- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2004-018 http://www.skolelinux.no/security/ Morten Werner Olsen November 12, 2004 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with severel packages that the Debian Security Team has fixed. Each section start with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : krb5 (libkrb53) Vulnerability : several Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772 DSA ID : DSA-543-1 DSA URL : http://www.debian.org/security/2004/dsa-543 Package : imlib (gdk-imlib1 imlib-base) Vulnerability : unsanitised input Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0817 DSA ID : DSA-548-1 DSA URL : http://www.debian.org/security/2004/dsa-548 Package : rp-pppoe (pppoe) Vulnerability : missing privilege dropping Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0564 DSA ID : DSA-557-1 DSA URL : http://www.debian.org/security/2004/dsa-557 Package : lesstif1-1 (lesstif1) Vulnerability : integer and stack overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0687 CAN-2004-0688 DSA ID : DSA-560-1 DSA URL : http://www.debian.org/security/2004/dsa-560 Package : cyrus-sasl (libsasl7) Vulnerability : unsanitised input Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0884 DSA ID : DSA-563-3 DSA URL : http://www.debian.org/security/2004/dsa-563 Package : tiff (libtiff3g) Vulnerability : heap overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 DSA ID : DSA-567-1 DSA URL : http://www.debian.org/security/2004/dsa-567 Package : libpng (libpng2) Vulnerability : integer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0599 DSA ID : DSA-570-1 DSA URL : http://www.debian.org/security/2004/dsa-570 Package : cupsys (cupsys cupsys-bsd cupsys-client cupsys-pstoraster libcupsys2) Vulnerability : integer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0888 DSA ID : DSA-573-1 DSA URL : http://www.debian.org/security/2004/dsa-573 Package : squid (squid) Vulnerability : several Need reboot : no Debian-Edu-specific : no CVE ID : CVE-1999-0710 CAN-2004-0918 DSA ID : DSA-576-1 DSA URL : http://www.debian.org/security/2004/dsa- Package : postgresql (libpgsql2 postgresql-client) Vulnerability : local Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0977 DSA ID : DSA-577-1 DSA URL : http://www.debian.org/security/2004/dsa-577 Package : iptables (iptables) Vulnerability : missing initialisation Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0986 DSA ID : DSA-580-1 DSA URL : http://www.debian.org/security/2004/dsa-580 Package : libxml (libxml1 libxml2) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0989 DSA ID : DSA-582-1 DSA URL : http://www.debian.org/security/2004/dsa-582 Package : dhcp (dhcp-client) Vulnerability : format string vulnerability Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-1006 DSA ID : DSA-584-1 DSA URL : http://www.debian.org/security/2004/dsa-584 Package : shadow (login) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-1001 DSA ID : DSA-585-1 DSA URL : http://www.debian.org/security/2004/dsa-585 Package : xpdf (xpdf xpdf-common xpdf-reader xpdf-utils) Vulnerability : integer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0888 DSA ID : DSA-581-1 DSA URL : http://www.debian.org/security/2004/dsa-581 Package : gzip (gzip) Vulnerability : insecure temporary files Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0970 DSA ID : DSA-588-1 DSA URL : http://www.debian.org/security/2004/dsa-588 Package : libgd2 (libgd2) Vulnerability : integer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0990 DSA ID : DSA-591-1 DSA URL : http://www.debian.org/security/2004/dsa-591 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ stable/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install <pkg1> ... <pkgN>' where <pkg1> to <pkgN> is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature