- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2006-006 http://www.skolelinux.no/security/ Morten Werner Olsen October 14th, 2006 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with severel packages that the Debian Security Team has fixed. Each section start with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : postgresql (libpq3, postgresql-client) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-2314 DSA ID : DSA-1087-1 DSA URL : http://www.debian.org/security/2006/dsa-1087 Package : dhcp (dhcp, dhcp-client-udeb, dhcp-client) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3122 DSA ID : DSA-1143-1 DSA URL : http://www.debian.org/security/2006/dsa-1143 Package : apache (apache-common, apache, apache-doc, apache-perl, libapache-mod-perl) Vulnerability : missing input sanitising and buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3918 CVE-2006-3747 DSA ID : DSA-1167-1 DSA-1131-1 DSA URL : http://www.debian.org/security/2006/dsa-1167 http://www.debian.org/security/2006/dsa-1131 Package : imagemagick (libmagick6, imagemagick) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3744 CVE-2005-4601 DSA ID : DSA-1168-1 DSA-957-1 DSA URL : http://www.debian.org/security/2006/dsa-1168 http://www.debian.org/security/2006/dsa-957 Package : tar (tar) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-0300 DSA ID : DSA-987-1 DSA URL : http://www.debian.org/security/2006/dsa-987 Package : xpdf (xpdf-utils, xpdf-common) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-1244 CVE-2006-0301 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 DSA ID : DSA-984-1 DSA-971-1 DSA-931-1 DSA URL : http://www.debian.org/security/2006/dsa-984 http://www.debian.org/security/2006/dsa-971 http://www.debian.org/security/2006/dsa-931 Package : lynx (lynx) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2004-1617 DSA ID : DSA-1076-1 DSA URL : http://www.debian.org/security/2006/dsa-1076 Package : cupsys (cupsys-bsd, cupsys-client, libcupsimage2, cupsys, libcupsys2-gnutls10) Vulnerability : buffer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 DSA ID : DSA-950-1 DSA URL : http://www.debian.org/security/2006/dsa-950 Package : nagios (nagios-common, nagios-text) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-2162, CVE-2006-2489 DSA ID : DSA-1072-1 DSA URL : http://www.debian.org/security/2006/dsa-1072 Package : samba (winbind, smbfs, smbclient, samba, libsmbclient, samba-common, samba-doc) Vulnerability : missing input sanitising Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-3403 DSA ID : DSA-1110-1 DSA URL : http://www.debian.org/security/2006/dsa-1110 Package : koffice (kivio-data, kchart, koffice-data, koshell, kivio, kugar, kformula, koffice-libs) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2005-3191 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 CVE-2006-1244 DSA ID : DSA-938-1 DSA-1019-1 DSA URL : http://www.debian.org/security/2006/dsa-938 http://www.debian.org/security/2006/dsa-1019 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ sarge/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install <pkg1> ... <pkgN>' where <pkg1> to <pkgN> is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature