[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2006-006: several vulnerabilities

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2006-006
http://www.skolelinux.no/security/                      Morten Werner Olsen
October 14th, 2006              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with severel packages that the Debian Security Team
has fixed. Each section start with "Package" and includes a link to
the Debian Security Team's announce for the security upgrade.


Package             : postgresql (libpq3, postgresql-client)
Vulnerability       : programming error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-2314
DSA ID              : DSA-1087-1
DSA URL             : http://www.debian.org/security/2006/dsa-1087

Package             : dhcp (dhcp, dhcp-client-udeb, dhcp-client)
Vulnerability       : programming error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3122
DSA ID              : DSA-1143-1
DSA URL             : http://www.debian.org/security/2006/dsa-1143

Package             : apache (apache-common, apache, apache-doc,
                      apache-perl, libapache-mod-perl)
Vulnerability       : missing input sanitising and buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3918 CVE-2006-3747
DSA ID              : DSA-1167-1 DSA-1131-1
DSA URL             : http://www.debian.org/security/2006/dsa-1167
                      http://www.debian.org/security/2006/dsa-1131

Package             : imagemagick (libmagick6, imagemagick)
Vulnerability       : several vulnerabilities
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3744 CVE-2005-4601
DSA ID              : DSA-1168-1 DSA-957-1
DSA URL             : http://www.debian.org/security/2006/dsa-1168
                      http://www.debian.org/security/2006/dsa-957

Package             : tar (tar)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-0300
DSA ID              : DSA-987-1
DSA URL             : http://www.debian.org/security/2006/dsa-987

Package             : xpdf (xpdf-utils, xpdf-common)
Vulnerability       : several vulnerabilities
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-1244 CVE-2006-0301 CVE-2005-3624 CVE-2005-3625
                      CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
DSA ID              : DSA-984-1 DSA-971-1 DSA-931-1
DSA URL             : http://www.debian.org/security/2006/dsa-984
                      http://www.debian.org/security/2006/dsa-971
                      http://www.debian.org/security/2006/dsa-931

Package             : lynx (lynx)
Vulnerability       : programming error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2004-1617
DSA ID              : DSA-1076-1
DSA URL             : http://www.debian.org/security/2006/dsa-1076

Package             : cupsys (cupsys-bsd, cupsys-client, libcupsimage2,
                      cupsys, libcupsys2-gnutls10)
Vulnerability       : buffer overflows
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                      CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
DSA ID              : DSA-950-1
DSA URL             : http://www.debian.org/security/2006/dsa-950

Package             : nagios (nagios-common, nagios-text)
Vulnerability       : buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-2162, CVE-2006-2489
DSA ID              : DSA-1072-1
DSA URL             : http://www.debian.org/security/2006/dsa-1072

Package             : samba (winbind, smbfs, smbclient, samba, libsmbclient,
                      samba-common, samba-doc)
Vulnerability       : missing input sanitising
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2006-3403
DSA ID              : DSA-1110-1
DSA URL             : http://www.debian.org/security/2006/dsa-1110

Package             : koffice (kivio-data, kchart, koffice-data, koshell,
                      kivio, kugar, kformula, koffice-libs)
Vulnerability       : several vulnerabilities
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2005-3191 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625
                      CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 CVE-2006-1244
DSA ID              : DSA-938-1 DSA-1019-1
DSA URL             : http://www.debian.org/security/2006/dsa-938
                      http://www.debian.org/security/2006/dsa-1019


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ sarge/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'apt-get install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
               admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: