[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 16-1] Upcoming Debian GNU/Linux 6.0 Update (6.0.3)

Debian Stable Updates Announcement SUA 16-1        http://www.debian.org/
debian-release@lists.debian.org                              Philipp Kern
October 3rd, 2011

Upcoming Debian GNU/Linux 6.0 Update (6.0.3)

An update to Debian GNU/Linux 6.0 is scheduled for Saturday, October 8th,
2011.  As of now it will include the following bug fixes.  They can be
found in “squeeze-proposed-updates”, which is carried by all official

Please note that packages published through security.debian.org are not
listed, but will be included if possible.  Some of the updates below are
also already available through “squeeze-updates”.

Testing and feedback would be appreciated.  Bugs should be filed in the
Debian Bug Tracking System, but please make the Release Team aware of
them by copying “debian-release@lists.debian.org” on your mails.

The point release will also include a rebuild of debian-installer.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following

  Package                       Reason

  ace                           Rebuild to drop non-distributable files
  akonadi                       Support the use of network-mounted $HOME
  amispammer                    Update service used for discovering the local IP address
  apache2                       Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp; various documentation and init script fixes
  aptitude                      Fix symlink attack in hierarchy editor
  arcboot                       Fix netinstall on IP22 / IP32
  atop                          Insecure use of temporary files
  base-files                    Update /etc/debian_version for the point release
  brltty                        Fix parsing brltty= when not all parameters are provided; setup gconf even if no table was specified
  clamav                        New upstream release; fix off-by-one and "opcode 20 not implemented" errors
  clive                         Adapt for youtube.com changes
  conky                         Fix file overwrite vulnerability
  ctdb                          Fix path to ethtool and activation of httpd service
  debian-installer-utils        Set SUDO_FORCE_REMOVE=yes to allow sudo-ldap to be installed from d-i
  deja-dup                      Explicitly pass environment to subprocesses to ensure correct GPG operation on restores
  dokuwiki                      RSS XSS security fix
  dput                          Update backports configuration to use the new .d.o hosts
  drupal6                       Security fix for XSS in color module
  firmware-nonfree              Add VIA VT6656, Realtek RTL8105E-1 and RTL8168E-1/2/3 firmware
  foo2zjs                       Fix insecure use of temporary file
  freebsd-libs                  Move libsbuf.so.0 and libipx.so.2 to /lib
  freebsd-utils                 Provide config files and init.d script for devd; enable ieee80211 (wireless) in ifconfig
  gajim                         Fix high CPU load on connection
  gdebi                         Try to determine correct localized value for "Y"
  gdm3                          Only show shutdown options when requested; fix double free; only set WINDOWPATH if not NULL; remove beep in PAM dialog patch
  git                           Fix off-by-one parsing commit subjects; prevent deadlock when shallow-cloning; documentation updates
  grub-installer                Allow use of grub-legacy to be pre-seeded (if appropriate)
  grub2                         Handle Xen split-partition disk image devices; ensure uniqueness of RAID array numbers; fix grub-probe detection for ATA devices using `ata' driver on kFreeBSD 9
  heimdal                       Allow DES to be used with NFS
  httpcomponents-client         Fix bug causing Proxy-Authorization header to be passed to target hosts
  ia32-libs                     Refresh packages from stable and security
  ia32-libs-gtk                 Refresh packages from stable and security
  ibid                          Fix various security issues; make the HTTP source work again
  ipmitool                      Fix segfault
  kde4libs                      Prevent marked text being cut when switching documents in kate
  kfreebsd-8                    Fix net802.11 stack kernel memory disclosure (CVE-2011-2480); erge backported if_msk driver from 8-STABLE; re-enable building of some modules
  kfreebsd-kernel-di-amd64      Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
  kfreebsd-kernel-di-i386       Rebuild against kfreebsd-8 8.1+dfsg-8+squeeze1
  krb5                          Permit gss_set_allowable_enctypes to restrict acceptor enctypes, allowing newer clients to use a squeeze nfs server without degrading security for non-NFS applications
  kupfer                        Don't crash if Evolution address book not present
  libpcap                       Fix corruption of snapshot length on live captures; fix device detection when bonding in use
  lintian                       Fix information disclosure issues
  linux-kernel-di-amd64-2.6     Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-armel-2.6     Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-i386-2.6      Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-ia64-2.6      Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-mips-2.6      Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-mipsel-2.6    Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-powerpc-2.6   Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-s390-2.6      Rebuild against linux-2.6 kernel 2.6.32-37
  linux-kernel-di-sparc-2.6     Rebuild against linux-2.6 kernel 2.6.32-37
  mesa                          GLX: suppress BadRequest from DRI2Connect (expected for non-local clients)
  mod-gnutls                    Fix segmentation faults
  nagvis                        Install documentation; properly apply FollowSymlinks; only call ucf if available
  nss-pam-ldapd                 Fix uninitialised memory while parsing the tls_ciphers; fix problem with partial attribute name matches in DN; make all strinumber buffers able to represent 64-bit numbers; treat the "hard" value for tls_reqcert as if it was "demand"
  openarena                     Fix arbitrary code execution by malicious bytecode
  opencv                        Fix install path of opencv-doc; optimise i386 package for i486
  openssh                       Quieten logs when multiple from= restrictions are used in different authorized_keys lines for the same key
  openssl                       Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
  pianobar                      Support XMLRPC API version 31
  pmake                         Fix symlink attack via temporary files
  postgresql-8.4                Fix regression due to 'fix plpgsql's issues with dropped columns in rowtypes in 8.4 branch'
  python-recaptcha              Update URLs for web service move to google.com
  quassel                       Fix DoS via CTCP
  red5                          Add missing dependency on glassfish-javaee
  sbcl                          Fix reference to undefined asdf::split in the asdf-install module
  shelldap                      Exit with a nicer error message if IO::Socket::SSL isn't installed, but the user is requesting SSL/TLS
  system-tools-backends         Properly handle config file rename
  tesseract                     Fix file overwrite vulnerability by disabling xterm-based debug windows
  typo3-src                     Fix cache flooding via improper error handling
  tzdata                        New upstream version
  update-inetd                  Fix breakage with non-default inetd packages
  usbutils                      Update USB ID list; build-depend on libusb2-dev on kFreeBSD
  user-mode-linux               Rebuild against linux-2.6 2.6.32-37
  v86d                          Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS
  vftool                        Fix a buffer overflow in linetoken() in parseAFM.c
  vte                           Fix DoS
  widelands                     Fix network play on official maps (regression introduced by previous update)
  win32-loader                  Add Built-Using header; allow suite-specific versions; document versions of embedded software
  xapian-omega                  Fix escaping issues in templates
  zfsutils                      Update LSB init headers to ensure clean startup/shutdown; add bash-completion script

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


If there are any issues, please don't hesitate to get in touch with the
Debian Release Team at “debian-release@lists.debian.org”.

Attachment: signature.asc
Description: Digital signature

Reply to: