[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.2 released



------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Updated Debian 6.0: 6.0.2 released                      press@debian.org
June 25th, 2011                 http://www.debian.org/News/2011/20110625
------------------------------------------------------------------------

Updated Debian 6.0: 6.0.1 released

The Debian project is pleased to announce the first update of its stable
distribution Debian 6.0 (codename "Squeeze").  This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments to serious problems.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included.  There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

    http://www.debian.org/mirror/list


Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package                      Reason

aide                         Properly support large files on 32-bit systems; fix group for bind9 log files
approx                       Don't try caching InRelease or non-.gz compressed files
apr                          Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*
apt                          Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support
apt-listchanges              Correctly handle NEWS files containing only one entry
base-files                   Update /etc/debian_version
clive                        Adapt for liveleak.com changes
dbus                         Fix local DoS for system services (CVE-2011-2200)
deborphan                    Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes
dokuwiki                     Fix an ACL bypass issue in the XMLRPC interface
dpkg                         Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration
e2fsprogs                    Various bug fixes
fakechroot                   Fix 'debootstrap --variant=fakechroot'
fcgiwrap                     Fix init script's 'stop' target
gdm3                         Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down
git                          Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user
gnome-settings-daemon        Work around possible race condition when starting Xsettings manager
ia32-libs                    Refresh packages from stable and proposed-updates.
iceowl                       Security updates
im-config                    Avoid breaking login via GDM if im-config is removed but not purged
inn                          Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default
josm                         Give more verbose explanation to users who haven't agreed to the new OSM license
kde4libs                     Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes
kdenetwork                   Improve fix for CVE-2010-1000 directory traversal issue
kernel-wedge                 Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules
kerneltop                    Increase line buffer size to 1024 bytes
klibc                        ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)
krb5                         Fix several security and interoperability problems
kupfer                       Use correct parameter type to allow keybindings to work again
libapache2-mod-perl2         Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
libburn                      Don't create images with overly-restrictive permissions
libfinance-quotehist-perl    Disable test suite, broken by website changes
libmms                       Fix alignment issues on arm
linux-2.6                    New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables
linux-kernel-di-amd64-2.6    Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-armel-2.6    Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-i386-2.6     Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-ia64-2.6     Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mips-2.6     Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mipsel-2.6   Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-powerpc-2.6  Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-s390-2.6     Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-sparc-2.6    Rebuild against kernel-wedge 2.74+squeeze3
lua-expat                    Fix the 'billion laughs' DoS attack
monkeysphere                 Fix monkeysphere-host revoke-key
nagios-plugins               Allocate a big enough buffer to handle all IPs of hosts being pinged
nsd3                         Remove statoverride before removing the package's user
openldap                     Fix possible database corruption issues, several security issues and dpkg-reconfigure
php-svn                      Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
php5                         Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
pianobar                     Update API keys for XMLRPC v30
postgresql-8.4               New upstream bugfix release; fix pg_upgrade use with TOAST tables
prosody                      Fix the 'billion laughs' DoS attack
puppet                       Fix service provider to properly use update-rc.d disable API
python-apt                   Strip multiarch by default in RealParseDepends; add XZ support
python-gudev                 Add missing dependency on python-gobject
q4wine                       Stop shipping the library in lib64
qemu                         Don't register qemu-mips(el) with binfmt on mips(el)
qemu-kvm                     Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit
qt4-x11                      Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification
rapidsvn                     Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
refpolicy                    Various permissions fixes
reprepro                     Handle Release files which don't contain md5sums
ruby1.8                      Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8
samba                        Sevral bugfixes
schroot                      Fix loading of dchroot.conf
softhsm                      Remove statoverride entries before the package's user
sun-java6                    New upstream security update
tzdata                       New upstream version
vimperator                   Resolve compatibility issues with iceweasel
widelands                    Fix potential security issue in Internet games
xenomai                      Adapt kernel patch to apply cleanly to squeeze's kernel
xserver-xorg-video-tseng     Fix driver initialisation


Debian Installer
----------------

The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with support for
additional hardware.


Security Updates
----------------

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID  Package                   Correction(s)

DSA-2161     openjdk-6                 Denial of service
DSA-2193     libcgroup                 Several
DSA-2194     libvirt                   Privilege escalation
DSA-2195     php5                      Several
DSA-2197     quagga                    Denial of service
DSA-2198     tex-common                Insufficient input sanitizing
DSA-2199     iceape                    Update HTTPS certificate blacklist
DSA-2200     iceweasel                 Update HTTPS certificate blacklist
DSA-2201     wireshark                 Several
DSA-2202     apache2                   Failure to drop root privileges
DSA-2203     nss                       Update HTTPS certificate blacklist
DSA-2205     gdm3                      Privilege escalation
DSA-2206     mahara                    Several
DSA-2208     bind9                     Denial of service
DSA-2209     tgt                       Double free
DSA-2211     vlc                       Missing input sanitising
DSA-2212     tmux                      Privilege escalation
DSA-2213     x11-xserver-utils         Missing input sanitizing
DSA-2214     ikiwiki                   Missing input validation
DSA-2215     gitolite                  Directory traversal
DSA-2216     isc-dhcp                  Missing input sanitizing
DSA-2218     vlc                       Heap-based buffer overflow
DSA-2219     xmlsec1                   File overwrite
DSA-2220     request-tracker3.8        Several
DSA-2221     libmojolicious-perl       Directory traversal
DSA-2222     tinyproxy                 Incorrect ACL processing
DSA-2223     doctrine                  SQL injection
DSA-2224     openjdk-6                 Several
DSA-2225     asterisk                  Several
DSA-2226     libmodplug                Buffer overflow
DSA-2227     iceape                    Several
DSA-2229     spip                      Denial of service
DSA-2230     qemu-kvm                  Several
DSA-2231     otrs2                     Cross-site scripting
DSA-2232     exim4                     Format string vulnerability
DSA-2233     postfix                   Several
DSA-2235     icedove                   Several
DSA-2236     exim4                     Command injection
DSA-2237     apr                       Denial of service
DSA-2238     vino                      Denial of service
DSA-2239     libmojolicious-perl       Several
DSA-2240     user-mode-linux           Several issues
DSA-2240     linux-2.6                 Several issues
DSA-2241     qemu-kvm                  Implementation error
DSA-2242     cyrus-imapd-2.2           Implementation error
DSA-2244     bind9                     Wrong boundary condition
DSA-2245     chromium-browser          Several vulnerabilities
DSA-2246     mahara                    Several vulnerabilities
DSA-2247     rails                     Several vulnerabilities
DSA-2249     jabberd14                 Denial of service
DSA-2250     citadel                   Denial of service
DSA-2254     oprofile                  Command injection
DSA-2255     libxml2                   Buffer overflow
DSA-2257     vlc                       Buffer overflow
DSA-2259     fex                       Authentication bypass
DSA-2261     redmine                   Several
DSA-2262     moodle                    Several
DSA-2263     movabletype-opensource    Several
DSA-2265     perl                      Missing taint check


Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

Package               Reason

ktsuss                security issues; unmaintained


URLs
----

The complete lists of packages that have changed with this revision:

  <http://ftp.debian.org/debian/dists/squeeze/ChangeLog>

The current stable distribution:

  <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

  <http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

  <http://www.debian.org/releases/stable/>

Security announcements and information:

  <http://www.debian.org/security/>


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or contact
the stable release team at <debian-release@lists.debian.org>

-- 
GNU does not eliminate all the world's problems, only some of them.
                                                -- The GNU Manifesto


Reply to: