0c940d773cca8fb1

アーキテクチャに依存しないパッケージ:


http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
    Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:  6503088 80524049752431123c6e6cc215fed088

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:  2572362 40c3491023cc6a44c28b44b677469770

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:   118116 91367407df721cef2eb5b31f13dad521

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:   220264 af212fee26d899114ec8c0d636af9ea4

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
    Size/MD5 checksum:    94940 4f1bb7f6f1586967d2f7fc238845fdc6

arm architecture (ARM)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:   219254 01a4c8c4bc2b7821de6659b20e92a0e5

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:  6190146 4b26686b063745de28647836fed2ea90
  http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:  2255242 1b74f4a729f808034495f526423c7ea1

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:    91264 fadd3bb75f6f420f017d1877e4e77e44

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
    Size/MD5 checksum:   110838 6f83e99f96620005fd227f57e68af487

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:   213782 f1009fafa12fad8814aa0b5ad50bf47c

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:  6436462 11af4dbe53e3f1e4780b35caeacf72fb

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:  2857208 f01092a233b3b928e3ff9f12bc335bf6

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:   120516 13a1fbcb74d8beec5d64dace004888a7

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
    Size/MD5 checksum:    95580 6cdbe3107c91d2801e30c97436e90aa4

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:  2408778 318c10977b3163005ce86d25a6fbbd5d

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:   218838 e8507655153c209a3bfb11e65e5d9d6d

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:    92168 5a9902f58745a70017af6a8be0781bb3

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:   113690 ffb524935d65cc5b57a7eb3b24899a3e

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
    Size/MD5 checksum:  6143092 3556d0ebf225180e0cfa0f8e61bcbb1e

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:   129792 372c5de0189470c2dd091641ccbc1800

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:  3419898 d2209d01f85549fb3138132429cc0314

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:    99694 e35321d55a12521b6bcd572ed48e325b

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:   213738 60ccb4b7a99438004ce57b42be023f76

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
    Size/MD5 checksum:  6137762 84e1478a41d2a863b2e84167818142e3

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:   220670 8a620eb5ec5247f56eef3094d1f9d2b7

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:  6615710 902001a21b48fd095880a4e16f521ee7

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:    93276 320b39a0c683153dc68f9226cc29e95d

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:  2352486 bbe1b44420951fe0e407f358d67a0a24

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
    Size/MD5 checksum:   113280 dc1fac2d857056eb66ca850dd701b8f6

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:    92556 9a037a486b3deac0132f225bcabaaee7

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:   213808 ad12c34cf25c343b4bb5bc1a1ec5c270

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:  2334122 a3a70c83bc51aa54fe6f14548ca63501

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:   112320 c7510452c2552b185a9d4eccc0811db2

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
    Size/MD5 checksum:  6484920 57d9d7045ddb263e696cb6717511e355

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:   125054 725fed9a64daced20fd78bdfbe475f5a

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:  2465966 0adffc6510e079277208350f555f1f63

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:  6513716 66c59b08db75c184018ce915b1e1232a

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:   213790 4a6ffd87ebc1c8523986e79b2beb50c1

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
    Size/MD5 checksum:    99302 3f5b40706aae46d7c0620bf02a6df66c

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:   213726 249fda940d16912cc17fb5d3c0ff1fcd

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:  6397416 9aa410ab707a207d56000a97235a98b5

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:  2691100 61a7c41104aded19357ad64f1b05369c

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:    94272 07cbb34ce382829898fbd57c0b794529

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
    Size/MD5 checksum:   118362 1be4d726b78ad9efab9a16b4a2ea95cf

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:   111248 b23db7090cc78d9be75a38c4214c94ee

http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:  6018682 22883c64d15fd48d06e94ff47f6c85a9

http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:    91462 7b506ec24eb68f91642d0d33d670bfbd

http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:  2375358 8b97ebe934f59044c72dcce69f7f12db

http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb
    Size/MD5 checksum:   213794 2e3bb50d5485dc3979cd07bcc7090cc9


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------