-------------------------------------------------------------------------- Debian Edu/Skolelinux Security Advisory DESA 2008-004 http://www.skolelinux.org/security/ Steffen Joeris October 22nd, 2008 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : dbus (dbus, dbus-x11, libdbus-1-3) Vulnerability : denial of service Problem-Type : local Need reboot : no Debian Edu-specific : no CVE ID : CVE-2008-3834 Debian Bug : 501443 Colin Walters discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. For the Debian-Edu/Skolelinux stable distribution (terra, etch based), this problem has been fixed in version 1.0.2-1.0.edu.etch.1+terra2. We recommend that you upgrade your dbus packages. Upgrade Instructions - -------------------- Make sure the line deb http://ftp.skolelinux.org/skolelinux etch local is present in your /etc/apt/sources.list and run 'aptitude update' to update your package lists. Then run aptitude upgrade to upgrade all the packages mentioned above. This might upgrade other packages too, and you should run aptitude install package if you only want to upgrade the package mentioned above. - -------------------------------------------------------------------------- Mailing lists: debian-edu-announce@lists.debian.org Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: This is a digitally signed message part.