- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2006-005 http://www.skolelinux.no/security/ Morten Werner Olsen September 26th, 2006 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with severel packages that the Debian Security Team has fixed. Each section start with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : tiff (libtiff4) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3465, CVE-2006-2026, CVE-2006-2656 DSA ID : DSA-1137-1, DSA-1054-1, DSA-1091-1 DSA URL : http://www.debian.org/security/2006/dsa-1137 http://www.debian.org/security/2006/dsa-1054 http://www.debian.org/security/2006/dsa-1091 Package : shadow (passwd, login) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3378 DSA ID : DSA-1150-1 DSA URL : http://www.debian.org/security/2006/dsa-1150 Package : dia (dia-libs, dia-common, dia) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : None DSA ID : DSA-1025-1 DSA URL : http://www.debian.org/security/2006/dsa-1025 Package : kdelibs (kdelibs4, kdelibs-bin, kdelibs-data) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-0019 DSA ID : DSA-948-1 DSA URL : http://www.debian.org/security/2006/dsa-948 Package : kaffeine (kaffeine) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-0051 DSA ID : DSA-1023-1 DSA URL : http://www.debian.org/security/2006/dsa-1023 Package : sudo (sudo) Vulnerability : missing input sanitising Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2005-4158, CVE-2006-0151 DSA ID : DSA-946-1 DSA URL : http://www.debian.org/security/2006/dsa-946 Package : perl (libperl5.8, perl-base, perl-modules, perl) Vulnerability : integer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2005-3962 DSA ID : DSA-943-1 DSA URL : http://www.debian.org/security/2006/dsa-943 Package : gzip (gzip) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-4338 DSA ID : DSA-1181-1 DSA URL : http://www.debian.org/security/2006/dsa-1181 Package : ppp (ppp) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-2194 DSA ID : DSA-1106-1 DSA URL : http://www.debian.org/security/2006/dsa-1106 Package : gnupg (gnupg) Vulnerability : integer overflows and programming errors Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3082, CVE-2006-3746, CVE-2006-0455, CVE-2006-0049 DSA ID : DSA-1107-1, DSA-1140-1, DSA-978-1, DSA-993-1 DSA URL : http://www.debian.org/security/2006/dsa-1107 http://www.debian.org/security/2006/dsa-1140 http://www.debian.org/security/2006/dsa-978 http://www.debian.org/security/2006/dsa-993 Package : courier (courier-imap-ssl, courier-imap, courier-ldap, courier-base, courier-authdaemon, courier-ssl) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-2659 DSA ID : DSA-1101-1 DSA URL : http://www.debian.org/security/2006/dsa-1101 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ woody/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install <pkg1> ... <pkgN>' where <pkg1> to <pkgN> is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature