- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-005
http://www.skolelinux.org/security/ Steffen Joeris
August 7th, 2007 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
This DESA deals with packages that the Debian Security Team has fixed
for the stable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.
Package : xulrunner (xulrunner-gnome-support)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3089, CVE-2007-3285, CVE-2007-3656,
CVE-2007-3734, CVE-2007-3735, CVE-2007-3736,
CVE-2007-3737, CVE-2007-3738
DSA ID : DSA-1337-1
DSA URL : http://www.debian.org/security/2007/dsa-1337
Package : iceweasel (iceweasel-gnome-support, iceweasel,
firefox)
Vulnerability : several vulnerabilities
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3089, CVE-2007-3656, CVE-2007-3734,
CVE-2007-3735, CVE-2007-3736, CVE-2007-3737,
CVE-2007-3738
DSA ID : DSA-1338-1
DSA URL : http://www.debian.org/security/2007/dsa-1338
Package : clamav (clamav-base, clamav, clamav-freshclam,
libclamav2)
Vulnerability : null pointer dereference
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3725
DSA ID : DSA-1340-1
DSA URL : http://www.debian.org/security/2007/dsa-1340
Package : bind9 (bind9-doc, bind9, bind9-host, dnsutils,
libbind9, libdns22, libisc11, libisccc0,
libisccfg1, liblwres9)
Vulnerability : design error
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-2926
DSA ID : DSA-1341-1
DSA URL : http://www.debian.org/security/2007/dsa-1341
Package : xfs (xfs)
Vulnerability : race condition
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3103
DSA ID : DSA-1342-1
DSA URL : http://www.debian.org/security/2007/dsa-1342
Package : file (file, libmagic1)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-2799
DSA ID : DSA-1343-1
DSA URL : http://www.debian.org/security/2007/dsa-1343
Package : xulrunner (libxul-common, libmozjs0d, libnspr4-0d,
libnss3-0d, libxul0d,
xulrunner-gnome-support)
Vulnerability : several
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3844, CVE-2007-3845
DSA ID : DSA-1345-1
DSA URL : http://www.debian.org/security/2007/dsa-1345
Package : xpdf (xpdf-common, xpdf-reader, xpdf-utils)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3387
DSA ID : DSA-1347-1
DSA URL : http://www.debian.org/security/2007/dsa-1347
Package : poppler (libpoppler0c2, libpoppler0c2-glib,
libpoppler0c2-qt, poppler-utils)
Vulnerability : integer overflow
Need reboot : no
Debian-Edu-specific : no
CVE ID : CVE-2007-3387
DSA ID : DSA-1348-1
DSA URL : http://www.debian.org/security/2007/dsa-1348
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ etch/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run
'apt-get upgrade'
to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run
'apt-get install <pkg1> ... <pkgN>'
where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.
- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
linuxiskolen@skolelinux.no, user@skolelinux.de,
admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: This is a digitally signed message part.