DESA-2007-013: several vulnerabilities

To: debian-edu-announce@lists.debian.org
Subject: DESA-2007-013: several vulnerabilities
From: Steffen Joeris <white@debian.org>
Date: Sun, 14 Oct 2007 13:36:18 +1000
Message-id: <[🔎] 200710141336.19717.white@debian.org>
Mail-followup-to: debian-edu@lists.debian.org

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2007-013
http://www.skolelinux.org/security/                      Steffen Joeris
October 14th, 2007              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

This DESA deals with packages that the Debian Security Team has fixed
for the stable distribution. Each section starts with "Package" and
includes a link to the Debian Security Team's announce for the
security upgrade.

Package             : kdebase (kdebase, kdebase-data, kmenuedit,
                      kpersonalizer, kcontrol, kdesktop, khelpcenter,
                      libkonq4, kicker, kdm, kpager, ksplash, klipper,
                      kate, kdepasswd, konqueror, konsole, ksysguard,
                      kdebase-bin, ktip, kfind, ksysguardd,
                      kdebase-kio-plugins, kwin, ksmserver,
                      konqueror-nsplugins, kappfinder, kdeprint)
Vulnerability       : programming error
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-4569
DSA ID              : DSA-1376-1
DSA URL             : http://www.debian.org/security/2007/dsa-1376

Package             : file (libmagic1, file)
Vulnerability       : integer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-2799
DSA ID              : DSA-1343-1
DSA URL             : http://www.debian.org/security/2007/dsa-1343

Package             : openssl (libssl, openssl)
Vulnerability       : off-by-one error/buffer overflow
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-5135
DSA ID              : DSA-1379-1
DSA URL             : http://www.debian.org/security/2007/dsa-1379

Package             : xfs (xfs)
Vulnerability       : several
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CVE-2007-4568
DSA ID              : DSA-1385-1
DSA URL             : http://www.debian.org/security/2007/dsa-1385


Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ etch/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'aptitude update' to
update your package lists. Then run

  'aptitude upgrade'

to upgrade all the packages mentioned above. This might upgrade other
packages too, and if you only want to upgrade the packages above, you
should run

  'aptitude install <pkg1> ... <pkgN>'

where <pkg1> to <pkgN> is the package names in paranthesis
from each package section above.

- --------------------------------------------------------------------------
Mailing lists: debian-edu-announce@lists.debian.org
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: DESA-2007-012: several vulnerabilities
Next by Date: Stable update: sitesummary
Previous by thread: DESA-2007-012: several vulnerabilities
Next by thread: Stable update: sitesummary
Index(es):
- Date
- Thread