- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2006-005
http://www.skolelinux.no/security/ Morten Werner Olsen
September 26th, 2006 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
This DESA deals with severel packages that the Debian Security Team
has fixed. Each section start with "Package" and includes a link to
the Debian Security Team's announce for the security upgrade.
Package : tiff (libtiff4)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-3465, CVE-2006-2026, CVE-2006-2656
DSA ID : DSA-1137-1, DSA-1054-1, DSA-1091-1
DSA URL : http://www.debian.org/security/2006/dsa-1137
http://www.debian.org/security/2006/dsa-1054
http://www.debian.org/security/2006/dsa-1091
Package : shadow (passwd, login)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-3378
DSA ID : DSA-1150-1
DSA URL : http://www.debian.org/security/2006/dsa-1150
Package : dia (dia-libs, dia-common, dia)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : None
DSA ID : DSA-1025-1
DSA URL : http://www.debian.org/security/2006/dsa-1025
Package : kdelibs (kdelibs4, kdelibs-bin, kdelibs-data)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-0019
DSA ID : DSA-948-1
DSA URL : http://www.debian.org/security/2006/dsa-948
Package : kaffeine (kaffeine)
Vulnerability : buffer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-0051
DSA ID : DSA-1023-1
DSA URL : http://www.debian.org/security/2006/dsa-1023
Package : sudo (sudo)
Vulnerability : missing input sanitising
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2005-4158, CVE-2006-0151
DSA ID : DSA-946-1
DSA URL : http://www.debian.org/security/2006/dsa-946
Package : perl (libperl5.8, perl-base, perl-modules, perl)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2005-3962
DSA ID : DSA-943-1
DSA URL : http://www.debian.org/security/2006/dsa-943
Package : gzip (gzip)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-4338
DSA ID : DSA-1181-1
DSA URL : http://www.debian.org/security/2006/dsa-1181
Package : ppp (ppp)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-2194
DSA ID : DSA-1106-1
DSA URL : http://www.debian.org/security/2006/dsa-1106
Package : gnupg (gnupg)
Vulnerability : integer overflows and programming errors
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-3082, CVE-2006-3746, CVE-2006-0455,
CVE-2006-0049
DSA ID : DSA-1107-1, DSA-1140-1, DSA-978-1, DSA-993-1
DSA URL : http://www.debian.org/security/2006/dsa-1107
http://www.debian.org/security/2006/dsa-1140
http://www.debian.org/security/2006/dsa-978
http://www.debian.org/security/2006/dsa-993
Package : courier (courier-imap-ssl, courier-imap,
courier-ldap, courier-base, courier-authdaemon,
courier-ssl)
Vulnerability : programming error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2006-2659
DSA ID : DSA-1101-1
DSA URL : http://www.debian.org/security/2006/dsa-1101
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ woody/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run
'apt-get upgrade'
to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run
'apt-get install <pkg1> ... <pkgN>'
where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.
- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
linuxiskolen@skolelinux.no, user@skolelinux.de,
admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature