[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 6.0: 6.0.8 released

The Debian Project                                http://www.debian.org/
Updated Debian 6.0: 6.0.8 released                      press@debian.org
October 20th, 2013              http://www.debian.org/News/2013/20131020

The Debian project is pleased to announce the eighth update of its
oldstable distribution Debian 6.0 (codename `squeeze'). This update
mainly adds corrections for security problems to the oldstable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away old `squeeze' CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

Package                  Reason
base-files               Update version for point release
clamav                   New upstream release; security fixes
dpkg-ruby                Close files once they're parsed, preventing trouble on
gdm3                     Fix potential security issue with partial upgrades to
graphviz                 Use system ltdl
grep                     Fix CVE-2012-5667
ia32-libs                Update included packages from oldstable / security.d.o
ia32-libs-gtk            Update included packages from oldstable / security.d.o
inform                   Remove broken calls to update-alternatives
ldap2dns                 Do not unnecessarily include /usr/share/debconf/
                         confmodule in postinst
libapache-mod-security   Fix NULL pointer dereference. CVE-2013-2765
libmodule-signature-perl CVE-2013-2145: Fixes arbitrary code execution when
                         verifying SIGNATURE
libopenid-ruby           Fix CVE-2013-1812
libspf2                  IPv6 fixes
lm-sensors-3             Skip probing for EDID or graphics cards, as it might
                         cause hardware issues
moin                     Do not create empty pagedir (with empty edit-log)
net-snmp                 Fix CVE-2012-2141
openssh                  Fix potential int overflow when using gssapi-with-mac
                         authentication (CVE-2011-5000)
openvpn                  Fix use of non-constant-time memcmp in HMAC
                         comparison. CVE-2013-2061
pcp                      Fix insecure tempfile handling
pigz                     Use more restrictive permissions for in-progress files
policyd-weight           Remove shut-down njabl DNSBL
pyopencl                 Remove non-free file from examples
                         Use a better random number generator to prevent
pyrad                    predictable password hashing and packet IDs
python-qt4               Fix crash in uic file with radio buttons
request-tracker3.8       Move non-cache data to /var/lib
samba                    Fix CVE-2013-4124: Denial of service - CPU loop and
                         memory allocation
smarty                   Fix CVE-2012-4437
spamassassin             Remove shut-down njabl DNSBL; fix RCVD_ILLEGAL_IP to
                         not consider as invalid
sympa                    Fix endless loop in wwsympa while loading session data
                         including metacharacters
texlive-extra            Fix predictable temp file names in latex2man
tntnet                   Fix insecure default tntnet.conf
tzdata                   New upstream version
wv2                      Really remove src/generator/generator_wword{6,8}.htm
xorg-server              Link against -lbsd on kfreebsd to make MIT-SHM work
                         with non-world-accessible segments
xview                    Fix alternatives handling
                         Fix SQL injection, zabbix_agentd DoS, possible path
zabbix                   disclosure, field name parameter checking bypass,
                         ability to override LDAP configuration when calling
                         user.login via API

Security Updates

This revision adds the following security updates to the oldstable release. The
Security Team has already released an advisory for each of these updates:

Advisory ID            Package                 Correction(s)
DSA-2628             nss-pam-ldapd             Buffer overflow
DSA-2629               openjpeg                Multiple issues
DSA-2630            postgresql-8.4             Programming error
DSA-2631                squid3                 Denial of service
DSA-2632            user-mode-linux            Multiple issues
DSA-2632               linux-2.6               Multiple issues
DSA-2633              fusionforge              Privilege escalation
DSA-2634             python-django             Multiple issues
DSA-2635               cfingerd                Buffer overflow
DSA-2636                  xen                  Multiple issues
DSA-2637                apache2                Multiple issues
DSA-2638                openafs                Buffer overflow
DSA-2639                 php5                  Multiple issues
DSA-2640              zoneminder               Multiple issues
DSA-2641                 perl                  Rehashing flaw
DSA-2641         libapache2-mod-perl2          FTBFS with updated perl
DSA-2642                 sudo                  Multiple issues
DSA-2643                puppet                 Multiple issues
DSA-2644               wireshark               Multiple issues
DSA-2645               inetutils               Denial of service
DSA-2646               typo3-src               Multiple issues
DSA-2647              firebird2.1              Buffer overflow
DSA-2648              firebird2.5              Multiple issues
DSA-2649               lighttpd                Fixed socket name in
                                               world-writable directory
DSA-2650                libvirt                Files and device nodes ownership
                                               change to kvm group
DSA-2651               smokeping               Cross-site scripting
DSA-2652                libxml2                External entity expansion
DSA-2653                icinga                 Buffer overflow
DSA-2654                libxslt                Denial of service
DSA-2655                 rails                 Multiple issues
DSA-2656                 bind9                 Denial of service
DSA-2657            postgresql-8.4             Guessable random numbers
DSA-2659        libapache-mod-security         XML external entity processing
DSA-2660                 curl                  Cookie leak vulnerability
DSA-2661              xorg-server              Information disclosure
DSA-2662                  xen                  Multiple issues
DSA-2663                 tinc                  Stack based buffer overflow
DSA-2664               stunnel4                Buffer overflow
DSA-2665              strongswan               Authentication bypass
DSA-2666                  xen                  Multiple issues
DSA-2668               linux-2.6               Multiple issues
DSA-2668            user-mode-linux            Multiple issues
DSA-2670          request-tracker3.8           Multiple issues
DSA-2673                libdmx                 Multiple issues
DSA-2674                 libxv                 Multiple issues
DSA-2675                libxvmc                Multiple issues
DSA-2676               libxfixes               Multiple issues
DSA-2677              libxrender               Multiple issues
DSA-2678                 mesa                  Multiple issues
DSA-2679    xserver-xorg-video-openchrome      Multiple issues
DSA-2680                 libxt                 Multiple issues
DSA-2681              libxcursor               Multiple issues
DSA-2682                libxext                Multiple issues
DSA-2683                 libxi                 Multiple issues
DSA-2684               libxrandr               Multiple issues
DSA-2685                 libxp                 Multiple issues
DSA-2686                libxcb                 Multiple issues
DSA-2687                 libfs                 Multiple issues
DSA-2688                libxres                Multiple issues
DSA-2689                libxtst                Multiple issues
DSA-2690              libxxf86dga              Multiple issues
DSA-2691              libxinerama              Multiple issues
DSA-2692              libxxf86vm               Multiple issues
DSA-2693                libx11                 Multiple issues
DSA-2694                 spip                  Privilege escalation
DSA-2698                 tiff                  Buffer overflow
DSA-2701                 krb5                  Denial of service
DSA-2702           telepathy-gabble            TLS verification bypass
DSA-2703              subversion               Multiple issues
DSA-2708               fail2ban                Denial of service
DSA-2710            xml-security-c             Multiple issues
DSA-2711                haproxy                Multiple issues
DSA-2713                 curl                  Heap overflow
DSA-2715                puppet                 Code execution
DSA-2717            xml-security-c             Heap overflow
DSA-2718               wordpress               Multiple issues
DSA-2719                poppler                Multiple issues
DSA-2723                 php5                  Heap corruption
DSA-2725                tomcat6                Multiple issues
DSA-2726              php-radius               Buffer overflow
DSA-2727               openjdk-6               Multiple issues
DSA-2728                 bind9                 Denial of service
DSA-2729                openafs                Multiple issues
DSA-2730                 gnupg                 Information leak
DSA-2731              libgcrypt11              Information leak
DSA-2733                 otrs2                 SQL injection
DSA-2734               wireshark               Multiple issues
DSA-2736                 putty                 Multiple issues
DSA-2739                 cacti                 Multiple issues
DSA-2740             python-django             Cross-site scripting
DSA-2742                 php5                  Interpretation conflict
DSA-2744                 tiff                  Multiple issues
DSA-2747                 cacti                 Multiple issues
DSA-2748              exactimage               Denial of service
DSA-2749               asterisk                Multiple issues
DSA-2751              libmodplug               Multiple issues
DSA-2752                phpbb3                 Too wide permissions
DSA-2753               mediawiki               Cross-site request forgery token
DSA-2754              exactimage               Denial of service
DSA-2755             python-django             Directory traversal
DSA-2756               wireshark               Multiple issues
DSA-2758             python-django             Denial of service
DSA-2760                chrony                 Multiple issues
DSA-2763               pyopenssl               Hostname check bypassing
DSA-2766            user-mode-linux            Multiple issues
DSA-2766               linux-2.6               Multiple issues
DSA-2767             proftpd-dfsg              Denial of service
DSA-2770                torque                 Authentication bypass
DSA-2773                 gnupg                 Multiple issues
DSA-2775               ejabberd                Insecure SSL usage
DSA-2776                drupal6                Multiple issues
DSA-2778         libapache2-mod-fcgid          Heap-based buffer overflow

Removed packages

The following packages were removed due to circumstances beyond our control:

Package            Reason
irssi-plugin-otr   Security issues
libpam-rsa         Broken, causes security problems

Debian Installer

The installer has been rebuilt to include the fixes incorporated into oldstable
by the point release.


The complete lists of packages that have changed with this revision:


The current oldstable distribution:


Proposed updates to the oldstable distribution:


oldstable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer
their time and effort in order to produce the completely free operating system

Contact Information

For further information, please visit the Debian web pages at http://
www.debian.org/, send mail to <press@debian.org>, or contact the stable release
team at <debian-release@lists.debian.org>.

Reply to: