DESA-2007-002: several vulnerabilities

To: debian-edu@lists.debian.org, bruker@skolelinux.no, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org
Subject: DESA-2007-002: several vulnerabilities
From: Steffen Joeris <white@debian.org>
Date: Sat, 12 May 2007 13:57:45 +1000
Message-id: <200705121357.47155.white@debian.org>

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-001
http://www.skolelinux.no/security/                      Steffen Joeris
January 28th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with severel packages that the Debian Security Team
has fixed. Each section starts with "Package" and includes a link to
the Debian Security Team's announce for the security upgrade.


Package                         : imagemagick (imagemagick)
Vulnerability                   : buffer overflow
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2006-5456
DSA ID                          : DSA-1260-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1260

Package                         : gnomemeeting (gnomemeeting)
Vulnerability                   : format string
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-1007
DSA ID                          : DSA-1262-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1262

Package                         : postgresql (postgresql-client)
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0555
DSA ID                          : DSA-1261-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1261

Package                         : nas (libaudio2)
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-1547
DSA ID                          : DSA-1273-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1273

Package                         : file (libmagic1, file)
Vulnerability                   : buffer overflow
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-1536
DSA ID                          : DSA-1274-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1274

Package                         : gnupg (gnupg, gpgv-udeb)
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-1263
DSA ID                          : DSA-1266-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1266

Package                         : samba (smbfs, samba, smbclient, winbind, 
samba-common,                                      libsmbclient, samba-doc)
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0454
DSA ID                          : DSA-1257-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1257

Package                         : tcpdump (tcpdump)
Vulnerability                   : buffer overflow
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-1218
DSA ID                          : DSA-1272-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1272

Package                         : bind9 (bind9, dnsutils, libdns16, libisc7, 
libisccc0,                                       libisccfg0, liblwres1)
Vulnerability                   : insufficient input sanitising
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0494
DSA ID                          : DSA-1254-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1254

Package                         : gtk+2.0 (libgtk2.0-0, libgtk2.0-bin)
Vulnerability                   : programming error
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0010
DSA ID                          : DSA-1256-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1256

Package                         : mozilla-thunderbird
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2006-6497, CVE-2006-6498, CVE-2006-6499,
                                  CVE-2006-6501, CVE-2006-6502, CVE-2006-6503
DSA ID                          : DSA-1258-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1258

Package                         : krb5 (krb5-user, libkrb53)
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
DSA ID                          : DSA-1276-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1276

Package                         : xmms
Vulnerability                   : several vulnerabilities
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2007-0654, CVE-2007-0653
DSA ID                          : DSA-1277-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1277

Package                         : man-db
Vulnerability                   : buffer overflow
Need reboot                     : no
Debian-Edu-specific             : no
CVE ID                          : CVE-2006-4250
DSA ID                          : DSA-1278-1
DSA URL                         : http://www.debian.org/security/2007/dsa-1278


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ sarge/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'apt-get install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
               admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'

Attachment: pgpwWgWUdSETN.pgp
Description: PGP signature

Reply to:

Prev by Date: [Bug 1140] software missing, but icons present
Next by Date: Re: Which debian packages should be installed on a debian edu laptop?
Previous by thread: [Bug 1156] Start Page is different beetween English and other languages
Next by thread: debian-edu-config_0.410+svn33268_i386.changes ACCEPTED
Index(es):
- Date
- Thread