[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.6 released

The Debian Project                                http://www.debian.org/
Updated Debian 6.0: 6.0.6 released                      press@debian.org
September 29th, 2012            http://www.debian.org/News/2012/20120929

The Debian project is pleased to announce the sixth update of its
stable distribution Debian 6.0 (codename "squeeze"). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

	Package 	      			Reason
alpine				Fix crash in embedded UW-IMAP copy
apache2				mod_negotiation - fix CVE-2012-2687; 
				mod_cache - don't cache partial
				connections; read timeouts should 
				result in a 408
automake1.10			Fix CVE-2012-3386
automake1.11			Fix CVE-2012-3386
automake1.7 			Fix CVE-2012-3386
automake1.9 			Fix CVE-2012-3386
base-files			Update /etc/debian_version for the point
checkgmail			Fix GMail authentication issues
clamav				New upstream release
debian-archive-keyring		Add wheezy stable and archive signing
dpkg	      			Ensure a reliable unpack on SELinux
eglibc				Really enable 
				fix FORTIFY_SOURCE format string 
				protection bypass; 
				fix a DoS in RPC implementation
emesene		 		Update contact end-point to 
geshi	       			Fix 'Local File Inclusion Vulnerability
				in contrib script'
gosa	      			Security fix (missing escaping)
ia32-libs		   	Update packages
libconfig-inifiles-perl		Fix insecure temporary file use
libgc	       			Check for integer overflow in internal
				malloc and calloc routines
libmtp				Fix device flags for some devices; add
				support for new devices
libxslt		 		Fix CVE-2011-1202, CVE-2011-3970,
links2				Security fixes
linux-2.6		   	DRM fixes; leap second fix; security 
				fixes; various driver fixes
linux-kernel-di-amd64-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-armel-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-i386-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-ia64-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-mips-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-mipsel-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-powerpc-2.6 	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-s390-2.6	Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-sparc-2.6	Rebuild against linux-2.6 2.6.32-46
lockfile-progs			Ensure the correct PID is used when
				creating lockfiles
mysql-mmm		   	Add dependency on libpath-class-perl
network-manager		 	Stop allowing ad-hoc WPA networks to
				be created; kernel bugs mean they get
				created as open networks
nss-pam-ldapd	       		Support larger gecos values; 
				reliability fixes
nvidia-graphics-drivers		Fix information leak in the kernel 
				module; fix arbitrary memory access
				vulnerability; fix local privilege
				escalation through VGA window 
nvidia-graphics-modules		Rebuild against 195.36.31-6squeeze1
				kernel modules for security fixes;
				rebuild to fix CVE-2012-4225
php-memcached	       		Fix session.gc_maxlifetime handling
plymouth		  	Fix the init script to not fail when
				the package is removed
policyd-weight			Remove rfc-ignorant.org RBLs (due to
				upcoming shutdown) and 
postgresql-common		Do not remove the PID file after
				SIGKILLing the postmaster in the
powertop		  	Fix segfault on newer kernels with 
				large config files
publican		  	Add dependency and build-dependency on
rstatd				Support Linux 3.x kernels
spip	      			Fix base name disclosure; security 
tor 	     			New upstream; fix TLS 1.1/1.2 
				renegotiation with openssl 1.0.1; 
				fix potential DOS; fix two crashes and
				an information disclosure issue
ttb 	    			Add dependency on python-glade2
vte 	     			Fix a memory exhaustion vulnerability
wims	      			Fix installation problem
wireshark		   	Fix crashes in ANSI A detector and 
				pcap / pcap-ng parsers
xserver-xorg-video-intel	UXA/glyphs: fall back instead of 
				crashing on large strings
yaws	      			Fix RNG strength; fix mail config 

Security Updates

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID  	Package			Correction(s)
DSA-2457	iceweasel		Regression fix
DSA-2458	iceape			Regression fix
DSA-2465	php5			Multiple issues
DSA-2466	rails			Cross site scripting
DSA-2467	mahara			Insecure defaults
DSA-2468	libjakarta-poi-java	Unbounded memory allocation
DSA-2470	wordpress		Multiple issues
DSA-2471	ffmpeg			Multiple issues
DSA-2472	gridengine		Privilege escalation
DSA-2473	openoffice.org		Buffer overflow
DSA-2474	ikiwiki			Cross-site scripting
DSA-2475	openssl			Integer underflow	
DSA-2476	pidgin-otr		Format string vulnerability
DSA-2477	sympa			Authorization bypass
DSA-2478	sudo			Parsing error
DSA-2479	libxml2			Off-by-one
DSA-2480	request-tracker3.8	Regression
DSA-2481	arpwatch		Fails to drop supplementary groups
DSA-2482	libgdata		No verification of TLS certificates against system root CA
DSA-2483	strongswan		Authentication bypass
DSA-2484	nut			Denial of service
DSA-2485	imp4			Cross site scripting
DSA-2486	bind9			Denial of service
DSA-2487	openoffice.org		Buffer overflow
DSA-2488	iceweasel		Multiple issues
DSA-2489	iceape			Multiple issues
DSA-2490	nss			Denial of service
DSA-2491	postgresql-8.4		Multiple issues
DSA-2492	php5			Buffer overflow
DSA-2493	asterisk		Denial of service
DSA-2494	ffmpeg			Multiple issues
DSA-2495	openconnect		Buffer overflow
DSA-2497	quagga			Denial of service
DSA-2498	dhcpcd			Remote stack overflow
DSA-2499	icedove			Multiple issues
DSA-2500	mantis			Multiple issues
DSA-2501	xen			Multiple issues
DSA-2502	python-crypto		Programming error
DSA-2503	bcfg2			Shell command injection
DSA-2504	libspring-2.5-java	Information disclosure
DSA-2505	zendframework		Information disclosure
DSA-2506	libapache-mod-security	Modsecurity bypass
DSA-2507	openjdk-6		Multiple issues
DSA-2508	kfreebsd-8		Privilege escalation
DSA-2509	pidgin			Remote code execution
DSA-2510	extplorer		Cross-site request forgery
DSA-2511	puppet			Multiple issues
DSA-2512	mono			Missing input sanitising
DSA-2513	iceape			Multiple issues
DSA-2514	iceweasel		Multiple issues
DSA-2515	nsd3			Null pointer dereference
DSA-2516	isc-dhcp		Denial of service
DSA-2517	bind9			Denial of service
DSA-2518	krb5			Denial of service
DSA-2519	isc-dhcp		Denial of service
DSA-2520	openoffice.org		Multiple heap-based buffer overflows
DSA-2521	libxml2			Integer overflows
DSA-2522	fckeditor		Cross site scripting
DSA-2523	globus-gridftp-server	Programming error
DSA-2524	openttd			Multiple issues
DSA-2525	expat			Multiple issues
DSA-2526	libotr			Buffer overflow
DSA-2527	php5			Multiple issues
DSA-2528	icedove			Multiple issues
DSA-2529	python-django		Multiple issues
DSA-2530	rssh			Shell command injection
DSA-2531	xen			Denial of service
DSA-2532	libapache2-mod-rpaf	Denial of service
DSA-2533	pcp			Multiple issues
DSA-2534	postgresql-8.4		Multiple issues
DSA-2535	rtfm			Cross-site scripting
DSA-2536	otrs2			Cross-site scripting
DSA-2537	typo3-src		Multiple issues
DSA-2538	moin			Privilege escalation
DSA-2539	zabbix			SQL injection
DSA-2540	mahara			Cross-site scripting
DSA-2541	beaker			Information disclosure
DSA-2542	qemu-kvm		Multiple issues
DSA-2543	xen-qemu-dm-4.0		Multiple issues
DSA-2544	xen			Denial of service
DSA-2545	qemu			Multiple issues
DSA-2546	freeradius		Code execution
DSA-2547	bind9			Improper assert
DSA-2548	tor			Multiple issues
DSA-2549	devscripts		Multiple issues

Debian Installer

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

Removed packages
The following packages were removed due to circumstances beyond our

Package 	      Reason
blockade	  Non-distributable data files
kcheckgmail 	  Unmaintained; broken by Google changes
libtrash	  Unmaintained; broken

The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Attachment: signature.asc
Description: Digital signature

Reply to: