[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian GNU/Linux: 5.0.8 released

The Debian Project                                 http://www.debian.org/
pdated Debian GNU/Linux: 5.0.8 released                  press@debian.org
January 22nd, 2011               http://www.debian.org/News/2011/20110122

Updated Debian GNU/Linux: 5.0.8 released

The Debian project is pleased to announce the eighth update of its
stable distribution Debian GNU/Linux 5.0 (codename "lenny").  This
update mainly adds corrections for security problems to the stable
release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included.  There is
no need to throw away 5.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

    Package                          Reason

    awstats                          Fix directory traversal via crafted LoadPlugin directory
    base-files                       Update debian_version for the point release
    boxbackup                        Reduce root CA expiration date to avoid overflow in 2038
    git-core                         Fix cross-site scripting vulnerability
    gquilt                           Insecure setting of PYTHONPATH
    hamlib                           Use system libltdl rather than an internal copy vulnerable to CVE-2009-3736
    ia32-libs                        Refresh with new packages from lenny and lenny-security
    ia32-libs-gtk                    Refresh with new packages from lenny and lenny-security
    ldap-account-manager             Fix upgrades from lenny by dropping master password debconf question
    libcgi-pm-perl                   Fix header-parsing related security issues
    libcgi-simple-perl               Fix header-parsing related security issues
    libgadu                          Fix memory corruption when removing dcc7 sessions
    man-db                           Suppress locale warnings when being run from a dpkg maintainer script
    mediawiki                        Deny framing on most pages to minimise risk of clickjacking
    movabletype-opensource           Fix various XSS and SQL security issues
    mumble                           Don't make configuration file world-readable; delete /var/lib/mumble-server on purge
    opensc                           Protect against buffer overflow from rogue cards
    perl                             Fix header-parsing related security bugs; update to Safe-2.25
    postgresql-8.3                   New upstream bugfix release
    spamassassin                     Update list of ARIN netblock delegations to avoid false positives in RelayEval
    splashy                          Modify lsb-base-logging.sh to avoid issues if splashy is removed but not purged
    surfraw                          Update Debian security-tracker URL
    user-mode-linux                  Rebuild against linux-source-2.6.26 (2.6.26-26lenny1)
    xdigger                          Fix buffer overflow errors

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

    Advisory ID        Package                 Correction(s)

    DSA-2110           linux-2.6               Several issues
    DSA-2122           glibc                   Privilege escalation
    DSA-2126           linux-2.6               Several issues
    DSA-2127           wireshark               Denial of service
    DSA-2128           libxml2                 Potential code execution
    DSA-2129           krb5                    Checksum verification weakness
    DSA-2130           bind9                   Denial of service
    DSA-2131           exim4                   Remote code execution
    DSA-2132           xulrunner               Several vulnerabilities
    DSA-2133           collectd                Denial of service
    DSA-2135           xpdf                    Several vulnerabilities
    DSA-2136           tor                     Potential code execution
    DSA-2137           libxml2                 Several vulnerabilities
    DSA-2138           wordpress               SQL injection
    DSA-2139           phpmyadmin              Several
    DSA-2140           libapache2-mod-fcgid    Stack overflow
    DSA-2141           apache2                 Add backward compatibility options when used with new openssl
    DSA-2141           nss                     Protocol design flaw
    DSA-2141           apache2-mpm-itk         Rebuild with apache2-src 2.2.9-10+lenny9
    DSA-2141           openssl                 Protocol design flaw
    DSA-2141           lighttpd                Compatibility problem with updated openssl
    DSA-2142           dpkg                    Directory traversal
    DSA-2143           mysql-dfsg-5.0          Several vulnerabilities
    DSA-2144           wireshark               Buffer overflow
    DSA-2145           libsmi                  Buffer overflow
    DSA-2146           mydms                   Directory traversal problem
    DSA-2147           pimd                    Insecure temporary files
    DSA-2148           tor                     Several

Removed packages

The following packages were removed due to circumstances beyond our

    Package                   Reason

    pytris                    security issues; abandoned upstream
    python-gendoc             broken with python >= 2.5
    clive                     completely broken
    gmailfs                   broken due to gmail changes; abandoned upstream
    python-libgmail           broken due to gmail changes; abandoned upstream

About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or contact
the stable release team at <debian-release@lists.debian.org>

Reply to: