[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:51375] [Translate] [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1677-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 2nd, 2008                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : 整数オーバフロー
Problem type   : ローカル (リモート)
Debian-specific: いいえ
CVE ID         : CVE-2008-5286
Debian Bug     : 507183

共通 Unix プリントシステム cupsys の画像検証コードに整数オーバフローが発
見されました。攻撃者は悪意を持って作成された画像を用いてこのバグを攻撃可
能で、任意のコードを実行可能です。

安定版 (stable) ディストリビューション (etch) では、この問題はバージョン
1.2.7-4etch6 で修正されています。

テスト版 (lenny) では、この問題は近く修正予定です。

不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョ
ン 1.3.8-1lenny4 で修正されています。

直ぐに cupsys パッケージをアップグレードすることを勧めます。



アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
      Size/MD5 checksum:     1092 a7198b7e0d7724a972d4027e805b1387
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
      Size/MD5 checksum:   108940 1321ea49cfa8c06d619759acb00b0b2e
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
      Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498

  アーキテクチャに依存しない内容:


http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
      Size/MD5 checksum:   917900 4abe699f9d2a8f866b1e323934c6172a

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
      Size/MD5 checksum:    46256 9e98540d35e8a7aef76a1042cc4befe4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1614646 18542415a7a35563aacf6baccc2c474c

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    39316 641f1871ea3d1e61a56dc009b2e58652

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    85894 99a322067e2207a67afc55dccd5d63b4

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:  1092462 e2c0dd66dc9d52d41b7e179fa83908ab

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    95658 51c76b87321a3c01dfe996fabad2de88

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:    72682 751a0c814ae40bf75b0494dafd19bd8e

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   175346 f8701aeb6bc3670c3f1e60cc80c4ded7

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
      Size/MD5 checksum:   183712 42dc520b09c22f1d25b7ff1e6d7574bb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1576182 fe94635e099af684c654fb6468522f21

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    36342 3e5954fdc1c572e86f2eeef93c1f466f

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    80704 9a21d4104655094da5f2ff3a4c019a08

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:  1087506 cd83b8b030a4c972b1b3fa396114d9e9

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    86360 aeed41809da68dc26e7c586e87878c45

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:    53008 9f8e3453367ef72e6ef6f00dc6baf624

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   162608 a768dc52659411be6fd46b38df61d69b

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
      Size/MD5 checksum:   142546 a6caf31df81c4aea72c0abc9c0a0b1af

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1569702 f7cd63fd8d10e8fcaea2649260b8437a
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    35934 e5a3e25422b8ded68767d8c32d9291f5

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    78916 f9707c6c35f2c3198892a8d82eecfa8b
    http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:  1026248 79e9a9669d9d896d303e29ed7d2b7122

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    85540 45e25e1887e37f029a3a8da50b309fe4

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:    48732 b90d30685f1e68a036a512cf331547e6
    http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   155278 1a0b8b93532c23d26866afc163689dd6

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
      Size/MD5 checksum:   132032 5c4843fe297598ee3c618f92feaef93e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1624116 e285d90e7861906f00f8e709cb3039ae

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    39544 d3015a7ef0c7c345d3940a6c9f428cf0

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    84804 a4fa9da96d848e7596d6e3d623fdef07

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:  1032854 ec6badd9fcff41974f425d97a0a12165

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    92038 3dcbb10b949495e21fc742b9b42a3a84

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:    57376 e64d3d7a95c80c92602e3e7548998bc2

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   171856 ab864167ddd2c8b4247898ed36059435

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
      Size/MD5 checksum:   153942 4149487b7dfd72b027de9851a4adb32e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:  1556170 c0cefa71d7f58abd666c2c1459d3ede9

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    36250 e464d81d46968426796a8182e6418691

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    79702 77c4aef7c78be537c09bc689ad1f5139

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   997624 ec73926b9d49c2790c6381a927ad20a2

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    87310 86517be38ba93afd954091ad5643c65b

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:    53240 4fccf1dfd78b230033407a914760d3f5

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   161274 41344ee4c268c095b89c8decc0e2df68

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
      Size/MD5 checksum:   137796 51b8758e0338e1ec6ec9d74ea5f960ef

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1771030 d4235a8ee49af176f27c8a097a696864

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    46326 729ebfb9347d0463f7a6f5cc10c371e7

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   106218 9a9142746bbca2c53644c084b45fea9c

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:  1108324 ea4f9d4d44e6b964c3793fd3a2862671

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   107068 bab641470a0bf7034b9ebc7ae072d6fa

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:    74214 770441377ccf9ad422da6e9d3ba612eb

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   204316 7df30a0f5661ea79cdcc537d4012b217

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
      Size/MD5 checksum:   192364 41d3bab218b036299f8ffae98a9008de

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1567974 ba75b6ff260e84dd64b939cae9262a54

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    36112 6cae983101bdd812ff1f6f26169ab06a

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    76146 16b61a899c465fc7f142d97744dffba3

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:  1098272 daa46352b0ad47b5c3061c42a15e6ddb

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    86920 dd75cd6ce9bd9ceaae7d39b60fda49c9

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:    57690 32cfeb2301ded386cf4ab6d0127f30a3

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   158092 9abd9b0ce1dc1528b0ca50b5fbb7b78b

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
      Size/MD5 checksum:   150986 149531690113d5333beaf1622f915037

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1553596 a42820cf5bd8d46c4a5cab2a6bd0929a

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    36076 f7239a53b24df0813b16aac1efc850b7

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    77462 a60a8f2d6ab7958026585952890fc751

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:  1085502 a18f21c9c0eff69d326bf42596d3ed32

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    87080 1b5618e9841ec899e63ee14cb36116d1

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:    57848 def6826bc2876abfcf1b9ad01eea3546

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   158634 bc4151665423bb6acc3225d1f8017b50

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
      Size/MD5 checksum:   150888 f27527d8e7d3b892f5e2dc7aa0776434

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1576684 9c91771aea9ad144c56967ac8caf1fd5

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    41290 69d7ba1506a7415dc74621aa833edf59

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    89994 12245002a3f5e437921979cd8362d346

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:  1143404 c79dd5b219961ded9d9dfebf2361fed0

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    88542 988f4b258fbdf870d51aacd1dd26b116

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:    51880 650b5a80af7485308b6fca8a0453c9c0

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   163284 4fc43ad526d97ad3823524988c892851

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
      Size/MD5 checksum:   136868 2e1cdfaf184170342520895e26ee84b1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1587456 5522fd1afaaa1105a51c91354783fd6f

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    37422 38b8fd3823381f4384f8758139f3d418

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    82336 55c8f39b3d04e0a127426f2daf89941f

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:  1037274 02149d41988647e7f4de8e626801c588

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    88040 8c844af7aeb9c0e1ec9a093a537d5f91

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:    52508 c3695c0157c8bba7eb2bc614173bcd0f

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   166802 1893c39f92d371c7b474d57f4d8c105e

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
      Size/MD5 checksum:   144928 0eb6cdbc1deceb32bbf2c145a99f7d98

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:  1562538 0757006ce0c52845673d2cbe9fae0b38

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    36020 27636d7df41cfef4c9e41ee236a9b308

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    78518 174e3b09d2d667e01d0b47ecb06a2925

http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   992164 79a9729f9280b70aa7e8573636cfeb8c

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    85368 4c3b851a551b47fed4229f55b8a0a4fe

http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:    51756 d4406a58edf127974a79b0df75eab757

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   159176 29057219279ea090cf47b35b1da416af

http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
      Size/MD5 checksum:   139560 ca580a13d486d24f74c9a230efee6bde


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------