[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 5.0: 5.0.10 released

Hash: SHA256

- ------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Updated Debian 5.0: 5.0.10 released                     press@debian.org
March 10th, 2012                http://www.debian.org/News/2012/20120310
- ------------------------------------------------------------------------

  The Debian project is pleased to announce the tenth and final update
of its oldstable distribution Debian 5.0 (codename `lenny'). This update
mainly adds corrections for security problems to the oldstable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

  The alpha and ia64 packages from DSA 1769 are not included in this
point release for technical reasons. All other security updates
released during the lifetime of `lenny' that have not previously been
part of a point release are included in this update.

  Please note that the security support for the oldstable distribution
ended in February 2012 and no updates have been released since that


  Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

  New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

  Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


  Please note that the oldstable distribution will be moved from the
main archive to the archive.debian.org repository after March 24th 2012.
After this move, it will no longer be available from the main mirror
network. More information about the distribution archive and a list of
mirrors is available at:


Miscellaneous Bugfixes

  This oldstable update adds a few important corrections to the
following packages:

    Package                             Reason

apr             Disable robust pthread mutexes on alpha, arm, and armel
base-files      Update /etc/debian_version for the point release
ia32-libs       Refresh packages to include recent security updates
libdigest-perl  Fix unsafe use of eval in Digest->new()
linux-2.6       Various security fixes
phppgadmin      Fix XSS
postgresql-8.3  New upstream micro-release
typo3-src       Fix cache flooding via improper error handling
xapian-omega    Fix escaping issues in templates
xpdf            Insecure tempfile usage in zxpdf
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-29)

Security Updates

  This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID       Package                   Correction(s)

 DSA-1769        openjdk-6        Arbitrary code execution
 DSA-2161        openjdk-6        Multiple issues
 DSA-2224        openjdk-6        Multiple issues
 DSA-2237           apr           Denial of service
 DSA-2251        subversion       Multiple issues
 DSA-2258    kolab-cyrus-imapd    Implementation error
 DSA-2263  movabletype-opensource Multiple issues
 DSA-2265           perl          Missing taint check
 DSA-2267           perl          Restriction bypass
 DSA-2271           curl          Improper delegation of client
 DSA-2281           opie          Multiple issues
 DSA-2284        opensaml2        Implementation error
 DSA-2285        mapserver        Multiple issues
 DSA-2287          libpng         Multiple issues
 DSA-2301          rails          Multiple issues
 DSA-2305          vsftpd         Denial of service
 DSA-2313        xulrunner        Multiple issues
 DSA-2315      openoffice.org     Multiple issues
 DSA-2316          quagga         Multiple issues
 DSA-2318     cyrus-imapd-2.2     Multiple issues
 DSA-2320         dokuwiki        Regression fix
 DSA-2321           moin          Cross-site scripting
 DSA-2323          radvd          Multiple issues
 DSA-2324        wireshark        Programming error
 DSA-2328         freetype        Missing input sanitising
 DSA-2332      python-django      Multiple issues
 DSA-2333       phpldapadmin      Multiple issues
 DSA-2334          mahara         Multiple issues
 DSA-2335         man2html        Missing input sanitization
 DSA-2339           nss           Multiple issues
 DSA-2340      postgresql-8.3     Weak password hashing
 DSA-2341        xulrunner        Multiple issues
 DSA-2343         openssl         CA trust revocation
 DSA-2346       proftpd-dfsg      Multiple issues
 DSA-2347          bind9          Improper assert
 DSA-2350         freetype        Missing input sanitising
 DSA-2351        wireshark        Buffer overflow
 DSA-2352          puppet         Programming error
 DSA-2354           cups          Multiple issues
 DSA-2355       clearsilver       Format string vulnerability
 DSA-2357          evince         Multiple issues
 DSA-2358        openjdk-6        Multiple issues
 DSA-2361          chasen         Buffer overflow
 DSA-2362          acpid          Multiple issues
 DSA-2363           tor           Buffer overflow
 DSA-2365           dtc           Multiple issues
 DSA-2366        mediawiki        Multiple issues
 DSA-2367         asterisk        Multiple issues
 DSA-2368         lighttpd        Multiple issues
 DSA-2369        libsoup2.4       Directory traversal
 DSA-2370         unbound         Multiple issues
 DSA-2371          jasper         Buffer overflows
 DSA-2372         heimdal         Buffer overflow
 DSA-2373        inetutils        Buffer overflow
 DSA-2374         openswan        Implementation error
 DSA-2375           krb5          Buffer overflow
 DSA-2376         ipmitool        Insecure pid file
 DSA-2377     cyrus-imapd-2.2     Denial of service
 DSA-2380     foomatic-filters    Shell command injection
 DSA-2382      ecryptfs-utils     Multiple issues
 DSA-2383          super          Buffer overflow
 DSA-2384          cacti          Multiple issues
 DSA-2385           pdns          Packet loop
 DSA-2386         openttd         Multiple issues
 DSA-2388          t1lib          Multiple issues
 DSA-2390         openssl         Multiple issues
 DSA-2392         openssl         Out-of-bounds read
 DSA-2394         libxml2         Multiple issues
 DSA-2397           icu           Buffer underflow
 DSA-2398           curl          Multiple issues
 DSA-2399           php5          Multiple issues
 DSA-2400        xulrunner        Multiple issues
 DSA-2403           php5          Code injection
 DSA-2405         apache2         Multiple issues
 DSA-2405     apache2-mpm-itk     Multiple issues

Debian Installer / kernel

  The kernel included in this point release has been updated to
incorporate fixes for a number of security issues. The installer has
been rebuilt to use the new kernel.

Removed packages

  The following packages were removed due to circumstances beyond our

 Package        Reason
qcad       Non-distributable
partlibary Non-distributable


  The complete lists of packages that have changed with this revision:


  The current oldstable distribution:


  Proposed updates to the oldstable distribution:


  Oldstable distribution information (release notes, errata etc.):


  Security announcements and information:


About Debian

  The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information

  For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Version: GnuPG v1.4.12 (GNU/Linux)


Reply to: