NetSecurity 板


LINE

發信人[email protected] (And I Love You So...),
看板NetSecurity
標 題【TWCERT/CC安全通報】TW-CA-2005-020-[RHSA-2005:136-01: Updated mailman
發信站KKCITY (Sun Feb 20 19:33:39 2005)
轉信站ptt!ctu-reader!ctu-gate!news.nctu!news.ntu!bbs.ee.ntu!news.kkcity.com.
※ 本文轉錄自 [Lan] 信箱 作者: [email protected] (TWCERT/CC Fellows) 標題: 【TWCERT/CC安全通報】TW-CA-2005-020-[RHSA-2005 時間: Fri Feb 18 15:54:26 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-020-[RHSA-2005:136-01: Updated mailman packages fix security vulnerability] ──────────────────────────────────────── TWCERT/CC發布日期:2005-02-18 原漏洞發布日期:2005-02-10 原漏洞最新更新日期:-- 通用安全漏洞編號:CAN-2005-0202 分類:Gain Privilege 來源參考:RHSA-2005:136-01 ──── 簡述 ───────────────────────────────── 更新 mailman 套件,修正 mailman 安全議題。 ──── 說明 ───────────────────────────────── mailman 套件是幫助管理電子郵件討論列表的軟體。 mailman 中的 true_path 函式存有漏洞。身為私人 mailman 列表一員的遠端攻擊者可以利 用特別設計的 URL,獲得伺服器上任何檔案的存取權限。CVE (cve.mitre.org) 已經將此問 題命名為 CAN-2005-0202。 注意:Apache 2.0 伺服器上的 mailman 程式不受此弱點影響。 建議 mailman 的使用者更新此勘誤套件,如此即不受此安全弱點影響。 ──── 影響平台 ─────────────────────────────── ‧Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 ‧Red Hat Linux Advanced Workstation 2.1 - ia64 ‧Red Hat Enterprise Linux ES version 2.1 - i386 ‧Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 ‧Red Hat Desktop version 3 - i386, x86_64 ‧Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 ‧Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 ──── 修正方式 ─────────────────────────────── 在安裝更新之前,確定已安裝之前所有跟系統相關的錯誤修正。使用 Red Hat Network 來 下載及更新套件,輸入以下指令啟動 Red Hat Update Agent: up2date 若要獲得更多手動安裝套件的資訊,請參閱下面網址,尋求適合您系統的指引手冊: http://www.redhat.com/docs/manuals/enterprise/ RPM 需求: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm ppc: 65e7d8774cce2917d3fc5a0caa852e14 mailman-2.1.5-24.rhel3.ppc.rpm s390: 46808237cd331ec20b5f5fdd6e648c32 mailman-2.1.5-24.rhel3.s390.rpm s390x: f71588d6b4e3d731296aad6491887e35 mailman-2.1.5-24.rhel3.s390x.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm 這些套件基於安全理由,均由 Red Hat 公司使用 GPG 簽章,可至下列網址取得 key: https://www.redhat.com/security/team/key.html#package ──── 影響結果 ─────────────────────────────── ──── 聯絡TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: [email protected] URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件:[Updated mailman packages fix security vulnerability] ──── 原文 ───────────────────────────────── - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mailman packages fix security vulnerability Advisory ID: RHSA-2005:136-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-136.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0202 - - --------------------------------------------------------------------- 1. Summary: Updated mailman packages that correct a mailman security issue are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The mailman package is software to help manage email discussion lists. A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue. Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue. Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.r pm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm ppc: 65e7d8774cce2917d3fc5a0caa852e14 mailman-2.1.5-24.rhel3.ppc.rpm s390: 46808237cd331ec20b5f5fdd6e648c32 mailman-2.1.5-24.rhel3.s390.rpm s390x: f71588d6b4e3d731296aad6491887e35 mailman-2.1.5-24.rhel3.s390x.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5-24.rhel3. src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.r pm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.r pm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 6. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202 7. Contact: The Red Hat security contact is <[email protected]>. More contact details at https://www.redhat.com/security/team/contact/ ──────────────────────────────────────── -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQhWdhKcyQYefg2/NAQEZigf7BPLnP8AygnbDoZi9YS1ItruTkQK2sVuQ jOEVE+EobOr4YqCsw6XUAdpTsMR7XFcyx00Fpneb1vBpgbh3ikM3e2bpO+W6YUC3 TDqJywmvAPATwXFMgquiWzGuomVWPBSyHiLyFFX2qWsOiePfxVNv+cGmd+oZ81pv C3w0atnU3X8d+5NxCox72PFDhQTshPl57K1xiFvXANhoolsEXsxmNoHhE4n6I1EW 2o60qnAIX5Jq5LAXYp1gBZ2iUYbWTMCX4gjyl1y4Tpy6EYSDhjRfYjyPqLQbBa5+ Eo2nl/gYEONjZeQkkIiCLgxHDFl42SMb1nQqY69H44AVwqrIYNkgIw== =GbkC -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : [email protected] and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm




熱門看板

贊助商連結






like.gif 您可能會有興趣的文章
icon.png[問題/行為] 貓晚上進房間會不會有憋尿問題
icon.pngRe: [閒聊] 選了錯誤的女孩成為魔法少女 XDDDDDDDDDD
icon.png[正妹] 瑞典 一張
icon.png[心得] EMS高領長版毛衣.墨小樓MC1002
icon.png[分享] 丹龍隔熱紙GE55+33+22
icon.png[問題] 清洗洗衣機
icon.png[尋物] 窗台下的空間
icon.png[閒聊] 双極の女神1 木魔爵
icon.png[售車] 新竹 1997 march 1297cc 白色 四門
icon.png[討論] 能從照片感受到攝影者心情嗎
icon.png[狂賀] 賀賀賀賀 賀!島村卯月!總選舉NO.1
icon.png[難過] 羨慕白皮膚的女生
icon.png閱讀文章
icon.png[黑特]
icon.png[問題] SBK S1安裝於安全帽位置
icon.png[分享] 舊woo100絕版開箱!!
icon.pngRe: [無言] 關於小包衛生紙
icon.png[開箱] E5-2683V3 RX480Strix 快睿C1 簡單測試
icon.png[心得] 蒼の海賊龍 地獄 執行者16PT
icon.png[售車] 1999年Virage iO 1.8EXi
icon.png[心得] 挑戰33 LV10 獅子座pt solo
icon.png[閒聊] 手把手教你不被桶之新手主購教學
icon.png[分享] Civic Type R 量產版官方照無預警流出
icon.png[售車] Golf 4 2.0 銀色 自排
icon.png[出售] Graco提籃汽座(有底座)2000元誠可議
icon.png[問題] 請問補牙材質掉了還能再補嗎?(台中半年內
icon.png[問題] 44th 單曲 生寫竟然都給重複的啊啊!
icon.png[心得] 華南紅卡/icash 核卡
icon.png[問題] 拔牙矯正這樣正常嗎
icon.png[贈送] 老莫高業 初業 102年版
icon.png[情報] 三大行動支付 本季掀戰火
icon.png[寶寶] 博客來Amos水蠟筆5/1特價五折
icon.pngRe: [心得] 新鮮人一些面試分享
icon.png[心得] 蒼の海賊龍 地獄 麒麟25PT
icon.pngRe: [閒聊] (君の名は。雷慎入) 君名二創漫畫翻譯
icon.pngRe: [閒聊] OGN中場影片:失蹤人口局 (英文字幕)
icon.png[問題] 台灣大哥大4G訊號差
icon.png[出售] [全國]全新千尋侘草LED燈, 水草

請輸入看板名稱,例如:Boy-Girl站內搜尋

TOP