[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:51478] [Translate] [SECURITY] [DSA 1688-2] New courier-authlib packages fix regression
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1688-2 security@debian.org
http://www.debian.org/security/ Steffen Joeris
December 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : courier-authlib
Vulnerability : SQL インジェクション
Problem type : ローカル/リモート
Debian-specific: いいえ
CVE Id(s) : CVE-2008-2380 CVE-2008-2667
DSA 1688-1 での courier-authlib の更新で、認証設定でメールアドレスを
使わないというバグを作り込んでしまいました。この更新ではこの問題に対
処します。念のため、元の勧告を再掲します。
Courier 認証ライブラリ courier-authlib に SQL インジェクションを許す
欠陥が発見されました。MySQL データベースインターフェースで SQL 文を作
成する際に十分なエスケープを行っていないため、特定の文字集合を用いた
場合に SQL インジェクションをゆるす欠陥があります (CVE-2008-2380)。同
様の問題が PostgreSQL インターフェースにもあります (CVE-2008-2667)。
安定版 (stable) ディストリビューション (etch) では、これらの問題はバ
ージョン 0.58-4+etch3 で修正されています。
テスト版 (lenny) および不安定版 (unstable) ディストリビューション
では、これらの問題はバージョン 0.61.0-1+lenny1 で修正されています。
直ぐに courier-authlib パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 4.0 alias etch
- -------------------------------
ソースアーカイブ:
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3.dsc
Size/MD5 checksum: 970 eea6bc2a491339d1b06f0d9891906a4f
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58.orig.tar.gz
Size/MD5 checksum: 3342115 75b5b2b72d550048ed1b29e687a1a60d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3.diff.gz
Size/MD5 checksum: 44339 c051936ba955b33ac17bed1a7a062ed6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 150150 c1fb3322ef09b7e5592cdb2e0e972e8b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 6982 fdcfcee4cf7e92463d80fc52c31544c6
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 8958 d0d7c0c186dc70bf163fb56efdac13e0
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 92768 ad72b16c890b88f5878b044ba634d743
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 23274 072c28b73f51ec0c0853d2235cc43f7a
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 20456 9946cb154a436ad185e6ac59d219ee0d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 20384 add1d85c7f9f1f951110112e57dd941c
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_alpha.deb
Size/MD5 checksum: 39140 eb641b37baca55b34824e6ccc9123604
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 111930 9eadcaae493d99804507584da9a84ed3
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 22290 82ddefca4a28ee7b7138b769bdf70a46
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 8404 17f359e16622de5b346c4b6ec21b46d5
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 34396 3db1718272c4bd67cd9afb61176d6b93
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 81536 13269dedb780975742c82e8b132fc1e8
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 20070 0a0f9a90faff809bf7fcb6828146e1ca
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 6978 8046f6964e4b80c81bfb18f53a861808
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_amd64.deb
Size/MD5 checksum: 19874 b6255a89d42af434881f4a70047b35af
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 6982 883a20dc2aa90969542ec955752bff73
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 37910 625d55b6bca6443e8a4815948a8be2f1
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 20838 ddedaa4084343959757826e6bff14bfc
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 20872 07755a04f444333e80f07b37057fc35a
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 9066 74c2fb5f4c6d5e56d4659746a92a3d51
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 89204 1b0afa7787fac7d6a28c94f667ced9fe
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 23672 f01834aacc18dab3bd4b6f6d963df347
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_hppa.deb
Size/MD5 checksum: 123946 00826c1564cdae69df31a42418562c4c
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_i386.deb
Size/MD5 checksum: 18984 3ba8eb6f6cca2ee36e0f244c4534ae06
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_i386.deb
Size/MD5 checksum: 21244 711ee9c10e91535cb95574a40ed003bf
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_i386.deb
Size/MD5 checksum: 6984 01ce4d9a33afd119261053e902ddf776
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_i386.deb
Size/MD5 checksum: 76350 01bea1c85a49803f32a641d5c88aa47f
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_i386.deb
Size/MD5 checksum: 18792 973c61fe45d343a5f6e733583677a660
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_i386.deb
Size/MD5 checksum: 33270 9b64fa8ef06742b5c3c30b513380ed10
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_i386.deb
Size/MD5 checksum: 7832 b32c9185e3e953f32198ac39c4b34658
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_i386.deb
Size/MD5 checksum: 100350 20f136305d113cb313583524d99c2257
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 109912 f34ccc9736f6f983e3808609effe05d2
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 28118 83b5b87867515ef4ffb2c7f55d2bfd43
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 6976 1147d769c809e15bc774ac185f1b8b42
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 44760 2edbd453344c340ecbce8e7cc6680512
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 23770 c2482713d38f71c3df161e15266d9cc1
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 24068 e2e591dcc0b79db504364cff45925c1c
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 148148 aa9a24fe0797adce9743dad4a5a69f11
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_ia64.deb
Size/MD5 checksum: 10212 9776f4d13b0f55805963dc9ebe0cb775
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_mips.deb
Size/MD5 checksum: 124734 db5ac1f173860a9a8b0abdb81899eaf5
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_mips.deb
Size/MD5 checksum: 21922 f905ce6714943afc4f99bde253ad06dd
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_mips.deb
Size/MD5 checksum: 81866 342671c976b85df7f9cbdcd4e9944fbc
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_mips.deb
Size/MD5 checksum: 6980 67f98c77898ebe0ad905c87a22df3765
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_mips.deb
Size/MD5 checksum: 8212 8f102b2250c3d69e28dcc72a50e660b9
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_mips.deb
Size/MD5 checksum: 19488 a7fc20bcbaafd8d6f0053b41b2e07e5e
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_mips.deb
Size/MD5 checksum: 19506 782e5bf2a2ba56eba4f9836ffae51125
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_mips.deb
Size/MD5 checksum: 35230 113b19cb398cdd1d9599a0cc21887e0c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 19500 69d3c6a55491a2b05e8e45a4dfb44c09
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 22040 c20f1e9c94a4fb18fd395faea3166422
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 120978 709261a8c1f12aa3a2c41f7927277219
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 81726 30bd7b0c49f3c2e061dfd334a4228480
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 6984 1abad4411b157633529b23495a10dbf9
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 19534 423fc50987ba31f0fc36f9fa6b1a1996
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 36020 b2503eacfd49e69405e0523b2116a05b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_mipsel.deb
Size/MD5 checksum: 8228 f3394eef4fe9fd4415b04398a434fd09
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 88110 26ab00dd8ee3fc7614aec67c46672621
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 19706 e3a473111e423e8238da8fa1e9fcc5f2
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 8352 b5a2f944ca239eb5a333a8da10a8b745
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 19890 22eab317e0e2158d748f9241f7aed0a3
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 35768 8a1a598aed19939add47f6e65149c97d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 6980 0a5425ab814688d31b2d773941e5b56a
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 110380 0e1c65ff5693adb9b0865aaba67bd5da
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_powerpc.deb
Size/MD5 checksum: 22104 4ee5709bc224137a1733e75966c305dd
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_s390.deb
Size/MD5 checksum: 8288 7d1547a5ddade9332cfd1dc618fd65dc
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_s390.deb
Size/MD5 checksum: 6970 a1b9b7c977b68a50d3736d669f88bb8b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_s390.deb
Size/MD5 checksum: 102932 519d077f2a54fd34f3f9f86151ff2a85
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_s390.deb
Size/MD5 checksum: 22768 91530b8b45b0c792a2430cafc8502c2b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_s390.deb
Size/MD5 checksum: 19778 c3252ded11e8694ac91f7458e54a0364
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_s390.deb
Size/MD5 checksum: 84534 9d9b385748427bcd4a240365d5da651b
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_s390.deb
Size/MD5 checksum: 20034 337f77aa4ddd3f32af8dac532bdef1d3
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_s390.deb
Size/MD5 checksum: 35918 570f14e13e5541253b014dc5f707475e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 33484 8dab32a63b1fc4ded9fbfdde33ef3639
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 102396 8a2f9a0f833510ef53375926befda961
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 6988 9b01eba47daf823d4f1198a90b784c6c
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 75698 09c45f6116ca18e48c8e3702dada54b1
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 7878 3009ba4c1c2f042b5fe7e5e9ad4655b6
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 19218 64ed92e3620a8c3eb44a3655a93cf51d
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 21830 97997f7a1fde6c52f7d7ddffdbe66724
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch3_sparc.deb
Size/MD5 checksum: 19170 fe45e9811a4f95cd469f7f1dbd607098
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------