[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:52400] [Translate] [SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1779-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
April 26, 2009                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : apt
Vulnerability  : 複数
Problem type   : ローカル/リモート
Debian-specific: いいえ
CVE Id(s)      : CVE-2009-1300 CVE-2009-1358
Debian Bug     : 523213 433091

よく知られた dpkg フロントエンド APT に二つの欠陥が発見されました。
The Common Vulnerabilities and Exposures project は以下の問題を認識し
ています。

CVE-2009-1300

    夏時間への切替えが真夜中に行われるタイムゾーンで apt の cron.daily
    スクリプトが但し駆動させず、新しいセキュリティアップデートの自動更
    新が行われません。

CVE-2009-1358

    期限切れまたは無効化された OpenPGP 鍵で署名されたレポジトリが、APT
    から有効なものと見なされてしまいます。

旧安定版 (oldstable) ディストリビューション (etch) では、これらの問題は
バージョン 0.6.46.4-0.1+etch1 で修正されています。

安定版 (stable) ディストリビューション (lenny) では、これらの問題はバー
ジョン 0.7.20.2+lenny1 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、これらの問題はバ
ージョン 0.7.21 で修正されています。

直ぐに apt パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 4.0 alias etch
- -------------------------------

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
    Size/MD5 checksum:  1798703 e6eaebb8a12f5243668ca56e65c8c71e
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
    Size/MD5 checksum:     1108 c631100edac082afe2dddb28030ed6ff

アーキテクチャに依存しないパッケージ:

  http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
    Size/MD5 checksum:    89752 999f34683b7cb7818258ac1ebfca701c

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
    Size/MD5 checksum:   112248 b91e59e2e1093ecbe387ccc7e8111d73

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb
    Size/MD5 checksum:   216152 3fde92f88576df84cb57aaf846ba3816

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
    Size/MD5 checksum:    84560 48019ace277299ac3495eb77ddb94320
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb
    Size/MD5 checksum:  1505198 088f74bfebfac8c33f19e5b05f536761

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb
    Size/MD5 checksum:   198456 7cad50de61d033a85b079211ab282ec7

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
    Size/MD5 checksum:    84796 66930e40732a85913fff7815591ea784
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb
    Size/MD5 checksum:  1448634 b29859a90e52b5f47048f38e115e44dd

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb
    Size/MD5 checksum:   214264 5ab7d5e622e9425b3f5163b007e7e71e

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
    Size/MD5 checksum:    83810 04ec509e12759ee2af94881e0d5ef724
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb
    Size/MD5 checksum:  1497802 2a03e41c76e2720707dbbfb790c17f62

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
    Size/MD5 checksum:    84166 6aa9a63c060eb0461b66f67e35ed20c7

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
    Size/MD5 checksum:   198392 7245c5ea84b1c4eefa816af20868a794
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
    Size/MD5 checksum:  1438190 73f115b27de4fdf11af97e2b5afca613

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb
    Size/MD5 checksum:   247928 a7c2581155ab49d35af4d365d51dbf8e

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
    Size/MD5 checksum:    84186 c94ee0563a7531b142d8728699f17d96
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb
    Size/MD5 checksum:  1631044 4313242ccadf096fd8088c27050141e9

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb
    Size/MD5 checksum:  1413928 0d07461fb18e97564be6227cf04031e9

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
    Size/MD5 checksum:   195524 35b9ad4c2121fde59d5a67f52f01ce1c

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb
    Size/MD5 checksum:    84186 3fd16873a28ee85e1b42c6f6bb801852

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb
    Size/MD5 checksum:    84192 715de146cd96db7fc9421df5dd4fd5e5

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
    Size/MD5 checksum:   195046 6bf1cd0ee7cc374a55c0cbfec7f1a2a7
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb
    Size/MD5 checksum:  1410850 192ab91f19c4fd4f7a49bbe82bd9ccaa

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb
    Size/MD5 checksum:  1450594 f90c89e0e003ac88befb170a14709afc

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
    Size/MD5 checksum:   206392 7d78be4ec2c5ac8a1c06b88e27053541

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb
    Size/MD5 checksum:    84190 1e771c856f024be9ddd7b5c86b599b8e

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_s390.deb
    Size/MD5 checksum:   188942 fd67a46fd4260be589b2634d2df509f8

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
    Size/MD5 checksum:    84186 0d4d1110459a4d334332218f3cf9f9ac
  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_s390.deb
    Size/MD5 checksum:  1430202 55abf0323abb3ce4df57b82706b1ec1c

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_sparc.deb
    Size/MD5 checksum:  1423156 f7dcd42161f64afc103bfa53f853c34e

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
    Size/MD5 checksum:    85288 e8402a5ced27cae1c8ba13df05e8972b

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_sparc.deb
    Size/MD5 checksum:   189344 63b3411e1f3aea4920aee57fd92be904

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.tar.gz
    Size/MD5 checksum:  2043258 c23dc4256af67c1644a9dbc5ae0115c8
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
    Size/MD5 checksum:     1540 60e740d25e23101d5f7a9c90b90ee698

アーキテクチャに依存しないパッケージ:

  http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb
    Size/MD5 checksum:   102110 099c1c85cb08d668e9e4668516ebc763

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
    Size/MD5 checksum:   125292 68c3671fa441778e16dbbe838cc893e5

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_alpha.deb
    Size/MD5 checksum:    59682 c6f12690975904f490bae51e8896d2d2

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
    Size/MD5 checksum:   108326 e9ba5bbd066c440766eddd3f568f0762
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_alpha.deb
    Size/MD5 checksum:   215062 3e20fc15cdca71bba1011828f0bf7b7d
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_alpha.deb
    Size/MD5 checksum:  1733134 6c1a53539011c887e6436c98dd2f9459

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_amd64.deb
    Size/MD5 checksum:   192392 5c7789c5c31c810c45ad5ff9914449d0
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
    Size/MD5 checksum:  1657772 1e7f04ceddd59e28213c67d7fd7a0cac

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_amd64.deb
    Size/MD5 checksum:    59416 52d21612bd4ad79d834c4e86ddd70e00

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_amd64.deb
    Size/MD5 checksum:   108906 b67790820711fb84894286e75a552464

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_arm.deb
    Size/MD5 checksum:   207490 b6ae12f5fe907f0aae2cba5aefdae74e

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
    Size/MD5 checksum:    61332 18784a8161b32752a27e5ac6f7ba3fbc

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_arm.deb
    Size/MD5 checksum:   109296 7bbcd9dd0c351d822b651cdc71d8b5d3
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_arm.deb
    Size/MD5 checksum:  1715472 96a43332145ddc6a32c33cd470d2a98b

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_armel.deb
    Size/MD5 checksum:   183664 26c61ff554b0870d7b3b076c58e4cd48
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
    Size/MD5 checksum:  1618204 0ece85e822c3a6b9a5fcdbd95154d6fc

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_armel.deb
    Size/MD5 checksum:   109100 b5d6253870c61ffcfd86bcbd3abfdc69

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_armel.deb
    Size/MD5 checksum:    59644 7867c8452ef5dc79e7db094d35e823a7

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_i386.deb
    Size/MD5 checksum:  1639116 f2021728f2e92ffe32f7eb1bdc2d6231

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
    Size/MD5 checksum:   107586 e5ac47a6a1892c8ae12b0c25136b163d
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb
    Size/MD5 checksum:   188158 a0f4a903e2fc11d9d6535d310e7f5a9e

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb
    Size/MD5 checksum:    58824 68cbda40b139645b347d3168e09c722b

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_ia64.deb
    Size/MD5 checksum:    62086 351cdc33240bebee0e0a117ba6d3bbe6

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
    Size/MD5 checksum:   107180 44f5541e6a61acd8b118cb7c69760ec5
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_ia64.deb
    Size/MD5 checksum:   241400 5f124aa45329433fd321f26c855acd98
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_ia64.deb
    Size/MD5 checksum:  1845584 d817332b5edd89be78c54c9952776879

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mips.deb
    Size/MD5 checksum:    59008 6a278db4d415830cec5c5eb6b636492b
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
    Size/MD5 checksum:   191408 bd2dcf570bee282e29ec379db8a32f14

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mips.deb
    Size/MD5 checksum:   107180 ce3b0385df6fd640bb3b1a2ae35a25d5
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mips.deb
    Size/MD5 checksum:  1616524 78ad8122717febb7952a1d6b14d27250

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mipsel.deb
    Size/MD5 checksum:   107190 e231d8c9eea5e564a6d19e9eefc4c25e
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
    Size/MD5 checksum:   190900 4528466ab570e603256df256ea2de659

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mipsel.deb
    Size/MD5 checksum:    58926 48dec2bd2641270e95b4bdea5cc0a8d5
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mipsel.deb
    Size/MD5 checksum:  1612746 92056ec6276c0b931859e6110125b861

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_powerpc.deb
    Size/MD5 checksum:  1706540 da3fd3aaab8a8e7c2e7028bbd05237a5

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
    Size/MD5 checksum:    61758 768c59f133efa8d32293ec8cbb756d57

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_powerpc.deb
    Size/MD5 checksum:   107198 d8483f3ebee001a9524e5c60a2f8201b

http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_powerpc.deb
    Size/MD5 checksum:   211530 b656601d1a6b1dac2a0c43a99ba43e33

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_s390.deb
    Size/MD5 checksum:    59122 34cad4143dc249606699d6580ff5fb66
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
    Size/MD5 checksum:   190036 57f06428b14903ce2d7821fd40261593

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_s390.deb
    Size/MD5 checksum:   107188 2b4e8b377bf7aad46621dd933c68792c
  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_s390.deb
    Size/MD5 checksum:  1649230 8405441f082af794841ba20cebaa7807

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_sparc.deb
    Size/MD5 checksum:  1649532 608c2627d477e3053b53dc622020c449
  http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
    Size/MD5 checksum:   192880 5dccb38f4a4cc0dca8aaa485f4168aa3

http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_sparc.deb
    Size/MD5 checksum:   108746 ff9121fd1ff12c3b6bf406b43126ff44

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_sparc.deb
    Size/MD5 checksum:    60400 d6e12757ed28a524264f5e0b426e6779


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------