[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.7 released

The Debian Project                                http://www.debian.org/
Updated Debian 6.0: 6.0.7 released                      press@debian.org
February 23rd, 2013             http://www.debian.org/News/2013/20130223

The Debian project is pleased to announce the seventh update of its
stable distribution Debian 6.0 (codename "squeeze"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

 Package                       Reason                               

 apt-show-versions             Fix detection of squeeze-updates and 
                               squeeze; update official             
                               distribution list                    
 base-files                    Update for the point release         
 bcron                         Don't allow jobs access to other     
                               jobs' temporary files                
 bind9                         Update IP for  "D"  root server      
 bugzilla                      Add dependency on liburi-perl, used  
                               during package configuration         
 choose-mirror                 Update URL for master mirror list    
 clamav                        New upstream version                 
 claws-mail                    Fix NULL pointer dereference         
 clive                         Adapt for youtube.com changes        
 cups                          Ship cups-files.conf's manpage       
 dbus                          Avoid code execution in setuid/      
                               setgid binaries                      
 dbus-glib                     Fix authentication bypass through    
                               insufficient checks (CVE-2013-0292)  
 debian-installer              Rebuild for 6.0.7                    
 debian-installer-netboot-     Rebuild against debian-installer     
 images                        20110106+squeeze4+b3                 
 dtach                         Properly handle close request        
 ettercap                      Fix hosts list parsing (CVE-2013-    
 fglrx-driver                  Fix diversion-related issues with    
                               upgrades from lenny                  
 flashplugin-nonfree           Use gpg --verify                     
 fusionforge                   Lenny to squeeze upgrade fix         
 gmime2.2                      Add Conflicts: libgmime2.2-cil to    
                               fix upgrades from lenny              
 gzip                          Avoid using memcpy on overlapping    
 ia32-libs                     Update included packages from        
                               stable / security.d.o                
 ia32-libs-core                Update included packages from        
                               stable / security.d.o                
 kfreebsd-8                    Fix CVE-2012-4576: memory access     
                               without proper validation in linux   
                               compat system                        
 libbusiness-onlinepayment-    Backport changes to IPPay gateway's  
 ippay-perl                    server name and path                 
 libproc-processtable-         Fix unsafe temporary file usage      
 perl                          (CVE-2011-4363)                      
 libzorpll                     Add missing Breaks/Replaces:         
                               libzorp2-dev to libzorpll-dev        
 linux-2.6                     Update to stable release  
                               Backport hpsa, isci and megaraid_sas 
                               driver updates. Fix r8169 hangs      
 linux-kernel-di-amd64-        Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-              Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-i386-         Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-ia64-         Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-              Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-              Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-              Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-s390-         Rebuild against linux-2.6 2.6.32-48  
 linux-kernel-di-              Rebuild against linux-2.6 2.6.32-48  
 magpierss                     Fix upgrade issue                    
 maradns                       Fix CVE-2012-1570 (deleted domain    
                               record cache persistence flaw)       
 mediawiki                     Prevent session fixation in          
                               Special:UserLogin (CVE-2012-5391);   
                               prevent linker regex from exceeding  
                               backtrack limit                      
 moodle                        Multiple security fixes              
 nautilus                      Add Breaks: samba-common (<< 2:3.5)  
                               to fix a lenny to squeeze upgrade    
 openldap                      Dump the database in prerm on        
                               upgrades to help upgrades to         
                               releases with newer libdb versions   
 openssh                       Improve DoS resistance (CVE-2010-    
 pam-pgsql                     Fix issue with NULL passwords        
 pam-shield                    Correctly block IPs when             
                               allow_missing_dns is  "no"           
 perl                          Fix misparsing of maketext strings   
 poppler                       Security fixes; CVE-2010-0206,       
                               CVE-2010-0207, CVE-2012-4653; fix    
                               GooString::insert, correctly         
                               initialise variables                 
 portmidi                      Fix crash                            
 postgresql-8.4                New upstream micro-release           
 sdic                          Move bzip2 from Suggests to Depends  
                               as it is used during installation    
 snack                         Fix buffer overflow (CVE-2012-6303)  
 sphinx                        Fix incompatibility with jQuery>=    
 swath                         Fix potential buffer overflow in     
                               Mule mode                            
 swi-prolog                    Fix buffer overruns                  
 ttf-ipafont                   Fix removal of alternatives          
 tzdata                        New upstream version; fix DST for    
                               America/Bahia (Brazil)               
 unbound                       Update IP address hints for D.ROOT-  
 xen                           Fix clock breakage                   
 xnecview                      Fix FTBFS on armel                   

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

 Advisory ID     Package         Correction(s)             
 DSA-2550    asterisk            Multiple issues           
 DSA-2551    isc-dhcp            Denial of service         
 DSA-2552    tiff                Multiple issues           
 DSA-2553    iceweasel           Multiple issues           
 DSA-2554    iceape              Multiple issues           
 DSA-2555    libxslt             Multiple issues           
 DSA-2556    icedove             Multiple issues           
 DSA-2557    hostapd             Denial of service         
 DSA-2558    bacula              Information disclosure    
 DSA-2559    libexif             Multiple issues           
 DSA-2560    bind9               Denial of service         
 DSA-2561    tiff                Buffer overflow           
 DSA-2562    cups-pk-helper      Privilege escalation      
 DSA-2563    viewvc              Multiple issues           
 DSA-2564    tinyproxy           Denial of service         
 DSA-2565    iceweasel           Multiple issues           
 DSA-2566    exim4               Heap overflow             
 DSA-2567    request-tracker3.8  Multiple issues           
 DSA-2568    rtfm                Privilege escalation      
 DSA-2569    icedove             Multiple issues           
 DSA-2570   openoffice.org       Multiple issues           
 DSA-2571   libproxy             Buffer overflow           
 DSA-2572   iceape               Multiple issues           
 DSA-2573   radsecproxy          SSL certificate           
                                 verification weakness     
 DSA-2574   typo3-src            Multiple issues           
 DSA-2575   tiff                 Heap overflow             
 DSA-2576   trousers             Denial of service         
 DSA-2577   libssh               Multiple issues           
 DSA-2578   rssh                 Multiple issues           
 DSA-2579   apache2              Multiple issues           
 DSA-2580   libxml2              Buffer overflow           
 DSA-2582   xen                  Denial of service         
 DSA-2583   iceweasel            Multiple issues           
 DSA-2584   iceape               Multiple issues           
 DSA-2585   bogofilter           Heap-based buffer         
 DSA-2586   perl                 Multiple issues           
 DSA-2587   libcgi-pm-perl       HTTP header injection     
 DSA-2588   icedove              Multiple issues           
 DSA-2589   tiff                 Buffer overflow           
 DSA-2590   wireshark            Multiple issues           
 DSA-2591   mahara               Multiple issues           
 DSA-2592   elinks               Programming error         
 DSA-2593   moin                 Multiple issues           
 DSA-2594   virtualbox-ose       Programming error         
 DSA-2595   ghostscript          Buffer overflow           
 DSA-2596   mediawiki-           Cross-site scripting in   
                 extensions      RSSReader extension       
 DSA-2597   rails                Input validation error    
 DSA-2598   weechat              Multiple issues           
 DSA-2599   nss                  Mis-issued intermediates  
 DSA-2600   cups                 Privilege escalation      
 DSA-2601   gnupg2               Missing input sanitation  
 DSA-2601   gnupg                Missing input sanitation  
 DSA-2602   zendframework        XML external entity       
 DSA-2603   emacs23              Programming error         
 DSA-2604   rails                Insufficient input        
 DSA-2605   asterisk             Multiple issues           
 DSA-2606   proftpd-dfsg         Symlink race              
 DSA-2607   qemu-kvm             Buffer overflow           
 DSA-2608   qemu                 Buffer overflow           
 DSA-2609   rails                SQL query manipulation    
 DSA-2610   ganglia              Remote code execution     
 DSA-2611   movabletype-         Multiple issues           
 DSA-2612   ircd-ratbox          Remote crash              
 DSA-2613   rails                Insufficient input        
 DSA-2614   libupnp              Multiple issues           
 DSA-2615   libupnp4             Multiple issues           
 DSA-2616   nagios3              Buffer overflow           
 DSA-2617   samba                Multiple issues           
 DSA-2618   ircd-hybrid          Denial of service         
 DSA-2619   xen-qemu-dm-4.0      Buffer overflow           
 DSA-2620   rails                Multiple issues           
 DSA-2621   openssl              Multiple issues           
 DSA-2622   polarssl             Multiple issues           
 DSA-2623   openconnect          Buffer overflow           
 DSA-2624   ffmpeg               Multiple issues           
 DSA-2625   wireshark            Multiple issues           
 DSA-2626   lighttpd             Multiple issues           
 DSA-2627   nginx                Information leak          

Debian Installer

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

Removed packages

The following packages were removed due to circumstances beyond our

 Package         Reason                           

 elmerfem   	License problems (GPL + non-GPL) 


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


stable distribution information (release notes, errata etc.):


Security announcements and information:

http://security.debian.org/ ;

About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Attachment: signature.asc
Description: Digital signature

Reply to: