[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:53038] [Translate] [SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution

From: Seiji Kaneko <skaneko@xxxxxxxxxxxx>
Subject: [debian-users:53038] [Translate] [SECURITY] [DSA 1892-1] New dovecot packages fix arbitrary code execution
Date: Thu, 24 Sep 2009 23:44:12 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-checker-version: SpamAssassin 3.1.7-deb3 (2006-10-05) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-2.4 required=10.0 tests=KI autolearn=disabled version=3.1.7-deb3
Message-id: <4ABB85BA.7010405@xxxxxxxxxxxx>
X-mail-count: 53038
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; ja-JPM; rv:1.9.1.4pre) Gecko/20090918 Shredder/3.0pre

かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1892-1                  security@debian.org
http://www.debian.org/security/                      Giuseppe Iuculano
September 23, 2009                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Packages       : dovecot
Vulnerability  : バッファオーバフロー
Problem type   : ローカル (リモート)
Debian-specific: いいえ
CVE IDs        : CVE-2009-2632 CVE-2009-3235
Debian Bug     : 546656

mbox および maildir 形式をサポートしたメールシステム dovecot の SIEVE
コンポーネントに、SIEVE スクリプト実行の際にバッファオーバフローを起こす
欠陥が発見されました。この欠陥を悪用して cyrus システムユーザ権限への特
権昇格が可能です。サーバ上で SIEVE スクリプトをインストール可能なユーザ
は、このためシステム上の任意の電子メールメッセージの読み書きが可能です。

旧安定版 (oldstable) ディストリビューション (etch) では、この問題はバー
ジョン 1.0.rc15-2etch5 で修正されています。

安定版 (stable) ディストリビューション (lenny) では、この問題はバージョ
ン 1:1.0.15-2.3+lenny1 で修正されています。

テスト版 (squeeze) および不安定版 (unstable) ディストリビューションでは、
この問題はバージョン 1:1.2.1-1 で修正されています。

直ぐに dovecot パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (old stable)
- ------------------

旧安定版の更新は、alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel,
powerpc, s390 および sparc の各アーキテクチャで提供されています。
 .
ソースアーカイブ:

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.diff.gz
    Size/MD5 checksum:   105496 25968ea91265d9c79869fd13e1cf18a7
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
    Size/MD5 checksum:  1463069 26f3d2b075856b1b1d180146363819e6
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.dsc
    Size/MD5 checksum:     1017 69660b4d8bd4c443a9e6a445cee73ae4

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_alpha.deb
    Size/MD5 checksum:   583336 05cdd40c7eca4f076ebe18629d497b3b

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_alpha.deb
    Size/MD5 checksum:   621512 58f8c92c7567a9c1ed6eee44979e7abf

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_alpha.deb
    Size/MD5 checksum:  1378160 512ca0853d71066040c22daae6ff0e3a

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_amd64.deb
    Size/MD5 checksum:  1224200 c43f474ed1a38e2b717463faf4a603a9

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_amd64.deb
    Size/MD5 checksum:   536502 9bc2da44bcb81f7c1d5a3381bc02c950

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_amd64.deb
    Size/MD5 checksum:   570646 7a5e8aa209ecee48bbc9daa5c5364788

arm architecture (ARM)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_arm.deb
    Size/MD5 checksum:   506574 6a4be002eaaf4932161c03ef9a170e72

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_arm.deb
    Size/MD5 checksum:   537184 d5d095c9771afaacfbd863f2f37700f6

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_arm.deb
    Size/MD5 checksum:  1118568 c884c1632c4e20d9b6636806d2039b29

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_hppa.deb
    Size/MD5 checksum:   561854 1911ecd7f8336deb46986f3f37fae039

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_hppa.deb
    Size/MD5 checksum:  1297502 a965f31d08deb751b26ca9a7b467aa9c

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_hppa.deb
    Size/MD5 checksum:   600138 867931a360b0bfeea1f3e28dfb073bf7

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_i386.deb
    Size/MD5 checksum:   514726 e2fe7ef8a944f84d59c4d13c2583f37f

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_i386.deb
    Size/MD5 checksum:   547040 41d4f84120825e06e41ff079dabd0429

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_i386.deb
    Size/MD5 checksum:  1135076 3e11a2b0f46ce7452760264a478a07a2

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_ia64.deb
    Size/MD5 checksum:  1702256 e292ef2a99bb7868fd131574b0dcb876

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_ia64.deb
    Size/MD5 checksum:   737696 b3ee10e9ca9b771fb7f15ed508173628

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_ia64.deb
    Size/MD5 checksum:   793994 888618682b965c75167249e9177aea29

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_mipsel.deb
    Size/MD5 checksum:   558948 c42d2f897b76a5635d45bc196dbb1fdf

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_mipsel.deb
    Size/MD5 checksum:  1268494 800381d4b15c5857dabe79e37fd1003a

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_mipsel.deb
    Size/MD5 checksum:   595020 33ff0bc5c3755320bd209d4837742a1a

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_powerpc.deb
    Size/MD5 checksum:  1212206 dcef8ac28680d74ed0e3e2586cd3d056

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_powerpc.deb
    Size/MD5 checksum:   569890 b549032c41f1a1f2de3a96a99a92b2e8

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_powerpc.deb
    Size/MD5 checksum:   536100 1e073cad6b24f04f1d10e43c3c2b5c7f

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_s390.deb
    Size/MD5 checksum:  1290172 fc78f024c57fd97448a1cab449d97c26

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_s390.deb
    Size/MD5 checksum:   595622 4f35eef9b7f47a5689f1a3bffb0b1496

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_s390.deb
    Size/MD5 checksum:   559910 472231dbce114cf79838f7c34d0850b9


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

安定版の更新は、alpha, amd64, arm, hppa, i386, ia64, mips, mipsel,
powerpc, s390 および sparc の各アーキテクチャで提供されています。
 .
ソースアーカイブ:

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15.orig.tar.gz
    Size/MD5 checksum:  1783347 aa39c11c18df6b95b64d4f04d793d77a
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.dsc
    Size/MD5 checksum:     1614 d0b83408d8c8324fdfa03b80cdbed4f6

http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.diff.gz
    Size/MD5 checksum:   216038 45614e66070551b80bcbd803113f22d6

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_alpha.deb
    Size/MD5 checksum:   389244 a5b09618e986ca9e9181ce1ae3ec693e

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_alpha.deb
    Size/MD5 checksum:   669230 3e0622750be09c51dae2b0ffee7d015c

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_alpha.deb
    Size/MD5 checksum:  2309838 6f608b22a263d8f5ef8768bbe7a728a6

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_alpha.deb
    Size/MD5 checksum:   709292 6c68631fa3541bc48ca897d98e498274

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_amd64.deb
    Size/MD5 checksum:   390826 7386cae0c224a81a3a69a4c59dc53b1b

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_amd64.deb
    Size/MD5 checksum:   632604 4f8004c08a2d8c56907571b015f279d8

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_amd64.deb
    Size/MD5 checksum:   669682 3ffaccbe054991901b258c204a59bd07

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_amd64.deb
    Size/MD5 checksum:  2106030 bde9f3caac387c20b423d71c3213aaac

arm architecture (ARM)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_arm.deb
    Size/MD5 checksum:   620406 34980793a3cf093446b18614880d7c4d

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_arm.deb
    Size/MD5 checksum:   390376 60ee2b17f10334253ea32654e741b006

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_arm.deb
    Size/MD5 checksum:   588296 12f73940ba5583e6c81a38a9d6663cdf

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_arm.deb
    Size/MD5 checksum:  1901028 3c23a98d1f07817db4a314865243ae13

armel architecture (ARM EABI)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_armel.deb
    Size/MD5 checksum:   391168 8049082b57c86d865d51679db193d5fa

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_armel.deb
    Size/MD5 checksum:   626970 2bcd781a52cac6cf397b5df9e1e144b1

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_armel.deb
    Size/MD5 checksum:   594616 1515c12da34869de4f5616fe6143aee0

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_armel.deb
    Size/MD5 checksum:  1932436 63c7c48a798aeb72d11b622057eb6ad5

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_hppa.deb
    Size/MD5 checksum:   390606 ab3bd158a5930daad61b9dffb3bb130e

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_hppa.deb
    Size/MD5 checksum:   638882 e3ec95e636c33c400266c5419e18e864

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_hppa.deb
    Size/MD5 checksum:   677942 808cfe06b6b4325b9ea13008d35918b2

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_hppa.deb
    Size/MD5 checksum:  2162538 3f41711076b008bc16ee08e7e822f703

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_i386.deb
    Size/MD5 checksum:  1938596 0113ec4318618383c6945ad66ac457ab

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_i386.deb
    Size/MD5 checksum:   602896 93b9ffb25946df4200203a236839d967

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_i386.deb
    Size/MD5 checksum:   636970 40f7a7785597f69f39991c35865c1df8

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_i386.deb
    Size/MD5 checksum:   390674 615f9e862c4c2b14db2fbed7f3a0089f

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_ia64.deb
    Size/MD5 checksum:   878572 21ea3f8af009b4c0668310a1d42ff6e8

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_ia64.deb
    Size/MD5 checksum:  2857622 5710f0fe4c677388e61268c1b6d28a9a

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_ia64.deb
    Size/MD5 checksum:   389246 afaa27855049264e8d1bc6272c619c68

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_ia64.deb
    Size/MD5 checksum:   818126 94b7b844dfb2d352901a0570dcc9446a

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mips.deb
    Size/MD5 checksum:   389274 39038f291d9e447928d0ce4cc69547f8

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mips.deb
    Size/MD5 checksum:   631574 6c011d890fb624ab2fb42f9d531c56c6

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mips.deb
    Size/MD5 checksum:  2104730 a5c2b94943df80bb457afdb7ebdd1047

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mips.deb
    Size/MD5 checksum:   668110 027bdd8d539ad64838e70d01b817ab9a

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mipsel.deb
    Size/MD5 checksum:   389284 7393c2e406358c4ff44f1936e77289bc

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mipsel.deb
    Size/MD5 checksum:   666878 952824b8ef88116eecd9b6d8dc2eb7ab

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mipsel.deb
    Size/MD5 checksum:  2107826 868569a1a13d5150d052f3f85a0c5b4b

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mipsel.deb
    Size/MD5 checksum:   630902 26f8d04ed6cebb1cee2cdee0466e3828

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_powerpc.deb
    Size/MD5 checksum:  2116926 83a20a035135c86165e90512e1616e17

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_powerpc.deb
    Size/MD5 checksum:   633850 378165eda8f93d5db9a9750eb388a3d7

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_powerpc.deb
    Size/MD5 checksum:   389308 5706cb949dce54ed6bde511050c808db

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_powerpc.deb
    Size/MD5 checksum:   670056 5935a4928c82551b592a4ab7103d0305

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_sparc.deb
    Size/MD5 checksum:   389286 d67b24f2a1ca1ae2dfa7aeed269ba1c5

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_sparc.deb
    Size/MD5 checksum:   595054 0ce7c504c0a218e95713084b6fbdd9d4

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_sparc.deb
    Size/MD5 checksum:   628466 5509951b4426e12912531c3f56e309ae

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_sparc.deb
    Size/MD5 checksum:  1906138 8eda92ca5dfb4239544a288ebd8e8230


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------

Prev by Date: [debian-users:53037] [Translate] [SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution
Next by Date: [debian-users:53039] [Translate] [SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution
Previous by thread: [debian-users:53037] [Translate] [SECURITY] [DSA 1893-1] New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution
Next by thread: [debian-users:53039] [Translate] [SECURITY] [DSA 1894-1] New newt packages fix arbitrary code execution
Index(es):
- Date
- Thread