- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-015
http://www.skolelinux.org/security/ Steffen Joeris
November 19th, 2007 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
This DESA deals with packages that the Debian Security Team has fixed
for the stable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.
Package : librpcsecgss (librpcsecgss3)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-4743
DSA ID : DSA-1387-1
DSA URL : http://www.debian.org/security/2007/dsa-1387
Package : dhcp (dhcp, dhcp-client)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5365
DSA ID : DSA-1388-3
DSA URL : http://www.debian.org/security/2007/dsa-1388
Package : t1lib (libt1)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-4033
DSA ID : DSA-1390-1
DSA URL : http://www.debian.org/security/2007/dsa-1390
Package : icedove (icedove, mozilla-thunderbird)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845
CVE-2007-5339 CVE-2007-5340
DSA ID : DSA-1391-1
DSA URL : http://www.debian.org/security/2007/dsa-1391
Package : xulrunner (libmozjs0d, libnspr4-0d, libnss3-0d,
libxul0d,
xulrunner-gnome-support, libxul-common)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334
CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
DSA ID : DSA-1392-1
DSA URL : http://www.debian.org/security/2007/dsa-1392
Package : icedove (firefox, iceweasel-gnome-support, iceweasel)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334
CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
DSA ID : DSA-1396-1
DSA URL : http://www.debian.org/security/2007/dsa-1396
Package : mono (libmono-cairo1.0-cil, libmono-corlib1.0-cil,
libmono-system1.0-cil,
mono-common, mono-gac, mono-jit, mono-runtime)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5197
DSA ID : DSA-1397-1
DSA URL : http://www.debian.org/security/2007/dsa-1397
Package : pcre3 (libpcre3)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662
CVE-2007-4766 CVE-2007-4767 CVE-2007-4768
DSA ID : DSA-1399-1
DSA URL : http://www.debian.org/security/2007/dsa-1399
Package : perl (libperl5, perl-modules, perl, perl-base)
Vulnerability : heap overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5116
DSA ID : DSA-1400-1
DSA URL : http://www.debian.org/security/2007/dsa-1400
Package : cupsys (cupsys-common, libcupsys2, libcupsimage2,
cupsys, cupsys-bsd, cupsys-client)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-4351
DSA ID : DSA-1407-1
DSA URL : http://www.debian.org/security/2007/dsa-1407
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ etch/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run
'aptitude upgrade'
to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run
'aptitude install <pkg1> ... <pkgN>'
where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.
- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: This is a digitally signed message part.