DESA-2007-010: several vulnerabilities

To: debian-edu-announce@lists.debian.org
Subject: DESA-2007-010: several vulnerabilities
From: Steffen Joeris <white@debian.org>
Date: Wed, 19 Sep 2007 22:21:30 +1000
Message-id: <[🔎] 200709192221.31139.white@debian.org>
Mail-followup-to: debian-edu@lists.debian.org

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-010
http://www.skolelinux.org/security/                      Steffen Joeris
September 19th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with packages that the Debian Security Team has fixed
for the stable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.

Package             : tcpdump (tcpdump)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3798
DSA ID              : DSA-1353-1
DSA URL             : http://www.debian.org/security/2007/dsa-1353

Package             : kdegraphics (kdegraphics, kamera, kcoloredit,
                      kdegraphics-kfile-plugins, kdvi, kfax, kfaxview,
                      kgamma, kghostview, kiconedit, kmrml,
                      kolourpaint, kooka, kpdf, kpovmodeler, kruler,
                      ksnapshot, ksvg, kuickshow, kview, kviewshell,
                      libkscan1)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3387
DSA ID              : DSA-1355-1
DSA URL             : http://www.debian.org/security/2007/dsa-1355

Package             : koffice (koffice, kivio-data, koffice-data,
                      koffice-doc-html, kpresenter-data, kpresenter,
                      krita-data, krita, kword-data, kword, kwordquiz,
                      karbon, kchart, kexi, kformula, kivio,
                      koffice-libs, koshell, kplato, kspread,
                      kthesaurus, kugar)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3387
DSA ID              : DSA-1357-1
DSA URL             : http://www.debian.org/security/2007/dsa-1357

Package             : rsync (rsync)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-4091
DSA ID              : DSA-1360-1
DSA URL             : http://www.debian.org/security/2007/dsa-1360

Package             : vim (vim-common, vim-tiny, vim-runtime, vim)
Vulnerability       : several
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2438 CVE-2007-2953
DSA ID              : DSA-1364-1
DSA URL             : http://www.debian.org/security/2007/dsa-1364

Package             : clamav (clamav, clamav-freshclam, libclamav2)
Vulnerability       : several
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-4510 CVE-2007-4560
DSA ID              : DSA-1366-1
DSA URL             : http://www.debian.org/security/2007/dsa-1366

Package             : krb5 (krb5-user, libkadm55, libkrb53)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3999
DSA ID              : DSA-1367-2
DSA URL             : http://www.debian.org/security/2007/dsa-1367

Package             : librpcsecgss (librpcsecgss3)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3999
DSA ID              : DSA-1368-1
DSA URL             : http://www.debian.org/security/2007/dsa-1368

Package             : xorg-server (xserver-xorg-core)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-4730
DSA ID              : DSA-1372-1
DSA URL             : http://www.debian.org/security/2007/dsa-1372

Package             : openoffice.org (openoffice.org, openoffice.org-common,
                      openoffice.org-filter-mobiledev, openoffice.org-help-en,
                      openoffice.org-help-en-us, openoffice.org-help-es,
                      openoffice.org-help-fr, openoffice.org-java-common,
                      openoffice.org-l10n-ca, openoffice.org-l10n-de,
                      openoffice.org-l10n-el, openoffice.org-l10n-en-za,
                      openoffice.org-l10n-es, openoffice.org-l10n-fr,
                      openoffice.org-l10n-nb, openoffice.org-l10n-nl,
                      openoffice.org-l10n-nn,
                      ttf-opensymbol, openoffice.org-base, 
openoffice.org-calc,
                      openoffice.org-core, openoffice.org-draw, 
openoffice.org-impress,
                      openoffice.org-math, openoffice.org-writer, python-uno)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2834
DSA ID              : DSA-1375-1
DSA URL             : http://www.debian.org/security/2007/dsa-1375


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ etch/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'aptitude upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'aptitude install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: DESA-2007-008: several vulnerabilities
Next by Date: Stable update: debian-edu-artwork
Previous by thread: DESA-2007-008: several vulnerabilities
Next by thread: Stable update: debian-edu-artwork
Index(es):
- Date
- Thread