- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-018
http://www.skolelinux.no/security/ Morten Werner Olsen
November 12, 2004 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
This DESA deals with severel packages that the Debian Security Team
has fixed. Each section start with "Package" and includes a link to
the Debian Security Team's announce for the security upgrade.
Package : krb5 (libkrb53)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772
DSA ID : DSA-543-1
DSA URL : http://www.debian.org/security/2004/dsa-543
Package : imlib (gdk-imlib1 imlib-base)
Vulnerability : unsanitised input
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0817
DSA ID : DSA-548-1
DSA URL : http://www.debian.org/security/2004/dsa-548
Package : rp-pppoe (pppoe)
Vulnerability : missing privilege dropping
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0564
DSA ID : DSA-557-1
DSA URL : http://www.debian.org/security/2004/dsa-557
Package : lesstif1-1 (lesstif1)
Vulnerability : integer and stack overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0687 CAN-2004-0688
DSA ID : DSA-560-1
DSA URL : http://www.debian.org/security/2004/dsa-560
Package : cyrus-sasl (libsasl7)
Vulnerability : unsanitised input
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0884
DSA ID : DSA-563-3
DSA URL : http://www.debian.org/security/2004/dsa-563
Package : tiff (libtiff3g)
Vulnerability : heap overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886
DSA ID : DSA-567-1
DSA URL : http://www.debian.org/security/2004/dsa-567
Package : libpng (libpng2)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0599
DSA ID : DSA-570-1
DSA URL : http://www.debian.org/security/2004/dsa-570
Package : cupsys (cupsys cupsys-bsd cupsys-client
cupsys-pstoraster libcupsys2)
Vulnerability : integer overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0888
DSA ID : DSA-573-1
DSA URL : http://www.debian.org/security/2004/dsa-573
Package : squid (squid)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-1999-0710 CAN-2004-0918
DSA ID : DSA-576-1
DSA URL : http://www.debian.org/security/2004/dsa-
Package : postgresql (libpgsql2 postgresql-client)
Vulnerability : local
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0977
DSA ID : DSA-577-1
DSA URL : http://www.debian.org/security/2004/dsa-577
Package : iptables (iptables)
Vulnerability : missing initialisation
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0986
DSA ID : DSA-580-1
DSA URL : http://www.debian.org/security/2004/dsa-580
Package : libxml (libxml1 libxml2)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0989
DSA ID : DSA-582-1
DSA URL : http://www.debian.org/security/2004/dsa-582
Package : dhcp (dhcp-client)
Vulnerability : format string vulnerability
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-1006
DSA ID : DSA-584-1
DSA URL : http://www.debian.org/security/2004/dsa-584
Package : shadow (login)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-1001
DSA ID : DSA-585-1
DSA URL : http://www.debian.org/security/2004/dsa-585
Package : xpdf (xpdf xpdf-common xpdf-reader xpdf-utils)
Vulnerability : integer overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0888
DSA ID : DSA-581-1
DSA URL : http://www.debian.org/security/2004/dsa-581
Package : gzip (gzip)
Vulnerability : insecure temporary files
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0970
DSA ID : DSA-588-1
DSA URL : http://www.debian.org/security/2004/dsa-588
Package : libgd2 (libgd2)
Vulnerability : integer overflows
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0990
DSA ID : DSA-591-1
DSA URL : http://www.debian.org/security/2004/dsa-591
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ stable/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run
'apt-get upgrade'
to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run
'apt-get install <pkg1> ... <pkgN>'
where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.
- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature