[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:53827] [Translate] [SECURITY] [DSA 2007-1] New cups packages fix arbitrary code execution
かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。
------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA-2007-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 3rd, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : cups
Vulnerability : フォーマット文字列バグ
Problem type : ローカル
Debian-specific: いいえ
Debian bug : none
CVE ID : CVE-2010-0393
Ronald Volgers さんにより、共通 UNIX プリンティングシステム cups 収録の
lppasswd に、LOCALEDIR 環境変数の安全でない使用方法によるフォーマット文字
列脆弱性が発見されました。攻撃者は細工したローカライゼーションファイルを
用意し、_cupsLangprintf() コールを起こさせることにより、この欠陥を悪用し
て任意のコードを実行可能です。この欠陥は lppasswd バイナリが setuid 0 の
パーミッションでインストールされているため問題になります。
安定版 (stable) ディストリビューション (lenny) では、この問題はバージョン
1.3.8-1+lenny8 で修正されています。
テスト版 (testing) ディストリビューション (squeeze) では、この問題は近く
修正予定です。
不安定版 (unstable) ディストリビューション (sid) では、この問題はバージ
ョン 1.4.2-9.1 で修正されています。
直ぐに cups パッケージをアップグレードすることを勧めます。
アップグレード手順
------------------
wget url
でファイルを取得できます。
dpkg -i file.deb
で参照されたファイルをインストールできます。
apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、
apt-get update
を実行して内部データベースを更新し、
apt-get upgrade
によって修正されたパッケージをインストールしてください。
本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
安定版の更新は、alpha, amd64, arm, hppa, i386, ia64, mips, mipsel,
powerpc, s390 および sparc の各アーキテクチャで提供されています。
.
ソースアーカイブ:
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.dsc
Size/MD5 checksum: 1837 a511bb4de5c768a4862a55d227a4ff70
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.diff.gz
Size/MD5 checksum: 189649 82c747daa3ed7bb71e10094a50a0cabd
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf
アーキテクチャに依存しないパッケージ:
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 1181030 11167383d8fa0f8518cb550e4946c109
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 15e639e1ac4d44042e5e5245d0670cb9
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 796f92741e989eac9ba214ede18630d8
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52406 2bce3838eaf23010ab40842e6cd15b64
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 57ee5c01a3a6b88e9dd73a5fae4052e6
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52398 a57e7e5775ef54f3b173aa78cb56925c
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52402 e558bca7e419849e9985fab5b253d541
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny8_all.deb
Size/MD5 checksum: 52382 6fb5db2ff939a66c82805069e2673122
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 445498 e4c86a6a0e2956a543432ea47d2b4e4d
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 119902 54fbde6934338f62546a3a9d63366e24
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 108236 b5585a98bb2ba4395aa8b995663eb449
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 39296 ba38fb23064f0265b08e634c5553680c
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 81528 586baf5c22624b387b17522f9336a62f
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 178786 855af4932cc8c4d8fa79615cfb9268d7
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 1149260 0655f89a290365b71040ad2ab6d5708e
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_alpha.deb
Size/MD5 checksum: 2103240 eb83ee8de10a7bd58918742bd92afb26
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 2072340 d50623c5ddf4a13d88ad72c77b423b7f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 99958 c80b2253f2bd929eea5fa3e4d630007b
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 1195800 c8fe761855122b595442161dc215685f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 61016 bd0dbe1b2ea8cd4f4608684c8d175aeb
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 169070 a8cc5fcba2086f06cb475b363dae39d1
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 401586 d0c2f361b90a7d43a29c1267e41ac013
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 116782 535933bcbdf17abc8d11d66d6059f398
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_amd64.deb
Size/MD5 checksum: 37256 c48a07f0d0dd59aec4bc88238fe51ea6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 1125054 47b869c7af5c841936301dc713aa3bb3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 2061240 f8f6aec89d4122cd7c0c5f1c80185490
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 113164 862335112c4cec83b6f774a39e3fc2b9
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 155534 3aa347eb9e30df946b834ac016f8d283
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 55352 0b8cd0cfc9373f4ab4be9a068868818d
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 36474 9925987df33366768ee7ccfa4566e1d4
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 97414 d43e5b18042c48ebc6d2a1d4e6c12f2c
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_arm.deb
Size/MD5 checksum: 387712 33ece2737438d084d26ac6fc5cd760b9
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 157028 3e4149d7b7e7e845bc4d3730404190f3
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 119310 100d72c77beb954a87986af1ecd647c7
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 54732 1190d22789b9309f1e78860510301ab3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 2077838 4a8ff6e73ea9bf9e94ff5825c1174779
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 387602 45a8362c0dc84b4a4c8fdd2e33f80bbc
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 98558 c8b588b3ab696cb2e88baf2f5d94741f
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 38772 8aacdda63b2ee8cb8a63421931942814
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_armel.deb
Size/MD5 checksum: 1129310 149f6fec84d67a60b62477c37e39d042
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 406772 d1d53dd5d0f75b59024ad7956564f29f
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 39988 5a975486c7cb9f472ee0d45ffd9b3683
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 172874 4186b6262c3e279a9cc8b77d029e4c1e
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 63140 9039a2811fb6d3945034e4cbf7ffe599
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 1142920 bc221c80a35f48369d4ecf5db639ab96
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 2120838 18e3dc2e1e7b4f0446422395c19ffa58
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 121720 fa37b7429bf9485808067fd67b05da59
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_hppa.deb
Size/MD5 checksum: 103158 59ff4ef65704e82c04629a8744c0f8bc
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 1097596 fd5c74be5bc03649abba8ebbf77d6451
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 38010 5d2bd65adba678c033e7ca5a29a9d955
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 165576 71ce31f39a6e1e720af95d4e82a88d8b
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 60424 0e4cea9daca41e520dbce560b4832d48
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 99486 87819be26173976d930461a6577070a5
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 394172 e63cbc2f88f30d3f1b66d1b55c1d169c
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 2052542 9454ca978cc4a28481c11a5cdbd33438
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_i386.deb
Size/MD5 checksum: 115942 1f751d318fb9fef7c91b0a9c0c409f9e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 139102 78b2ab586f3187909d930abd87c3ec84
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 86012 99a615920328daa054cfe62052a93cb7
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 209294 b01ae496c3cb881f4decc3a4ece08122
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 2283850 175a894311f8cff9fe650c3baa0b6d46
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 447802 38383f1f2be111677a79ebfcd247d61d
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 123628 11e9d5f4b78ff50d121d14fdbe6a782b
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 1151580 af7b35bcac465ca8cbabb63651cc2cb2
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_ia64.deb
Size/MD5 checksum: 41284 57e9177cef831639476cc289d8067834
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 65220 f432b20c68866e83e696aaafeca0ea32
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 1158992 129547967aab4dc3a95e89b497828069
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 99032 f563929513a294d97793f5aba3f0cf15
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 110006 7df897c72bb496c1660022be4eb53b4c
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 403444 5835503a1026ba846954976d3e52cebc
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 36158 ebdbbdc958b51e851600d688738c8089
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 2030710 6aed4a117ee98cfd751204c957ba7c1d
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_mipsel.deb
Size/MD5 checksum: 158496 987c55cca3677a14b836597dbb1f0327
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 105640 ae6a5f63f589ad5bae2d7ecd4be269e1
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 61094 9d02e8bef845830b2b1e0e920eb0ada0
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 135688 6ec7ee1ad2eb2f543d2eff4dea847a41
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 43906 8e2a1126f6e4cca776ca13cf7e49625b
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 174512 52a39e14eda691e3563c3278fcfa25ff
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 395666 9eca6ef2e6429b4ac2226847c8122758
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 2137268 b6cacb0e0051f563ac0a027d3dac8ce0
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_powerpc.deb
Size/MD5 checksum: 1196662 875cce4fd93adff28ef3f696696ac363
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 118590 3cf70157d2a0f74c419c945a9ec65785
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 60714 d1a71e6365fb95c20bb9d720b3a5ab32
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 101722 71e9684bab935487bc3ff48c69de5ba7
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 37818 bf29d032e9a00e33b62fafda191ceceb
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 2093186 3588fb878456ae05781d5467d5a245b3
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 399922 d481af6ea365c4ad436493ce8adb92d7
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 1190826 185c58c1bc4b622fca84715f749eb9bd
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_s390.deb
Size/MD5 checksum: 171864 7731f029fa9c052a7ccbefd457a36ede
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 395004 782356afcc6dc3f4f9c96cd498a2baf3
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 2071128 d75e27ad18dc7e655aab7be4e6d4be19
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 1057940 2b5f7135c895f38353916b4e7bcaec83
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 116708 2f59a6913340ba69f12bc7d36b354584
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 161096 ee6815c329c6c619fcbb9fbb45048895
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 38870 016788da55547b0ea7cb51870249fb35
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 97330 1f6d5116c20a0cb54a41c3bb34a3cc92
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_sparc.deb
Size/MD5 checksum: 57662 1080e4dbc4db2d41e67e15061246bb42
これらのファイルは次の版の安定版リリース時そちらに移されます。
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
--
Seiji Kaneko skaneko@xxxxxxxxxxxx
---------------------------------------------------------