- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2007-001 http://www.skolelinux.no/security/ Steffen Joeris January 28th, 2007 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with severel packages that the Debian Security Team has fixed. Each section starts with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : imagemagick (imagemagick) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-5456 DSA ID : DSA-1260-1 DSA URL : http://www.debian.org/security/2007/dsa-1260 Package : gnomemeeting (gnomemeeting) Vulnerability : format string Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-1007 DSA ID : DSA-1262-1 DSA URL : http://www.debian.org/security/2007/dsa-1262 Package : postgresql (postgresql-client) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0555 DSA ID : DSA-1261-1 DSA URL : http://www.debian.org/security/2007/dsa-1261 Package : nas (libaudio2) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-1547 DSA ID : DSA-1273-1 DSA URL : http://www.debian.org/security/2007/dsa-1273 Package : file (libmagic1, file) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-1536 DSA ID : DSA-1274-1 DSA URL : http://www.debian.org/security/2007/dsa-1274 Package : gnupg (gnupg, gpgv-udeb) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-1263 DSA ID : DSA-1266-1 DSA URL : http://www.debian.org/security/2007/dsa-1266 Package : samba (smbfs, samba, smbclient, winbind, samba-common, libsmbclient, samba-doc) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0454 DSA ID : DSA-1257-1 DSA URL : http://www.debian.org/security/2007/dsa-1257 Package : tcpdump (tcpdump) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-1218 DSA ID : DSA-1272-1 DSA URL : http://www.debian.org/security/2007/dsa-1272 Package : bind9 (bind9, dnsutils, libdns16, libisc7, libisccc0, libisccfg0, liblwres1) Vulnerability : insufficient input sanitising Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0494 DSA ID : DSA-1254-1 DSA URL : http://www.debian.org/security/2007/dsa-1254 Package : gtk+2.0 (libgtk2.0-0, libgtk2.0-bin) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0010 DSA ID : DSA-1256-1 DSA URL : http://www.debian.org/security/2007/dsa-1256 Package : mozilla-thunderbird Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503 DSA ID : DSA-1258-1 DSA URL : http://www.debian.org/security/2007/dsa-1258 Package : krb5 (krb5-user, libkrb53) Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 DSA ID : DSA-1276-1 DSA URL : http://www.debian.org/security/2007/dsa-1276 Package : xmms Vulnerability : several vulnerabilities Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2007-0654, CVE-2007-0653 DSA ID : DSA-1277-1 DSA URL : http://www.debian.org/security/2007/dsa-1277 Package : man-db Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CVE-2006-4250 DSA ID : DSA-1278-1 DSA URL : http://www.debian.org/security/2007/dsa-1278 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ sarge/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install <pkg1> ... <pkgN>' where <pkg1> to <pkgN> is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org Package info: `apt-cache show <pkg>'
Attachment:
pgpwWgWUdSETN.pgp
Description: PGP signature