------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.4 released press@lists.debian.org
January 28th, 2012 http://www.debian.org/News/2012/20120128
------------------------------------------------------------------------
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 6.0 (codename "squeeze" ). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustments to serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
adolc Remove Visual C++ runtime from windows/
directory
backuppc Fix data corruption in tarballs due to
logging to stdout and two XSS issues
base-files Update /etc/debian_version for the
point release
base-installer Add POWER7 to the powerpc64 family
bti Fix identi.ca OAuth URLs
bugzilla Security fixes
byobu Correct postinst chmod semantics
bzip2 Fix CVE-2011-4089
c-ares Fix encoded length for indirect root
cherokee Avoid brute-forceable password in
cherokee-admin
cifs-utils Fix mtab corruption issues
clamav New upstream version; fix potential DoS
clamz Handle unencrypted amz files
cpufrequtils Load powernow-k8 for AMD family 20
(i.e. AMD E-350 cpus); better support
3.0 kernels
debian-installer Stop menu falling off the screen
debian-installer-netboot-images Update to d-i 20110106+squeeze4
dpkg Add armhf to {os,triplet}table; defer
hardlink renames; do not fail to unpack
shared directories missing on the file
system from packages being replaced by
other packages
eglibc New upstream stable release plus fixes
from stable branch
erlang Fix CVE-2011-0766 (cryptographic
weakness) in the erlang ssh application
etherape Null pointer dereferences
gimp Fix printing when used with libcairo
version 1.10 or above
gnutls26 Fix buffer overflow in
gnutls_session_get_data()
hplip Fix insecure use of temporary file
ia32-libs Update packages
ia32-libs-gtk Update packages
ifupdown-extra Handle moved location of ethtool; fix
handling of "rejects" in static-route;
use --tmpdir for temporary files; move
/etc/network/network-routes to
/e/n/routes; documentation updates
iotop Give a helpful error instead of
crashing when Linux denies permission
to read the taskstats files
jabberbot Bind callbacks after the roster has
been initialised
kernel-wedge Add et131x to nic-extra-modules; add
isci to scsi-extra-modules; add
xhci-hcd to usb-modules
killer Use DNS for mail domain rather than
NIS; stop cron job failing when package
is removed
ldap2zone Don't send mail on success; syslog
instead
libdata-formvalidator-perl Fix possible passing of invalid data in
untaint mode
libdebian-installer Detect IBM pSeries platform as
powerpc/chrp_ibm
libdigest-perl Fix unsafe use of eval in Digest->new()
libhtml-template-pro-perl Fix XSS
libjifty-dbi-perl SQL injection
libmtp Add support for Motorola Xoom devices
libpar-packer-perl Fix use of unsafe and predictable
temporary directories
libpar-perl Fix use of unsafe and predictable
temporary directories
linux-2.6 Fixes for xen regression, GRO/GSO IPv6
forwarding, ppc vserver; add stable
releases 2.6.32.47-54, various fixes;
fix tg3 regression; xen fixes
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
masqmail Fix improper seteuid() calls
mdadm Quieten some cron messages; don't break
when no scheduling class is specified
or no devices are active; LSB header
updates
mediawiki Fix unintended exposure of hidden
content through cache pollution;
disable CVE-2011-4360.patch; doesn't
apply to this version and causes errors
module-init-tools Support 3.0 kernels
multipath-tools Change HP hardware handler to hp_sw;
update man pages
mutt Fix validation of commonname (gnutls)
nfs-utils Allow negotiated enctypes to be limited;
avoid corrupting mtab
nginx Fix compression pointer processing in
DNS response greater than 255 bytes
nss-pam-ldapd Correctly parse /etc/nsswitch.conf,
detect calling process identity and fix
disconnect logic
partman-target Stop treating ISO hybrid images on USB
sticks as real optical drives
pastebinit Fix support for user configuration
files
pbuilder Rename the /run script from --execute
to /runscript, for compatibility with
wheezy and later which have /run as a
directory replacing /var/run
perl Unregister signal handler before
destroying my_perl; fixes segfault;
minor security fixes
phppgadmin Fix XSS
pidgin Fix remote crash issues
postgresql-8.4 New upstream micro-release
pure-ftpd Fix man in the middle attack on
encrypted sessions
python-debian Allow ":" as the first character of a
value
python3-defaults Ignore binary files while checking
shebangs
qemu-kvm Fix NIC hotplug from libvirt
quassel Fix missing translations
recoll Plug conversion descriptor leak in
unac.c::convert() error path
rng-tools Work around VIA Nano xstore bug; add
3.0 kernel support
rpm Fix malformed header parsing
samba Allow using unencrypted passwords with
Windows clients with KB2536276
installed
shorewall Install missing
/usr/share/shorewall/helpers
shorewall-lite Install missing
/usr/share/shorewall/helpers
shorewall6 Install missing
/usr/share/shorewall/helpers
shorewall6-lite Install missing
/usr/share/shorewall/helpers
slbackup Fix path to configuration file in the
cron job
slbackup-php Fix login issues, deal with blanks in
filenames, fix last failed timestamp
tinyproxy Validate port number specified in
configuration
tzdata New upstream version; add DST for
America/Bahia
user-mode-linux Rebuild against linux-source-2.6.32
(2.6.32-41)
webkit Avoid doing lots of needless NULL DNS
lookups
whatsnewfm Handle renaming of freshmeat
to freshcode
xorg-server GLX: add missing input sanitization;
fix a file disclosure vulnerability and
a file permission change vulnerability
xpdf Fix insecure temporary file usage
Security Updates
----------------
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
Advisory ID Package Correction(s)
DSA-2181 subversion Denial of service
DSA-2251 subversion Multiple issues
DSA-2283 krb5-appl Programming error
DSA-2284 opensaml2 Implementation error
DSA-2301 rails Multiple issues
DSA-2311 openjdk-6 Multiple issues
DSA-2315 openoffice.org Multiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2322 bugzilla Multiple issues
DSA-2323 radvd Multiple issues
DSA-2324 wireshark Programming error
DSA-2325 kfreebsd-8 Privilege escalation/denial
of service
DSA-2326 pam Multiple issues
DSA-2327 libfcgi-perl Authentication bypass
DSA-2328 freetype Missing input sanitising
DSA-2329 torque Buffer overflow
DSA-2330 simplesamlphp Multiple issues
DSA-2331 tor Multiple issues
DSA-2332 python-django Multiple issues
DSA-2333 phpldapadmin Multiple issues
DSA-2334 mahara Multiple issues
DSA-2335 man2html Missing input sanitization
DSA-2337 xen Multiple issues
DSA-2338 moodle Multiple issues
DSA-2339 nss Multiple issues
DSA-2340 postgresql-8.4 Weak password hashing
DSA-2341 iceweasel Multiple issues
DSA-2342 iceape Multiple issues
DSA-2343 openssl CA trust revocation
DSA-2344 python-django-piston Deserialization vulnerability
DSA-2345 icedove Multiple issues
DSA-2346 proftpd-dfsg Multiple issues
DSA-2347 bind9 Improper assert
DSA-2348 systemtap Multiple issues
DSA-2349 spip Multiple issues
DSA-2350 freetype Missing input sanitising
DSA-2351 wireshark Buffer overflow
DSA-2353 ldns Buffer overflow
DSA-2354 cups Multiple issues
DSA-2355 clearsilver Format string vulnerability
DSA-2356 openjdk-6 Multiple issues
DSA-2357 evince Multiple issues
DSA-2361 chasen Buffer overflow
DSA-2362 acpid Multiple issues
DSA-2363 tor Buffer overflow
DSA-2364 xorg Incorrect permission check
DSA-2366 mediawiki Multiple issues
DSA-2367 asterisk Multiple issues
DSA-2368 lighttpd Multiple issues
DSA-2369 libsoup2.4 Directory traversal
DSA-2370 unbound Multiple issues
DSA-2371 jasper Buffer overflows
DSA-2372 heimdal Buffer overflow
DSA-2373 inetutils Buffer overflow
DSA-2374 openswan Implementation error
DSA-2375 krb5-appl Buffer overflow
DSA-2376 ipmitool Insecure pid file
DSA-2377 cyrus-imapd-2.2 Denial of service
DSA-2378 ffmpeg Multiple issues
DSA-2379 krb5 Multiple issues
DSA-2380 foomatic-filters Shell command injection
DSA-2381 squid3 Invalid memory deallocation
DSA-2382 ecryptfs-utils Multiple issues
DSA-2383 super Buffer overflow
DSA-2384 cacti Multiple issues
DSA-2385 pdns Packet loop
DSA-2386 openttd Multiple issues
DSA-2387 simplesamlphp Cross site scripting
DSA-2388 t1lib Multiple issues
DSA-2390 openssl Multiple issues
DSA-2391 phpmyadmin Multiple issues
DSA-2392 openssl Out-of-bounds read
DSA-2393 bip Buffer overflow
Debian Installer
----------------
The installer has been updated with this point release to add support
for installing on POWER7 machines and to adjust the dimensions of the
initial boot menu to avoid issues with some screens.
The kernel used by the installer has been updated to include various
security fixes and to add support for Agere ET-1310-based network cards
(et131x driver), Intel C600-series SAS/SATA controllers (isci driver)
and USB 3.0 controllers (xhci driver).
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
partlibrary Non-distributable
cad Non-distributable
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/squeeze/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
Stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: Digital signature