[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.3 released

The Debian Project                                 http://www.debian.org/
Updated Debian 6.0: 6.0.3 released                       press@debian.org
October 8th, 2011                http://www.debian.org/News/2011/20111008
Updated Debian 6.0: 6.0.3 released

The Debian project is pleased to announce the third update of its stable
distribution Debian 6.0 (codename "Squeeze").  This update mainly adds
corrections for security problems to the stable release, along with a few
adjustments to serious problems.  Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included.  There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

Package				Reason

ace                             Rebuild to drop non-distributable files
akonadi                         Support the use of network-mounted $HOME
amispammer                      Update service used for discovering the local IP address
apache2                         Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp; various documentation and init script fixes
aptitude                        Fix symlink attack in hierarchy editor
arcboot                         Fix netinstall on IP22 / IP32
atop                            Insecure use of temporary files
base-files                      Update /etc/debian_version for the point release
brltty                          Fix parsing brltty= when not all parameters are provided; setup gconf even if no table was specified
clamav                          New upstream release; fix off-by-one and "opcode 20 not implemented" errors
clive                           Adapt for youtube.com changes
conky                           Fix file overwrite vulnerability
ctdb                            Fix path to ethtool and activation of httpd service
debian-installer-utils          Set SUDO_FORCE_REMOVE=yes to allow sudo-ldap to be installed from d-i
deja-dup                        Explicitly pass environment to subprocesses to ensure correct GPG operation on restores
dokuwiki                        RSS XSS security fix
dput                            Update backports configuration to use the new .d.o hosts
drupal6                         Security fix for XSS in color module
firmware-nonfree                Add VIA VT6656, Realtek RTL8105E-1 and RTL8168E-1/2/3 firmware
foo2zjs                         Fix insecure use of temporary file
freebsd-libs                    Move libsbuf.so.0 and libipx.so.2 to /lib
freebsd-utils                   Provide config files and init.d script for devd; enable ieee80211 (wireless) in ifconfig
gajim                           Fix high CPU load on connection
gdebi                           Try to determine correct localized value for "Y"
gdm3                            Only show shutdown options when requested; fix double free; only set WINDOWPATH if not NULL; remove beep in PAM dialog patch
git                             Fix off-by-one parsing commit subjects; prevent deadlock when shallow-cloning; documentation updates
grub-installer                  Allow use of grub-legacy to be pre-seeded (if appropriate)
grub2                           Handle Xen split-partition disk image devices; ensure uniqueness of RAID array numbers; fix grub-probe detection for ATA devices using "ata" driver on kFreeBSD 9
heimdal                         Allow DES to be used with NFS
httpcomponents-client           Fix bug causing Proxy-Authorization header to be passed to target hosts
ia32-libs                       Refresh packages from stable and security
ia32-libs-gtk                   Refresh packages from stable and security
ibid                            Fix various security issues; make the HTTP source work again
ipmitool                        Fix segfault
kde4libs                        Prevent marked text being cut when switching documents in kate
kernel-wedge                    Stop considering acpi.ko as part of the kernel for kFreeBSD
kfreebsd-8                      Fix net802.11 stack kernel memory disclosure (CVE-2011-2480); merge backported if_msk driver from 8-STABLE; re-enable building of some modules
kfreebsd-kernel-di-amd64        Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
kfreebsd-kernel-di-i386         Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
krb5                            Permit gss_set_allowable_enctypes to restrict acceptor enctypes, allowing newer clients to use a Squeeze NFS server without degrading security for non-NFS applications
kupfer                          Don't crash if Evolution address book not present
libpcap                         Fix corruption of snapshot length on live captures; fix device detection when bonding in use
lintian                         Fix information disclosure issues
linux-2.6                       Update to long-term release; backport network driver changes
linux-kernel-di-amd64-2.6       Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-armel-2.6       Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-i386-2.6        Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-ia64-2.6        Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-mips-2.6        Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-mipsel-2.6      Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-powerpc-2.6     Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-s390-2.6        Rebuild against linux-2.6 2.6.32-38
linux-kernel-di-sparc-2.6       Rebuild against linux-2.6 2.6.32-38
mesa                            GLX: suppress BadRequest from DRI2Connect (expected for non-local clients)
mod-gnutls                      Fix segmentation faults
nagvis                          Install documentation; properly apply FollowSymlinks; only call ucf if available
nss-pam-ldapd                   Fix uninitialised memory while parsing the tls_ciphers; fix problem with partial attribute name matches in DN; make all string buffers able to represent 64-bit numbers; treat the "hard" value for tls_reqcert as if it was "demand"
openarena                       Fix arbitrary code execution by malicious bytecode
opencv                          Fix install path of opencv-doc; optimise i386 package for i486
openssh                         Quieten logs when multiple from= restrictions are used in different authorized_keys lines for the same key
openssl                         Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
pianobar                        Support XMLRPC API version 31
pmake                           Fix symlink attack via temporary files
postgresql-8.4                  Fix regression due to "fix plpgsql's issues with dropped columns in rowtypes in 8.4 branch"
python-recaptcha                Update URLs for web service move to google.com
quassel                         Fix DoS via CTCP
red5                            Add missing dependency on glassfish-javaee
sbcl                            Fix reference to undefined asdf::split in the asdf-install module
shelldap                        Exit with a nicer error message if IO::Socket::SSL isn't installed, but SSL/TLS was requested
system-tools-backends           Properly handle config file rename
tesseract                       Fix file overwrite vulnerability by disabling xterm-based debug windows
typo3-src                       Fix cache flooding via improper error handling
tzdata                          New upstream version
update-inetd                    Fix breakage with non-default inetd packages
usbutils                        Update USB ID list; build-depend on libusb2-dev on kFreeBSD
user-mode-linux                 Rebuild against linux-2.6 2.6.32-37
v86d                            Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS
vftool                          Fix a buffer overflow in linetoken() in parseAFM.c
vte                             Fix DoS
widelands                       Fix network play on official maps (regression introduced by previous update)
win32-loader                    Add Built-Using header; allow suite-specific versions; document versions of embedded software
xapian-omega                    Fix escaping issues in templates
zfsutils                        Update LSB init headers to ensure clean startup/shutdown; add bash-completion script

Note that the krb5 change mentioned above requires a further update to
the "nfs-common" package before it will be effective.  It is hoped that
this update will be included in the next point release.

During the final stages of the point release, it was noticed that the
"quassel" package no longer included any translation files.  It is hoped
that an update restoring the translations will be available soon via
"squeeze-updates" and included in the next point release.

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

Advisory ID  Package			Correction(s)

DSA-2188 webkit                  	Multiple issues
DSA-2210 tiff                    	Multiple issues
DSA-2228 iceweasel               	Multiple issues
DSA-2248 ejabberd                	Denial of service
DSA-2252 dovecot                 	Programming error
DSA-2254 oprofile                	Command injection
DSA-2256 tiff                    	Buffer overflow
DSA-2258 kolab-cyrus-imapd       	Implementation error
DSA-2266 php5                    	Multiple issues
DSA-2267 perl                    	Restriction bypass
DSA-2268 iceweasel               	Multiple issues
DSA-2269 iceape                  	Multiple issues
DSA-2270 qemu-kvm                	Programming error
DSA-2271 curl                    	Improper delegation of client credentials
DSA-2272 bind9                   	Denial of service
DSA-2273 icedove                	Multiple issues
DSA-2274 wireshark              	Multiple issues
DSA-2276 asterisk            	 	Multiple issues
DSA-2277 xml-security-c          	Buffer overflow
DSA-2279 libapache2-mod-authnz-external	SQL injection
DSA-2280 libvirt                 	Multiple issues
DSA-2281 opie                    	Multiple issues
DSA-2282 qemu-kvm                	Multiple issues
DSA-2285 mapserver               	Multiple issues
DSA-2287 libpng                  	Multiple issues
DSA-2288 libsndfile              	Integer overflow
DSA-2289 typo3-src               	Multiple issues
DSA-2291 squirrelmail            	Multiple issues
DSA-2292 isc-dhcp                	Denial of service
DSA-2293 libxfont                	Buffer overflow
DSA-2294 freetype                	Missing input sanitization
DSA-2295 iceape                  	Multiple issues
DSA-2296 iceweasel               	Multiple issues
DSA-2297 icedove                 	Multiple issues
DSA-2298 apache2                 	Denial of service
DSA-2299 ca-certificates         	Blacklist "DigiNotar Root CA"
DSA-2300 nss                     	Compromised certificate authority
DSA-2301 rails                   	Multiple issues
DSA-2302 bcfg2                   	Arbitrary code execution
DSA-2303 user-mode-linux         	Multiple issues
DSA-2303 linux-2.6               	Multiple issues
DSA-2304 squid3                  	Buffer overflow
DSA-2305 vsftpd                  	Denial of service
DSA-2306 ffmpeg                  	Multiple issues
DSA-2307 chromium-browser        	Multiple issues
DSA-2308 mantis                  	Multiple issues
DSA-2309 openssl                 	Compromised certificate authority
DSA-2312 iceape                  	Multiple issues
DSA-2313 iceweasel               	Multiple issues
DSA-2314 puppet                  	Multiple issues
DSA-2316 quagga                  	Multiple issues
DSA-2317 icedove                 	Multiple issues

Debian Installer

The Debian Installer has been updated in this point release to 
correct the following issues (among others):

 * fix netinstall on IP22 / IP32 (mips)
 * allow use of grub-legacy to be pre-seeded (if appropriate)

The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with updates to
the e1000e, igb, igbvf, r8169, tg3, and broadcom network drivers to add
support for additional hardware.

The GNU/kFreeBSD installer also incorporates an updated kernel image
including an updated if_msk Gigabit Ethernet driver.


The complete lists of packages that have changed with this


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Reply to: