[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50731] [Translate] [SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1606-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
July 09, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : poppler
Vulnerability  : プログラムミス
Problem type   : ローカル
Debian-specific: いいえ
CVE Id(s)      : CVE 2008-1693
Debian Bug     : 476842

PDF レンダリングライブラリ poppler が PDF ファイルに埋め込まれたフォント
を適切に処理していないことが発見されました。この欠陥は細工されたフォント
オブジェクトにより攻撃でき、任意のコードの実行が可能です。

安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
0.4.5-5.1etch3 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョ
ン 0.8.0-1 で修正されています。

直ぐに poppler パッケージをアップグレードすることを勧めます。



アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 4.0 alias etch
- -------------------------------

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
    Size/MD5 checksum:      757 1560882fd2916cf690dfab5b36caf393
  http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
    Size/MD5 checksum:   484328 8f9c696fb31d332b65515d263b9b29da
  http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
    Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    30352 3a20e8e3a5f60e0c8a676a290e858a61

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    43058 9bb013f968577d9320de44b82e7fd1f1

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:   772710 d2b3b2490771162ac139f5246e85b231

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    86580 c396dba838001d108bf56d477f08cd4b

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    34056 5f12b52c57a11f9881e433bb9710acaa

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:    55052 fd976b4ba5a06387095fd5ab0eb1ddd3

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
    Size/MD5 checksum:   504476 19e19093f81f966f0e8e2da723f8e07b

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:   613694 30e519a2a6a52073527556f7be56e368

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    30656 879a9f7b40b84395dec8667fbaed7a30

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    46070 3fca3fa3a27cd8591e3b654e0063d818

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    41768 0e876f9dde8c94548fb5a5f973d4d1fb

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:   456526 1aa5b6834c6605b9c0c89d76c527b085

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    29706 252693ce004ebe4da029cb8cac60c8ad

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
    Size/MD5 checksum:    83614 4f3e6d766e655a6a6e48ce379853e720

arm architecture (ARM)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    40176 c220cbc637a1898a24f3d6facf2334b5

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    81782 513ca3c03a1d48caa5ab2ddd4ada7aed

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:   438142 f4b166156f43a8715d2cc8b27c621e53

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    44736 ae0bddb8502ebb76a4f9624dcac81604

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    29436 d43e6939e318a65c9c8e0c16cb02bd38

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:    30426 0967f5e7fa741c8cf026ffb763ff014e

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_arm.deb
    Size/MD5 checksum:   594928 dac70571d0ad3f9a909198b26a28faa4

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:   540242 df8ce9c4c3a169f9be4e3926d994eee6

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    45668 74f74bfe2617742ead80785c9e11cbad

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    87808 41b1e8124adc89510682a7583c76923c

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    50304 a811b4590c717572d0e531b1c818f5a4

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    31084 357259aca7b21fa7971c9f884fb43726

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:   713728 a90e1e548048facb915ce56eccada131

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_hppa.deb
    Size/MD5 checksum:    31838 38bdf2ce3f6f7f5131d15d4b8a609630

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    41398 6e9efb137e66dfd94845df3317e21fd1

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:   577624 0fdd4127669e2a47670cb4047f9cd21d

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    30342 681d77159be64f8285d2292fa718ccc2

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    29758 790a89e5646fcaf5ffa5209fa17540d2

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    44856 09726e0b4b94ac65ad12d70ea485469f

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:    80810 8b155f09a771e3ed179a973a7a7d06e4

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_i386.deb
    Size/MD5 checksum:   443684 817175329a0cfead2f00c128ad8f55f8

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   613198 31d755b29e5623ee0ece5795bee720cc

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    32206 aa89439c77d7ef337971944ee621b064

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    54842 36132f7b438eac1b793cc7ba7c1a740a

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    33788 0603447588cfbffd6969596a06f7ad57

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   105274 679fe2ab7f9cc54b7e86b7b02c1f6eb7

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:   808860 774cbfee74f2b356689996d27c79bcb3

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_ia64.deb
    Size/MD5 checksum:    47804 a1e68d3e0dc53644c5441fb7c1b03a64

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    50294 8598301860f891c34b5028950926e23c

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:   457928 b27722d07d500b168c8ac57e84c24d7c

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    41816 dd3ce7ee3f109ea7b391bebe67631708

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:   674736 3d4f077c3a79d1b1adb6ad5a2c79c8fc

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    31980 f170e8066e739f995a6bc7af43f22fde

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    86668 d8d6c0f593dbcf10984a171a77f36c77

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_mips.deb
    Size/MD5 checksum:    29582 97643d32f0109d0a692b13942f48e413

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    89292 cd9cf091a64c2e3f98b07fcb82d8f850

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:   472336 2b6b5805523bda347c3a01473b068327

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    48130 eacfcf656af6fbc9c16cff979b37e75e

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    31438 b132335b02f73e42de78e173cbcbbfb6

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    31406 a091098584a0686afc4b28ae1fbf83c5

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:   651942 78df9e2410257f45d1eeb22da2ae805c

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_powerpc.deb
    Size/MD5 checksum:    43162 4455826b656b6e8d5f966c470ca6ca03

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:   453844 9018dafb416a5fbb7cf6e67a98b7ca16

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    29504 e6d1179ace04c734f919a53c4ed20c85

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    46820 1e299394d64f0bf5a17dd340a41e55a0

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    80750 a61100d27837dc60ef1857b8d786fada

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    30596 8153c10261795e578b27c2ede5cc5528

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:    41692 26f0d2342e4386061533faa2a55f5de3

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_s390.deb
    Size/MD5 checksum:   621930 27d8f7cc1cd2c307285eafddc3efb70b

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:   583994 e2d0fbcc107d82d95a774ad7b24dbd43

http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    78276 e75355488b436d46872686c50397ef04

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    40438 d7b939665ce01d3773e76456a310d3bc

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    30616 96c7b850564ce3c51e75e0e0241ac6a1

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    29272 aed8c46365fd59e786288d4e55298792

http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:   444346 2e2b0a2a3bd75ed2d534f48ef4a1b275

http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_sparc.deb
    Size/MD5 checksum:    44546 7dcf884f27b08f31306b332e817f4571


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------