Debian セキュリティ勧告
DSA-2131-1 exim4 -- 任意コードの実行
- 報告日時:
- 2010-12-10
- 影響を受けるパッケージ:
- exim4
- 危険性:
- あり
- 参考セキュリティデータベース:
- Mitre の CVE 辞書: CVE-2010-4344.
- 詳細:
-
exim4 に、リモートの攻撃者に root ユーザ権限で任意のコードの実行を許 す欠陥が複数発見されました。これらの問題に対する攻撃は既に行われてい ます。
この更新では、リモートの攻撃者に Debian-exim ユーザ権限で任意のコー ドの実行を許すメモリ破壊問題を修正しています (CVE-2010-4344)。
また、Debian-exim ユーザが root 権限を取得できる別の欠陥がありますが (CVE-2010-4345) これについては互換性の問題から現在検証が進められてい ます。今回の更新では含まれていませんが、この勧告の更新として近くリリ ースの予定です。
安定版 (stable) ディストリビューション (lenny) では、この問題はバージ ョン 4.69-9+lenny1 で修正されています。
この勧告では、alpha, amd64, hppa, i386, ia64, powerpc, および s390 向 けパッケージを収録しました。arm, armel, mips, mipsel, および sparc 向 けパッケージはビルド完了し次第リリースの予定です。
テスト版 (squeeze) および不安定版 (unstable) ディストリビューション では、この問題はバージョン 4.70-1 で修正されています。
直ぐに exim4 パッケージをアップグレードすることを勧めます。
- 修正:
-
Debian GNU/Linux 5.0 (lenny)
- ソース:
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.dsc
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
- アーキテクチャ非依存コンポーネント:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-config_4.69-9+lenny1_all.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。