- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2005-004 http://www.skolelinux.org/security/ Morten Werner Olsen January 28th, 2005 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with several packages that the Debian Security Team has fixed. Each section start with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : krb5 (libkrb53) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-1189 DSA ID : DSA-629-1 DSA URL : http://www.debian.org/security/2005/dsa-629 Package : kdelibs (kdelibs3 kdelibs3-crypt libarts libkmid) Vulnerability : unsanitised input, missing return value check Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-1165 CAN-2005-0078 DSA ID : DSA-631-1 DSA-660-1 DSA URL : http://www.debian.org/security/2005/dsa-631 http://www.debian.org/security/2005/dsa-660 Package : exim (exim) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-0021 DSA ID : DSA-635-1 DSA URL : http://www.debian.org/security/2005/dsa-635 Package : glibc (libc6 nscd) Vulnerability : insecure temporary files Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0968 DSA ID : DSA-636-1 DSA URL : http://www.debian.org/security/2005/dsa-636 Package : cupsys (cupsys cupsys-bsd cupsys-client cupsys-pstoraster libcupsys2) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-0064 DSA ID : DSA-645-1 DSA URL : http://www.debian.org/security/2005/dsa-645 Package : xpdf (xpdf xpdf-common xpdf-reader xpdf-utils) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-0064 DSA ID : DSA-648-1 DSA URL : http://www.debian.org/security/2005/dsa-648 Package : squid (squid) Vulnerability : buffer overflow, integer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-0094 CAN-2005-0095 DSA ID : DSA-651-1 DSA URL : http://www.debian.org/security/2005/dsa-651 Package : xine-lib (libxine0) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-1379 DSA ID : DSA-657-1 DSA URL : http://www.debian.org/security/2005/dsa-657 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ stable/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install ... ' where to is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org Package info: `apt-cache show '