------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Updated Debian 6.0: 6.0.4 released press@lists.debian.org January 28th, 2012 http://www.debian.org/News/2012/20120128 ------------------------------------------------------------------------ The Debian project is pleased to announce the fourth update of its stable distribution Debian 6.0 (codename "squeeze" ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments to serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason adolc Remove Visual C++ runtime from windows/ directory backuppc Fix data corruption in tarballs due to logging to stdout and two XSS issues base-files Update /etc/debian_version for the point release base-installer Add POWER7 to the powerpc64 family bti Fix identi.ca OAuth URLs bugzilla Security fixes byobu Correct postinst chmod semantics bzip2 Fix CVE-2011-4089 c-ares Fix encoded length for indirect root cherokee Avoid brute-forceable password in cherokee-admin cifs-utils Fix mtab corruption issues clamav New upstream version; fix potential DoS clamz Handle unencrypted amz files cpufrequtils Load powernow-k8 for AMD family 20 (i.e. AMD E-350 cpus); better support 3.0 kernels debian-installer Stop menu falling off the screen debian-installer-netboot-images Update to d-i 20110106+squeeze4 dpkg Add armhf to {os,triplet}table; defer hardlink renames; do not fail to unpack shared directories missing on the file system from packages being replaced by other packages eglibc New upstream stable release plus fixes from stable branch erlang Fix CVE-2011-0766 (cryptographic weakness) in the erlang ssh application etherape Null pointer dereferences gimp Fix printing when used with libcairo version 1.10 or above gnutls26 Fix buffer overflow in gnutls_session_get_data() hplip Fix insecure use of temporary file ia32-libs Update packages ia32-libs-gtk Update packages ifupdown-extra Handle moved location of ethtool; fix handling of "rejects" in static-route; use --tmpdir for temporary files; move /etc/network/network-routes to /e/n/routes; documentation updates iotop Give a helpful error instead of crashing when Linux denies permission to read the taskstats files jabberbot Bind callbacks after the roster has been initialised kernel-wedge Add et131x to nic-extra-modules; add isci to scsi-extra-modules; add xhci-hcd to usb-modules killer Use DNS for mail domain rather than NIS; stop cron job failing when package is removed ldap2zone Don't send mail on success; syslog instead libdata-formvalidator-perl Fix possible passing of invalid data in untaint mode libdebian-installer Detect IBM pSeries platform as powerpc/chrp_ibm libdigest-perl Fix unsafe use of eval in Digest->new() libhtml-template-pro-perl Fix XSS libjifty-dbi-perl SQL injection libmtp Add support for Motorola Xoom devices libpar-packer-perl Fix use of unsafe and predictable temporary directories libpar-perl Fix use of unsafe and predictable temporary directories linux-2.6 Fixes for xen regression, GRO/GSO IPv6 forwarding, ppc vserver; add stable releases 2.6.32.47-54, various fixes; fix tg3 regression; xen fixes linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-armel-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-i386-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-mips-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-s390-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 kernel 2.6.32-41 masqmail Fix improper seteuid() calls mdadm Quieten some cron messages; don't break when no scheduling class is specified or no devices are active; LSB header updates mediawiki Fix unintended exposure of hidden content through cache pollution; disable CVE-2011-4360.patch; doesn't apply to this version and causes errors module-init-tools Support 3.0 kernels multipath-tools Change HP hardware handler to hp_sw; update man pages mutt Fix validation of commonname (gnutls) nfs-utils Allow negotiated enctypes to be limited; avoid corrupting mtab nginx Fix compression pointer processing in DNS response greater than 255 bytes nss-pam-ldapd Correctly parse /etc/nsswitch.conf, detect calling process identity and fix disconnect logic partman-target Stop treating ISO hybrid images on USB sticks as real optical drives pastebinit Fix support for user configuration files pbuilder Rename the /run script from --execute to /runscript, for compatibility with wheezy and later which have /run as a directory replacing /var/run perl Unregister signal handler before destroying my_perl; fixes segfault; minor security fixes phppgadmin Fix XSS pidgin Fix remote crash issues postgresql-8.4 New upstream micro-release pure-ftpd Fix man in the middle attack on encrypted sessions python-debian Allow ":" as the first character of a value python3-defaults Ignore binary files while checking shebangs qemu-kvm Fix NIC hotplug from libvirt quassel Fix missing translations recoll Plug conversion descriptor leak in unac.c::convert() error path rng-tools Work around VIA Nano xstore bug; add 3.0 kernel support rpm Fix malformed header parsing samba Allow using unencrypted passwords with Windows clients with KB2536276 installed shorewall Install missing /usr/share/shorewall/helpers shorewall-lite Install missing /usr/share/shorewall/helpers shorewall6 Install missing /usr/share/shorewall/helpers shorewall6-lite Install missing /usr/share/shorewall/helpers slbackup Fix path to configuration file in the cron job slbackup-php Fix login issues, deal with blanks in filenames, fix last failed timestamp tinyproxy Validate port number specified in configuration tzdata New upstream version; add DST for America/Bahia user-mode-linux Rebuild against linux-source-2.6.32 (2.6.32-41) webkit Avoid doing lots of needless NULL DNS lookups whatsnewfm Handle renaming of freshmeat to freshcode xorg-server GLX: add missing input sanitization; fix a file disclosure vulnerability and a file permission change vulnerability xpdf Fix insecure temporary file usage Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package Correction(s) DSA-2181 subversion Denial of service DSA-2251 subversion Multiple issues DSA-2283 krb5-appl Programming error DSA-2284 opensaml2 Implementation error DSA-2301 rails Multiple issues DSA-2311 openjdk-6 Multiple issues DSA-2315 openoffice.org Multiple issues DSA-2318 cyrus-imapd-2.2 Multiple issues DSA-2322 bugzilla Multiple issues DSA-2323 radvd Multiple issues DSA-2324 wireshark Programming error DSA-2325 kfreebsd-8 Privilege escalation/denial of service DSA-2326 pam Multiple issues DSA-2327 libfcgi-perl Authentication bypass DSA-2328 freetype Missing input sanitising DSA-2329 torque Buffer overflow DSA-2330 simplesamlphp Multiple issues DSA-2331 tor Multiple issues DSA-2332 python-django Multiple issues DSA-2333 phpldapadmin Multiple issues DSA-2334 mahara Multiple issues DSA-2335 man2html Missing input sanitization DSA-2337 xen Multiple issues DSA-2338 moodle Multiple issues DSA-2339 nss Multiple issues DSA-2340 postgresql-8.4 Weak password hashing DSA-2341 iceweasel Multiple issues DSA-2342 iceape Multiple issues DSA-2343 openssl CA trust revocation DSA-2344 python-django-piston Deserialization vulnerability DSA-2345 icedove Multiple issues DSA-2346 proftpd-dfsg Multiple issues DSA-2347 bind9 Improper assert DSA-2348 systemtap Multiple issues DSA-2349 spip Multiple issues DSA-2350 freetype Missing input sanitising DSA-2351 wireshark Buffer overflow DSA-2353 ldns Buffer overflow DSA-2354 cups Multiple issues DSA-2355 clearsilver Format string vulnerability DSA-2356 openjdk-6 Multiple issues DSA-2357 evince Multiple issues DSA-2361 chasen Buffer overflow DSA-2362 acpid Multiple issues DSA-2363 tor Buffer overflow DSA-2364 xorg Incorrect permission check DSA-2366 mediawiki Multiple issues DSA-2367 asterisk Multiple issues DSA-2368 lighttpd Multiple issues DSA-2369 libsoup2.4 Directory traversal DSA-2370 unbound Multiple issues DSA-2371 jasper Buffer overflows DSA-2372 heimdal Buffer overflow DSA-2373 inetutils Buffer overflow DSA-2374 openswan Implementation error DSA-2375 krb5-appl Buffer overflow DSA-2376 ipmitool Insecure pid file DSA-2377 cyrus-imapd-2.2 Denial of service DSA-2378 ffmpeg Multiple issues DSA-2379 krb5 Multiple issues DSA-2380 foomatic-filters Shell command injection DSA-2381 squid3 Invalid memory deallocation DSA-2382 ecryptfs-utils Multiple issues DSA-2383 super Buffer overflow DSA-2384 cacti Multiple issues DSA-2385 pdns Packet loop DSA-2386 openttd Multiple issues DSA-2387 simplesamlphp Cross site scripting DSA-2388 t1lib Multiple issues DSA-2390 openssl Multiple issues DSA-2391 phpmyadmin Multiple issues DSA-2392 openssl Out-of-bounds read DSA-2393 bip Buffer overflow Debian Installer ---------------- The installer has been updated with this point release to add support for installing on POWER7 machines and to adjust the dimensions of the initial boot menu to avoid issues with some screens. The kernel used by the installer has been updated to include various security fixes and to add support for Agere ET-1310-based network cards (et131x driver), Intel C600-series SAS/SATA controllers (isci driver) and USB 3.0 controllers (xhci driver). Removed packages ---------------- The following packages were removed due to circumstances beyond our control: Package Reason partlibrary Non-distributable cad Non-distributable URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/squeeze/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates Stable distribution information (release notes, errata etc.): http://www.debian.org/releases/stable/ Security announcements and information: http://security.debian.org/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: Digital signature