------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.7 released press@debian.org
February 23rd, 2013 http://www.debian.org/News/2013/20130223
------------------------------------------------------------------------
The Debian project is pleased to announce the seventh update of its
stable distribution Debian 6.0 (codename "squeeze"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
Package Reason
apt-show-versions Fix detection of squeeze-updates and
squeeze; update official
distribution list
base-files Update for the point release
bcron Don't allow jobs access to other
jobs' temporary files
bind9 Update IP for "D" root server
bugzilla Add dependency on liburi-perl, used
during package configuration
choose-mirror Update URL for master mirror list
clamav New upstream version
claws-mail Fix NULL pointer dereference
clive Adapt for youtube.com changes
cups Ship cups-files.conf's manpage
dbus Avoid code execution in setuid/
setgid binaries
dbus-glib Fix authentication bypass through
insufficient checks (CVE-2013-0292)
debian-installer Rebuild for 6.0.7
debian-installer-netboot- Rebuild against debian-installer
images 20110106+squeeze4+b3
dtach Properly handle close request
(CVE-2012-3368)
ettercap Fix hosts list parsing (CVE-2013-
0722)
fglrx-driver Fix diversion-related issues with
upgrades from lenny
flashplugin-nonfree Use gpg --verify
fusionforge Lenny to squeeze upgrade fix
gmime2.2 Add Conflicts: libgmime2.2-cil to
fix upgrades from lenny
gzip Avoid using memcpy on overlapping
regions
ia32-libs Update included packages from
stable / security.d.o
ia32-libs-core Update included packages from
stable / security.d.o
kfreebsd-8 Fix CVE-2012-4576: memory access
without proper validation in linux
compat system
libbusiness-onlinepayment- Backport changes to IPPay gateway's
ippay-perl server name and path
libproc-processtable- Fix unsafe temporary file usage
perl (CVE-2011-4363)
libzorpll Add missing Breaks/Replaces:
libzorp2-dev to libzorpll-dev
linux-2.6 Update to stable release 2.6.32.60.
Backport hpsa, isci and megaraid_sas
driver updates. Fix r8169 hangs
linux-kernel-di-amd64- Rebuild against linux-2.6 2.6.32-48
2.6
linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
armel-2.6
linux-kernel-di-i386- Rebuild against linux-2.6 2.6.32-48
2.6
linux-kernel-di-ia64- Rebuild against linux-2.6 2.6.32-48
2.6
linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mips-2.6
linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mipsel-2.6
linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
powerpc-2.6
linux-kernel-di-s390- Rebuild against linux-2.6 2.6.32-48
2.6
linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
sparc-2.6
magpierss Fix upgrade issue
maradns Fix CVE-2012-1570 (deleted domain
record cache persistence flaw)
mediawiki Prevent session fixation in
Special:UserLogin (CVE-2012-5391);
prevent linker regex from exceeding
backtrack limit
moodle Multiple security fixes
nautilus Add Breaks: samba-common (<< 2:3.5)
to fix a lenny to squeeze upgrade
issue
openldap Dump the database in prerm on
upgrades to help upgrades to
releases with newer libdb versions
openssh Improve DoS resistance (CVE-2010-
5107)
pam-pgsql Fix issue with NULL passwords
pam-shield Correctly block IPs when
allow_missing_dns is "no"
perl Fix misparsing of maketext strings
(CVE-2012-6329)
poppler Security fixes; CVE-2010-0206,
CVE-2010-0207, CVE-2012-4653; fix
GooString::insert, correctly
initialise variables
portmidi Fix crash
postgresql-8.4 New upstream micro-release
sdic Move bzip2 from Suggests to Depends
as it is used during installation
snack Fix buffer overflow (CVE-2012-6303)
sphinx Fix incompatibility with jQuery>=
1.4
swath Fix potential buffer overflow in
Mule mode
swi-prolog Fix buffer overruns
ttf-ipafont Fix removal of alternatives
tzdata New upstream version; fix DST for
America/Bahia (Brazil)
unbound Update IP address hints for D.ROOT-
SERVERS.NET
xen Fix clock breakage
xnecview Fix FTBFS on armel
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
Advisory ID Package Correction(s)
DSA-2550 asterisk Multiple issues
DSA-2551 isc-dhcp Denial of service
DSA-2552 tiff Multiple issues
DSA-2553 iceweasel Multiple issues
DSA-2554 iceape Multiple issues
DSA-2555 libxslt Multiple issues
DSA-2556 icedove Multiple issues
DSA-2557 hostapd Denial of service
DSA-2558 bacula Information disclosure
DSA-2559 libexif Multiple issues
DSA-2560 bind9 Denial of service
DSA-2561 tiff Buffer overflow
DSA-2562 cups-pk-helper Privilege escalation
DSA-2563 viewvc Multiple issues
DSA-2564 tinyproxy Denial of service
DSA-2565 iceweasel Multiple issues
DSA-2566 exim4 Heap overflow
DSA-2567 request-tracker3.8 Multiple issues
DSA-2568 rtfm Privilege escalation
DSA-2569 icedove Multiple issues
DSA-2570 openoffice.org Multiple issues
DSA-2571 libproxy Buffer overflow
DSA-2572 iceape Multiple issues
DSA-2573 radsecproxy SSL certificate
verification weakness
DSA-2574 typo3-src Multiple issues
DSA-2575 tiff Heap overflow
DSA-2576 trousers Denial of service
DSA-2577 libssh Multiple issues
DSA-2578 rssh Multiple issues
DSA-2579 apache2 Multiple issues
DSA-2580 libxml2 Buffer overflow
DSA-2582 xen Denial of service
DSA-2583 iceweasel Multiple issues
DSA-2584 iceape Multiple issues
DSA-2585 bogofilter Heap-based buffer
overflow
DSA-2586 perl Multiple issues
DSA-2587 libcgi-pm-perl HTTP header injection
DSA-2588 icedove Multiple issues
DSA-2589 tiff Buffer overflow
DSA-2590 wireshark Multiple issues
DSA-2591 mahara Multiple issues
DSA-2592 elinks Programming error
DSA-2593 moin Multiple issues
DSA-2594 virtualbox-ose Programming error
DSA-2595 ghostscript Buffer overflow
DSA-2596 mediawiki- Cross-site scripting in
extensions RSSReader extension
DSA-2597 rails Input validation error
DSA-2598 weechat Multiple issues
DSA-2599 nss Mis-issued intermediates
DSA-2600 cups Privilege escalation
DSA-2601 gnupg2 Missing input sanitation
DSA-2601 gnupg Missing input sanitation
DSA-2602 zendframework XML external entity
inclusion
DSA-2603 emacs23 Programming error
DSA-2604 rails Insufficient input
validation
DSA-2605 asterisk Multiple issues
DSA-2606 proftpd-dfsg Symlink race
DSA-2607 qemu-kvm Buffer overflow
DSA-2608 qemu Buffer overflow
DSA-2609 rails SQL query manipulation
DSA-2610 ganglia Remote code execution
DSA-2611 movabletype- Multiple issues
opensource
DSA-2612 ircd-ratbox Remote crash
DSA-2613 rails Insufficient input
validation
DSA-2614 libupnp Multiple issues
DSA-2615 libupnp4 Multiple issues
DSA-2616 nagios3 Buffer overflow
vulnerability
DSA-2617 samba Multiple issues
DSA-2618 ircd-hybrid Denial of service
DSA-2619 xen-qemu-dm-4.0 Buffer overflow
DSA-2620 rails Multiple issues
DSA-2621 openssl Multiple issues
DSA-2622 polarssl Multiple issues
DSA-2623 openconnect Buffer overflow
DSA-2624 ffmpeg Multiple issues
DSA-2625 wireshark Multiple issues
DSA-2626 lighttpd Multiple issues
DSA-2627 nginx Information leak
Debian Installer
----------------
The installer has been rebuilt to include the fixes incorporated into
stable by the point release.
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
Package Reason
elmerfem License problems (GPL + non-GPL)
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/squeeze/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates/
stable distribution information (release notes, errata etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.