DESA-2007-007: New lwat packages fix output handling

To: debian-edu@lists.debian.org, bruker@skolelinux.no, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Subject: DESA-2007-007: New lwat packages fix output handling
From: Steffen Joeris <white@debian.org>
Date: Thu, 16 Aug 2007 11:44:02 +1000
Message-id: <200708161144.04111.white@debian.org>

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-007
http://www.skolelinux.org/security/                      Steffen Joeris
August 16th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : lwat (lwat)
Vulnerability       : output handling
Need reboot         : no
Debian-Edu-specific : no

Klaus Ade Johnstad discovered that under certain conditions, the
output handling of lwat might cause the storing of sensible information.

For the stable distribution (3.0 codename terra, etch based) this
problem has been fixed in version 0.15-1etch1.

The oldstable distribution (2.0, sarge based) does not contain lwat.

We recommend that you upgrade your lwat packages.



Upgrade Instructions
- --------------------

Make sure the line

        deb http://ftp.skolelinux.org/skolelinux/ etch local

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

        'apt-get upgrade'

to upgrade the package mentioned above. This might upgrade other
packages too, and if you only want to upgrade the package above, you
should run

'apt-get install <pkg1> '

where <pkg1> is the package name in paranthesis from the package section
above.



Debian-Edu/Skolelinux 3.0 alias terra (etch based)
--------------------------------------------------

 Source archives:

        
http://ftp.skolelinux.org/skolelinux/pool/local/l/lwat/lwat_0.15-1etch1.dsc
          Size/MD5 checksum: 09846e6469151a8a232f768f63922c22

        
http://ftp.skolelinux.org/skolelinux/pool/local/l/lwat/lwat_0.15-1etch1.diff.gz
          Size/MD5 checksum: f2f7a050fe58e0b9192143fdaf337ca7

        
http://ftp.skolelinux.org/skolelinux/pool/local/l/lwat/lwat_0.15.orig.tar.gz
          Size/MD5 checksum: ef4d4d5c20d56817318b86e58745c749



 Architecture independent components:

        
http://ftp.skolelinux.org/skolelinux/pool/local/l/lwat/lwat_0.15-1etch1_all.deb
          Size/MD5 checksum: a5d6b9df5a27501f8333624c6479c1e1

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
              admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Re: ldap/lwat test
Next by Date: Re: request for new debian-edu-announce@lists.debian.org ML
Previous by thread: Re: partitions and groups
Next by thread: struggling with adding machines
Index(es):
- Date
- Thread