レッドハット | オープンソース・カンパニー

日本 (他の国のレッドハット)

Shortcuts: お問い合わせ| 製品のご購入| Fedora

Account Links: RHN登録方法 | RHN登録 | RHNログイン

サポート > セキュリティー&アップデート/ERRATA


Red Hat, Inc. セキュリティアドバイス
概要	Printing exposes system files to reading. (読み込んでいるシステムファイルがプリンターに出力してしまう可能性の問題。)

アドバイス ID	RHSA-2001:112-11

発見日	2001-9-24

更新日	2001-12-14

プロダクト	Red Hat Linux

キーワード	Ghostscript lpr LPRng printing

クロスリファレンス

Obsoletes

1. トピック: When used in a spooling environment, it is inappropriate to allow programs to read arbitrary files as a result of print requests. Ghostscript, a postscript interpreter, can read arbitrary system files with the same permissions as the print spooler, potentially exposing the system to an information compromise. 2. 問題の説明: Ghostscript, a postscript interpreter, possess various 'file', 'run', etc., commands internally. It also provides a -dSAFER flag to restrict the use of the commands. However, the -dSAFER flag is meant to protect a user from malicious postscript, not to protect a system from inappropriate snooping by a user, and so it is still possible to _read_ files in the SAFER mode. In a print spooling context, even reading arbitrary files is dangerous, and so this needs to be disabled in that context. [UPDATE] : previous versions of this errata used packages: rhs-printfilters-1.46-6, rhs-printfilters-1.63-2.rh6.2, rhs-printfilters-1.63-2.rh6.2j, rhs-printfilters-1.81-2.rh7.0, and rhs-printfilters-1.81-2.rh7.0j. These caused spools to break upon upgrade, though they could easily be fixed by editing the spools with printtool. The updated versions of the errata packages address this bug. [update Dec 14th, 2001] The errata for Red Hat Linux for Japanese, version 7.0J, requires the ghostscript package available for the 7.1 release. 3. 修正されたバグ ID: (詳細は bugzilla を参照) 4. 関連するリリース/アーキテクチャ: Red Hat Linux 5.2 - alpha, i386, noarch, sparc Red Hat Linux 6.2 - alpha, i386, noarch, sparc Red Hat Linux 6.2J - i386, noarch Red Hat Linux 7.0 - alpha, i386, noarch Red Hat Linux 7.0J - i386, noarch Red Hat Linux 7.1 - alpha, i386, ia64 5. 必要な RPM: Red Hat Linux 5.2: SRPMS: ftp://updates.redhat.com/5.2/en/os/SRPMS/ghostscript-4.03-4.src.rpm ftp://updates.redhat.com/5.2/en/os/SRPMS/printtool-3.29-4.src.rpm ftp://updates.redhat.com/5.2/en/os/SRPMS/rhs-printfilters-1.46-7.src.rpm alpha: ftp://updates.redhat.com/5.2/en/os/alpha/ghostscript-4.03-4.alpha.rpm ftp://updates.redhat.com/5.2/en/os/alpha/rhs-printfilters-1.46-7.alpha.rpm i386: ftp://updates.redhat.com/5.2/en/os/i386/ghostscript-4.03-4.i386.rpm ftp://updates.redhat.com/5.2/en/os/i386/rhs-printfilters-1.46-7.i386.rpm sparc: ftp://updates.redhat.com/5.2/en/os/sparc/ghostscript-4.03-4.sparc.rpm ftp://updates.redhat.com/5.2/en/os/sparc/rhs-printfilters-1.46-7.sparc.rpm Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2.src.rpm ftp://updates.redhat.com/6.2/en/os/SRPMS/printtool-3.44-2.src.rpm ftp://updates.redhat.com/6.2/en/os/SRPMS/rhs-printfilters-1.63-4.rh6.2.src.rpm ftp://updates.redhat.com/6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm ftp://updates.redhat.com/6.2/en/os/SRPMS/printtool-3.42-4.src.rpm ftp://updates.redhat.com/6.2/en/os/SRPMS/rhs-printfilters-1.63-4.rh6.2j.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/ghostscript-5.50-19.rh6.2.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/rhs-printfilters-1.63-4.rh6.2.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/ghostscript-5.50-19.rh6.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/rhs-printfilters-1.63-4.rh6.2.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/rhs-printfilters-1.63-4.rh6.2j.i386.rpm noarch: ftp://updates.redhat.com/6.2/en/os/noarch/printtool-3.44-2.noarch.rpm ftp://updates.redhat.com/6.2/en/os/noarch/printtool-3.42-4.noarch.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/ghostscript-5.50-19.rh6.2.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/rhs-printfilters-1.63-4.rh6.2.sparc.rpm Red Hat Linux 6.2J: SRPMS: ftp://updates.redhat.com/6.2/ja/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm ftp://updates.redhat.com/6.2/ja/os/SRPMS/printtool-3.42-4.src.rpm ftp://updates.redhat.com/6.2/ja/os/SRPMS/rhs-printfilters-1.63-4.rh6.2j.src.rpm i386: ftp://updates.redhat.com/6.2/ja/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm ftp://updates.redhat.com/6.2/ja/os/i386/rhs-printfilters-1.63-4.rh6.2j.i386.rpm noarch: ftp://updates.redhat.com/6.2/ja/os/noarch/printtool-3.42-4.noarch.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.0.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/printtool-3.54-2.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/rhs-printfilters-1.81-4.rh7.0.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/printtool-3.54-2j.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/rhs-printfilters-1.81-4.rh7.0j.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/ghostscript-5.50-19.rh7.0.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/rhs-printfilters-1.81-4.rh7.0.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/ghostscript-5.50-19.rh7.0.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/rhs-printfilters-1.81-4.rh7.0.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/rhs-printfilters-1.81-4.rh7.0j.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm noarch: ftp://updates.redhat.com/7.0/en/os/noarch/printtool-3.54-2.noarch.rpm ftp://updates.redhat.com/7.0/en/os/noarch/printtool-3.54-2j.noarch.rpm Red Hat Linux 7.0J: SRPMS: ftp://updates.redhat.com/7.0/ja/os/SRPMS/printtool-3.54-2j.src.rpm ftp://updates.redhat.com/7.0/ja/os/SRPMS/rhs-printfilters-1.81-4.rh7.0j.src.rpm ftp://updates.redhat.com/7.0/ja/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm i386: ftp://updates.redhat.com/7.0/ja/os/i386/rhs-printfilters-1.81-4.rh7.0j.i386.rpm ftp://updates.redhat.com/7.0/ja/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm noarch: ftp://updates.redhat.com/7.0/ja/os/noarch/printtool-3.54-2j.noarch.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm ftp://updates.redhat.com/7.1/en/os/SRPMS/printconf-0.2.15-2.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/ghostscript-5.50-19.rh7.1.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/printconf-0.2.15-2.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/printconf-gui-0.2.15-2.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/printconf-0.2.15-2.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/printconf-gui-0.2.15-2.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/ghostscript-5.50-19.rh7.1.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/printconf-0.2.15-2.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/printconf-gui-0.2.15-2.ia64.rpm 6. 解決方法: アーキテクチャに応じた特定の RPM をダウンロードし、アップデートを行って下さい。パッケージのアップデートコマンド: rpm -Fvh [filename] （このコマンドは、以前のバージョンがインストールされているときのみパッケージをアップグレードします。) 7. 認証: MD5 sum Package Name ------------------------------------------------------------------------- 1e2e4ac0ea5e8dd82b2e1d36b79c34f2 5.2/en/os/SRPMS/ghostscript-4.03-4.src.rpm 9909205f309ddb5e065be9c1320dd8b1 5.2/en/os/SRPMS/printtool-3.29-4.src.rpm f1689b327fc61b0f3af0fa929a5bbb50 5.2/en/os/SRPMS/rhs-printfilters-1.46-7.src.rpm e5b9efa88914c71b24295af6211b3efd 5.2/en/os/alpha/ghostscript-4.03-4.alpha.rpm f93992187de99c2e6e990f4b02a1b6f7 5.2/en/os/alpha/rhs-printfilters-1.46-7.alpha.rpm 0ab69b43209d09741f6d044746eb241e 5.2/en/os/i386/ghostscript-4.03-4.i386.rpm 4571d04802b320f74caf39913cfb1e05 5.2/en/os/i386/rhs-printfilters-1.46-7.i386.rpm 10d6eea0b77c170d52a45b891f2359e0 5.2/en/os/sparc/ghostscript-4.03-4.sparc.rpm 8997fa04aa73b32eb083552982bd03a6 5.2/en/os/sparc/rhs-printfilters-1.46-7.sparc.rpm 248661d383b62af3d3208ef430bbb523 6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2.src.rpm 3938d1c2b436e06990b4853cd721da4f 6.2/en/os/SRPMS/printtool-3.44-2.src.rpm fa7db4d6926e1e5d5d11ad5683967d05 6.2/en/os/SRPMS/rhs-printfilters-1.63-4.rh6.2.src.rpm e631891fce4cec7e2dc0121b68d3f738 6.2/en/os/alpha/ghostscript-5.50-19.rh6.2.alpha.rpm 1be28559176724e4b4052752ef62ab34 6.2/en/os/alpha/rhs-printfilters-1.63-4.rh6.2.alpha.rpm d4272031c27f633bc34dd4b451381ab8 6.2/en/os/i386/ghostscript-5.50-19.rh6.2.i386.rpm d1db472215ad8c98e22358631597a71c 6.2/en/os/i386/rhs-printfilters-1.63-4.rh6.2.i386.rpm 94a95c0be1a72b173b6d51f8096b8e58 6.2/en/os/noarch/printtool-3.44-2.noarch.rpm 9fbaaee462404c30775cd2e9bc0adbd5 6.2/en/os/sparc/ghostscript-5.50-19.rh6.2.sparc.rpm 01d082f4f927fdc424edbe29b7bc0626 6.2/en/os/sparc/rhs-printfilters-1.63-4.rh6.2.sparc.rpm 8f8714585f711b8b8bc1c2cd783472a1 6.2/ja/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm e191a1a78b5bdf916bcacb5c21419471 6.2/ja/os/SRPMS/printtool-3.42-4.src.rpm ea6a3e38ddb6fc603d834c7736fc2bd5 6.2/ja/os/SRPMS/rhs-printfilters-1.63-4.rh6.2j.src.rpm 2cbad9d8965365ba8704ff728e32b2ca 6.2/ja/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm c06f53bb72d04b8cec3bbc475ea95ae7 6.2/ja/os/i386/rhs-printfilters-1.63-4.rh6.2j.i386.rpm c5c8e9ff4171a3eb69b9e17724015345 6.2/ja/os/noarch/printtool-3.42-4.noarch.rpm 5db34e8b133397de814eb9aac4b9eb49 7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.0.src.rpm b74adc24a474d17db984da3ddc3eb3b1 7.0/en/os/SRPMS/printtool-3.54-2.src.rpm 71c6737bf2fc1e80ebe2993abcff6ac6 7.0/en/os/SRPMS/rhs-printfilters-1.81-4.rh7.0.src.rpm 85ded059428a30beec706275906aaad4 7.0/en/os/alpha/ghostscript-5.50-19.rh7.0.alpha.rpm 235fca1b6b05bc52191d9981f9a63c89 7.0/en/os/alpha/rhs-printfilters-1.81-4.rh7.0.alpha.rpm 4853a8a763df075ab5fdfee5121855fe 7.0/en/os/i386/ghostscript-5.50-19.rh7.0.i386.rpm 884daf36b6717aa65ef37df14dd185f9 7.0/en/os/i386/rhs-printfilters-1.81-4.rh7.0.i386.rpm ea13fc93f0346f87f70763a7cf2dd645 7.0/en/os/noarch/printtool-3.54-2.noarch.rpm 166bdd66ca50f93a339511f3f3e9d2e6 7.0/ja/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm 2571c3d15b6bc025ea5faa5a84c7417f 7.0/ja/os/SRPMS/printtool-3.54-2j.src.rpm 8ac39939d73901ded39b8961eb6b289c 7.0/ja/os/SRPMS/rhs-printfilters-1.81-4.rh7.0j.src.rpm aab6f7a301909bb2eae04d5ab7b87d5d 7.0/ja/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm d6d9a40b3af3eb91294dde88856af1bd 7.0/ja/os/i386/rhs-printfilters-1.81-4.rh7.0j.i386.rpm afb8db5574e0f668675565b994d9a69a 7.0/ja/os/noarch/printtool-3.54-2j.noarch.rpm 166bdd66ca50f93a339511f3f3e9d2e6 7.1/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm 3d2ec6dc7e1479eff9c1850d13b0306e 7.1/en/os/SRPMS/printconf-0.2.15-2.src.rpm ebb20c363cbf63112f515af2153d2e59 7.1/en/os/alpha/ghostscript-5.50-19.rh7.1.alpha.rpm a0dfc995d0648230e1648f616010904b 7.1/en/os/alpha/printconf-0.2.15-2.alpha.rpm c5f127f4ab3a2964d8d4fa990c8a5d66 7.1/en/os/alpha/printconf-gui-0.2.15-2.alpha.rpm aab6f7a301909bb2eae04d5ab7b87d5d 7.1/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm a2b7f27e31b71218703cb68f95355e24 7.1/en/os/i386/printconf-0.2.15-2.i386.rpm b20e1817f9b81ba5503c9864588e2f92 7.1/en/os/i386/printconf-gui-0.2.15-2.i386.rpm 591db681b2312d5101e3a97e4ad26b6d 7.1/en/os/ia64/ghostscript-5.50-19.rh7.1.ia64.rpm 274bbba826571dccae6dbda1f6a73d37 7.1/en/os/ia64/printconf-0.2.15-2.ia64.rpm 19aeb3b64f695b6f0343661173fff3d5 7.1/en/os/ia64/printconf-gui-0.2.15-2.ia64.rpm れらのパッケージは Red Hat, Inc. によって、セキュリティのために GPG 認証されています。そのキーは以下で利用可能です: http://www.redhat.com/about/contact.html 各パッケージを確認するには次のコマンドをご利用ください: rpm --checksig filename 各パッケージが壊れていないか、もしくは改ざんされていないかを確認するには、以下のコマンドで MD5 サムのみを調べてください: rpm --checksig --nogpg filename 注意: GnuPG キーをチェックするためには、RPM 3.0 以上が必要です。 8. 参照: なし