DESA-2007-006: several vulnerabilities

To: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Subject: DESA-2007-006: several vulnerabilities
From: Steffen Joeris <white@debian.org>
Date: Tue, 7 Aug 2007 01:16:36 +1000
Message-id: <[🔎] 200708070116.38265.white@debian.org>

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-006
http://www.skolelinux.org/security/                      Steffen Joeris
August 7th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with packages that the Debian Security Team has fixed
for the oldstable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.

Package             : freetype (libfreetype6)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2754
DSA ID              : DSA-1334-1
DSA URL             : http://www.debian.org/security/2007/dsa-1334

Package             : gimp (gimp-data, gimp, libgimp2.0)
Vulnerability       : several vulnerabilities
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-4519, CVE-2007-2949
DSA ID              : DSA-1335-1
DSA URL             : http://www.debian.org/security/2007/dsa-1335

Package             : bind9 (bind9-doc, bind9, dnsutils, libdns16,
                             libisc7, libisccc0, libisccfg0, liblwres1)
Vulnerability       : design error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2926
DSA ID              : DSA-1341-2
DSA URL             : http://www.debian.org/security/2007/dsa-1341

Package             : file (file, libmagic1)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2799
DSA ID              : DSA-1343-1
DSA URL             : http://www.debian.org/security/2007/dsa-1343

Package             : xpdf (xpdf-common, xpdf-utils)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-3387
DSA ID              : DSA-1347-1
DSA URL             : http://www.debian.org/security/2007/dsa-1347


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ sarge/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'apt-get install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
              admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: DESA-2007-005: several vulnerabilities
Next by Date: DESA-2007-007: New lwat packages fix output handling
Previous by thread: DESA-2007-005: several vulnerabilities
Next by thread: DESA-2007-007: New lwat packages fix output handling
Index(es):
- Date
- Thread