[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.5 released

Hash: SHA256

- ------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Updated Debian 6.0: 6.0.5 released                press@lists.debian.org
May 12th, 2012                  http://www.debian.org/News/2012/20120512
- ------------------------------------------------------------------------

The Debian project is pleased to announce the fifth update of its
stable distribution Debian 6.0 (codename `squeeze'). This update mainly
adds corrections for security problems to the stable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.

Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

          Package                             Reason
acpid                       Really fix CVE-2011-1159
                            Fix apr_file_trunc() bug which could lead
apr                         to Subversion repository corruption in some
                            rare cases
at                          Create hardlink as priviledged user for
                            compatibility with later kernels
base-files                  Update /etc/debian_version for the point
brltty                      Fix support for large esys/iris displays
clive                       Adapt for youtube.com changes
ecl                         Remove broken postrm script
                            Fix resolving issues with broken servers
                            returning NOTIMP or FORMERR to AAAA
eglibc                      queries; fix integer overflow in timezone
                            code; local/manpages/gai.conf.5: update
                            from latest RedHat version
evolution-data-server       Make e_book_get_changes() actually return
                            Lock server's executeCmd to prevent racing
fail2ban                    among iptables calls; fix insecure creation
                            of tempfiles
foomatic-filters            Fix insecure temporary file use in renderer
                            command line
giplet                      Use checkip.dyndns.org instead of the no
                            longer suitable www.whatismyip.org
gnusound                    Fix format string security issue
gosa                        Fix DHCP host removal and user generator
                            Unicode character transliteration
highlight                   Remove broken postrm
json-glib                   Fix serialization of doubles
kdeutils                    Fix directory traversal in Ark
keepalived                  Set correct permissions on pid file
laptop-mode-tools           Add support for 3.x kernels
libcgicc                    Install pkg-config file to the correct
                            Fix passive grabs; handle unknown device
libxi                       classes; fill in mods/group->effective in
linux-2.6                   Add longterm releases[5-9]
linux-kernel-di-amd64-2.6   Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-armel-2.6   Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-i386-2.6    Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-ia64-2.6    Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-mips-2.6    Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-mipsel-2.6  Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-s390-2.6    Rebuild against linux-2.6 2.6.32-45
linux-kernel-di-sparc-2.6   Rebuild against linux-2.6 2.6.32-45
netselect                   Robustness and documentation fixes; handle
                            mirror lists with embedded attributes
openssh                     Fix information disclosure regarding forced
                            commands via debug messages
openvpn                     Fix /sbin/route calls on kFreeBSD
php-memcache                Fix cache delete bug, when deleting objects
                            from memcached 1.4.4+
php-memcached               Fix double free in getServerByKey()
phppgadmin                  Fix XSS in function.php
                            Fix race condition when reading from /proc
policykit-1                 which allows local users to gain root
                            privileges by executing a setuid program
                            from pkexec
procps                      Support 3.X kernels
pyspf                       Correctly process CNAMEs in SPF records
python-defaults             Correctly remove /var/lib/python/
python-virtualenv           Fix insecure temp file handling
rott                        Fallback to downloading shareware data
                            files from pkg-games.alioth.debian.org
sks                         Use standards-compliant POSTs
sysvinit                    Enable use of either rpcbind or portmap for
texlive-base                Don't try to repair a missing
                            pdftexconfig.tex in preinst
                            Rate-limit getstatus and rcon
tremulous                   connectionless packets, to avoid their use
                            for traffic amplification; fix several
                            security bugs; disable auto-downloading
tzdata                      New upstream version
wicd                        Fix local privilege escalation,
xfce4-weather-plugin        Update service key to restore access to
yapra                       Add ruby1.8 build-dependency to fix broken
                            build in clean environment

Security Updates

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID        Package                  Correction(s)
 DSA-2321            moin          Cross-site scripting
 DSA-2352           puppet         Programming error
 DSA-2359          mojarra         EL injection
 DSA-2394          libxml2         Multiple issues
 DSA-2395         wireshark        Buffer underflow
 DSA-2396          qemu-kvm        Buffer underflow
 DSA-2397            icu           Buffer underflow
 DSA-2398            curl          Multiple issues
 DSA-2399            php5          Multiple issues
 DSA-2400         iceweasel        Multiple issues
 DSA-2401          tomcat6         Multiple issues
 DSA-2402           iceape         Multiple issues
 DSA-2403            php5          Code injection
 DSA-2404      xen-qemu-dm-4.0     Buffer overflow
 DSA-2405          apache2         Multiple issues
 DSA-2406          icedove         Multiple issues
 DSA-2407            cvs           Heap overflow
 DSA-2408            php5          Multiple issues
 DSA-2409         devscripts       Multiple issues
 DSA-2410           libpng         Integer overflow
 DSA-2411           mumble         Information disclosure
 DSA-2412         libvorbis        Buffer overflow
 DSA-2413         libarchive       Buffer overflows
 DSA-2414            fex           Insufficient input sanitization
 DSA-2415         libmodplug       Multiple issues
 DSA-2416          notmuch         Information disclosure
 DSA-2417          libxml2         Denial of service
 DSA-2418       postgresql-8.4     Multiple issues
 DSA-2419           puppet         Multiple issues
 DSA-2420         openjdk-6        Multiple issues
 DSA-2421           moodle         Multiple issues
 DSA-2422            file          Missing bounds check
 DSA-2423   movabletype-opensource Multiple issues
 DSA-2424      libxml-atom-perl    XML entity expansion
 DSA-2425            plib          Buffer overflow
 DSA-2426            gimp          Multiple issues
 DSA-2427        imagemagick       Multiple issues
 DSA-2428          freetype        Multiple issues
 DSA-2430         python-pam       Double free
 DSA-2431       libdbd-pg-perl     Format string vulnerabilities
 DSA-2432    libyaml-libyaml-perl  Format string vulnerability
 DSA-2433         iceweasel        Multiple issues
 DSA-2434           nginx          Sensitive information leak
 DSA-2435           gnash          Multiple issues
 DSA-2436    libapache2-mod-fcgid  Inactive resource limits
 DSA-2437          icedove         Multiple issues
 DSA-2438           raptor         Programming error
 DSA-2439           libpng         Buffer overflow
 DSA-2440         libtasn1-3       Integer overflow
 DSA-2441          gnutls26        Missing bounds check
 DSA-2442         openarena        UDP traffic amplification
 DSA-2443         linux-2.6        Multiple issues
 DSA-2443      user-mode-linux     Multiple issues
 DSA-2444       tryton-server      Privilege escalation
 DSA-2445         typo3-src        Multiple issues
 DSA-2446           libpng         Incorrect memory handling
 DSA-2447            tiff          Integer overflow
 DSA-2448          inspircd        Buffer overflow
 DSA-2449         sqlalchemy       Missing input sanitization
 DSA-2450           samba          Privilege escalation
 DSA-2451           puppet         Multiple issues
 DSA-2452          apache2         Insecure default configuration
 DSA-2453           gajim          Multiple issues
 DSA-2454          openssl         Multiple issues
 DSA-2455         typo3-src        Cross site scripting
 DSA-2456          dropbear        Use after free
 DSA-2457         iceweasel        Multiple issues
 DSA-2458           iceape         Multiple issues
 DSA-2459           quagga         Multiple issues
 DSA-2460          asterisk        Multiple issues
 DSA-2461            spip          Multiple issues
 DSA-2462        imagemagick       Multiple issues
 DSA-2463           samba          Missing permission checks
 DSA-2464          icedove         Multiple issues

Debian Installer

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information

For further information, please visit the Debian web pages at http://
www.debian.org/, send mail to <press@debian.org>, or contact the stable
release team at <debian-release@lists.debian.org>.

Version: GnuPG v1.4.12 (GNU/Linux)


Reply to: