[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2006-007: several vulnerabilities

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2006-007
http://www.skolelinux.no/security/                      Morten Werner Olsen
October 30th, 2006              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with severel packages that the Debian Security Team
has fixed. Each section start with "Package" and includes a link to
the Debian Security Team's announce for the security upgrade.


Package             : gimp (gimp, libgimp2.0, gimp-data)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3404
DSA ID              : DSA-1116-1
DSA URL             : http://www.debian.org/security/2006/dsa-1116

Package             : unzip (unzip)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2005-4667
DSA ID              : DSA-1012-1
DSA URL             : http://www.debian.org/security/2006/dsa-1012

Package             : freetype (libfreetype6)
Vulnerability       : integer overflows
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-2661 CVE-2006-3467
DSA ID              : DSA-1095-1 DSA-1178-1
DSA URL             : http://www.debian.org/security/2006/dsa-1095
                      http://www.debian.org/security/2006/dsa-1178

Package             : openssl (openssl, libssl0.9.7, libcrypto0.9.7-udeb)
Vulnerability       : cryptographic weakness
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-4339 CVE-2006-2940
DSA ID              : DSA-1173-1 DSA-1185-1
DSA URL             : http://www.debian.org/security/2006/dsa-1173
                      http://www.debian.org/security/2006/dsa-1185

Package             : kdebase (kcontrol, kdebase-bin, kdebase-data)
Vulnerability       : programming error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-2449
DSA ID              : DSA-1156-1
DSA URL             : http://www.debian.org/security/2006/dsa-1156

Package             : libwmf (libwmf0.2-7)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3376
DSA ID              : DSA-1194-1
DSA URL             : http://www.debian.org/security/2006/dsa-1194

Package             : webmin (webmin, webmin-core)
Vulnerability       : multiple vulnerabilities
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-4542
DSA ID              : DSA-1199-1
DSA URL             : http://www.debian.org/security/2006/dsa-1199


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ sarge/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'apt-get install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
               admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: