- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-017
http://www.skolelinux.org/security/ Steffen Joeris
December 13th, 2007 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
This DESA deals with packages that the Debian Security Team has fixed
for the stable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.
Package : samba (samba-doc, winbind, smbclient, samba-common,
smbfs, libsmbclient, samba)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-4572 CVE-2007-5398 CVE-2007-6015
DSA ID : DSA-1409-2, DSA-1427-1
DSA URL : http://www.debian.org/security/2007/dsa-1409
DSA URL : http://www.debian.org/security/2007/dsa-1427
Package : ruby1.8 (libruby1.8, ruby1.8)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5162 CVE-2007-5770
DSA ID : DSA-1410-1
DSA URL : http://www.debian.org/security/2007/dsa-1410
Package : mysql-dfsg-5.0 (mysql-common, libmysqlclient15off)
Vulnerability : multiple
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3780
CVE-2007-3782 CVE-2007-5925
DSA ID : DSA-1413-1
DSA URL : http://www.debian.org/security/2007/dsa-1413
Package : wireshark (wireshark, wireshark-common, ethereal)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120
CVE-2007-6121
DSA ID : DSA-1414-1
DSA URL : http://www.debian.org/security/2007/dsa-1414
Package : tk8.4 (tk8.4)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5378
DSA ID : DSA-1415-1
DSA URL : http://www.debian.org/security/2007/dsa-1415
Package : tk8.3 (tk8.3)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5378
DSA ID : DSA-1416-1
DSA URL : http://www.debian.org/security/2007/dsa-1416
Package : openoffice.org (openoffice.org, openoffice.org-common,
openoffice.org-filter-mobiledev, openoffice.org-help-en,
openoffice.org-help-en-us, openoffice.org-help-es,
openoffice.org-help-fr, openoffice.org-java-common,
openoffice.org-l10n-ca, openoffice.org-l10n-de,
openoffice.org-l10n-el, openoffice.org-l10n-en-za,
openoffice.org-l10n-es, openoffice.org-l10n-fr,
openoffice.org-l10n-nb, openoffice.org-l10n-nl,
openoffice.org-l10n-nn,
ttf-opensymbol, openoffice.org-base,
openoffice.org-calc,
openoffice.org-core, openoffice.org-draw,
openoffice.org-impress,
openoffice.org-math, openoffice.org-writer, python-uno)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-4575
DSA ID : DSA-1419-1
DSA URL : http://www.debian.org/security/2007/dsa-1419
Package : e2fsprogs (libuuid1, libcomerr2, e2fslibs, libss2,
e2fsprogs,
libblkid1)
Vulnerability : integer overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5497
DSA ID : DSA-1422-1
DSA URL : http://www.debian.org/security/2007/dsa-1422
Package : iceweasel (iceweasel-gnome-support, iceweasel,
firefox)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
DSA ID : DSA-1424-1
DSA URL : http://www.debian.org/security/2007/dsa-1424
Package : xulrunner (xulrunner-gnome-support, libxul-common,
libxul0d)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
DSA ID : DSA-1425-1
DSA URL : http://www.debian.org/security/2007/dsa-1425
Package : qt-x11-free (libqt3-mt)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3388 CVE-2007-4137
DSA ID : DSA-1426-1
DSA URL : http://www.debian.org/security/2007/dsa-1426
Package : libnss-ldap (libnss-ldap)
Vulnerability : denial of service
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-5794
DSA ID : DSA-1430-1
DSA URL : http://www.debian.org/security/2007/dsa-1430
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ etch/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run
'aptitude upgrade'
to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run
'aptitude install <pkg1> ... <pkgN>'
where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.
- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: This is a digitally signed message part.