- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2006-001 http://www.skolelinux.org/security/ Morten Werner Olsen January 27th, 2005 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- This DESA deals with several packages that the Debian Security Team has fixed. Each section start with "Package" and includes a link to the Debian Security Team's announce for the security upgrade. Package : courier (courier-authdaemon, courier-base, courier-imap, courier-ldap) Vulnerability : programming error Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-3532 DSA ID : DSA-917-1 DSA URL : http://www.debian.org/security/2005/dsa-917 Package : curl (libcurl2) Vulnerability : buffer overflow Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-4077 CVE-2005-3185 DSA ID : DSA-919-1 DSA URL : http://www.debian.org/security/2005/dsa-919 Package : xpdf (xpdf xpdf-common xpdf-reader xpdf-utils) Vulnerability : buffer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 DSA ID : DSA-931-1 DSA URL : http://www.debian.org/security/2005/dsa-931 Package : unzip (unzip) Vulnerability : race condition Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-2475 DSA ID : DSA-903-2 DSA URL : http://www.debian.org/security/2005/dsa-903 Package : tetex-bin (tetex-bin libkpathsea3) Vulnerability : buffer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 DSA ID : DSA-937-1 DSA URL : http://www.debian.org/security/2005/dsa-937 Package : sudo (sudo) Vulnerability : missing input sanitising Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-4158 CVE-2006-0151 DSA ID : DSA-946-1 DSA URL : http://www.debian.org/security/2005/dsa-946 Package : cupsys (cupsys cupsys-bsd cupsys-client cupsys-pstoraster libcupsys2) Vulnerability : buffer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 DSA ID : DSA-950-1 DSA URL : http://www.debian.org/security/2005/dsa-950 Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ woody/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get upgrade' to upgrade all the packages mentioned above. This might upgrade other packages too, and if you only want to upgrade the packages above, you should run 'apt-get install ... ' where to is the package names in paranthesis from each package section above. - -------------------------------------------------------------------------- Mailing lists: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de, admin-discuss@skolelinux.org Package info: `apt-cache show '