-------------------------------------------------------------------------- Debian Edu/Skolelinux Security Advisory DESA 2008-003 http://www.skolelinux.org/security/ Steffen Joeris June 27th, 2008 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : dbus (dbus, dbus-x11, libdbus-1-3) Vulnerability : programming error Problem-Type : local Need reboot : no Debian Edu-specific : no CVE ID : CVE-2008-0595 DSA ID : DSA-1599-1 Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. For the Debian-Edu/Skolelinux stable distribution (terra, etch based), this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra1. We recommend that you upgrade your dbus packages. Upgrade Instructions - -------------------- Make sure the line deb http://ftp.skolelinux.org/skolelinux etch local is present in your /etc/apt/sources.list and run 'aptitude update' to update your package lists. Then run aptitude upgrade to upgrade all the packages mentioned above. This might upgrade other packages too, and you should run aptitude install package if you only want to upgrade the package mentioned above. - -------------------------------------------------------------------------- Mailing lists: debian-edu-announce@lists.debian.org Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: This is a digitally signed message part.