[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2007-007: New lwat packages fix output handling

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-007
http://www.skolelinux.org/security/                      Steffen Joeris
August 16th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : lwat (lwat)
Vulnerability       : output handling
Need reboot         : no
Debian-Edu-specific : no

Klaus Ade Johnstad discovered that under certain conditions, the
output handling of lwat might cause the storing of sensible information.

For the stable distribution (3.0 codename terra, etch based) this
problem has been fixed in version 0.15-1etch1.

The oldstable distribution (2.0, sarge based) does not contain lwat.

We recommend that you upgrade your lwat packages.

Upgrade Instructions
- --------------------

Make sure the line

        deb http://ftp.skolelinux.org/skolelinux/ etch local

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

        'apt-get upgrade'

to upgrade the package mentioned above. This might upgrade other
packages too, and if you only want to upgrade the package above, you
should run

'apt-get install <pkg1> '

where <pkg1> is the package name in paranthesis from the package section

Debian-Edu/Skolelinux 3.0 alias terra (etch based)

 Source archives:

          Size/MD5 checksum: 09846e6469151a8a232f768f63922c22

          Size/MD5 checksum: f2f7a050fe58e0b9192143fdaf337ca7

          Size/MD5 checksum: ef4d4d5c20d56817318b86e58745c749

 Architecture independent components:

          Size/MD5 checksum: a5d6b9df5a27501f8333624c6479c1e1

- --------------------------------------------------------------------------
Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org,
               linuxiskolen@skolelinux.no, user@skolelinux.de,
              admin-discuss@skolelinux.org, debian-edu-french@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: