Updated Debian 6.0: 6.0.5 released
May 12th, 2012
The Debian project is pleased to announce the fifth update of its
stable distribution Debian 6.0 (codename squeeze
).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
acpid | Really fix CVE-2011-1159 |
apr | Fix apr_file_trunc() bug which could lead to Subversion repository corruption in some rare cases |
at | Create hardlink as priviledged user for compatibility with later kernels |
base-files | Update /etc/debian_version for the point release |
brltty | Fix support for large esys/iris displays |
clive | Adapt for youtube.com changes |
ecl | Remove broken postrm script |
eglibc | Fix resolving issues with broken servers returning NOTIMP or FORMERR to AAAA queries; fix integer overflow in timezone code; local/manpages/gai.conf.5: update from latest RedHat version |
evolution-data-server | Make e_book_get_changes() actually return changes |
fail2ban | Lock server's executeCmd to prevent racing among iptables calls; fix insecure creation of tempfiles |
foomatic-filters | Fix insecure temporary file use in renderer command line |
giplet | Use checkip.dyndns.org instead of the no longer suitable www.whatismyip.org |
gnusound | Fix format string security issue |
gosa | Fix DHCP host removal and user generator Unicode character transliteration |
highlight | Remove broken postrm |
json-glib | Fix serialization of doubles |
kdeutils | Fix directory traversal in Ark |
keepalived | Set correct permissions on pid file |
laptop-mode-tools | Add support for 3.x kernels |
libcgicc | Install pkg-config file to the correct location |
libxi | Fix passive grabs; handle unknown device classes; fill in mods/group->effective in XIQueryPointer |
linux-2.6 | Add longterm releases 2.6.32.5[5-9] |
linux-kernel-di-amd64-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-armel-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-i386-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-ia64-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-mips-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-mipsel-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-powerpc-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-s390-2.6 | Rebuild against linux-2.6 2.6.32-45 |
linux-kernel-di-sparc-2.6 | Rebuild against linux-2.6 2.6.32-45 |
netselect | Robustness and documentation fixes; handle mirror lists with embedded attributes |
openssh | Fix information disclosure regarding forced commands via debug messages |
openvpn | Fix /sbin/route calls on kFreeBSD |
php-memcache | Fix cache delete bug, when deleting objects from memcached 1.4.4+ |
php-memcached | Fix double free in getServerByKey() |
phppgadmin | Fix XSS in function.php |
policykit-1 | Fix race condition when reading from /proc which allows local users to gain root privileges by executing a setuid program from pkexec |
procps | Support 3.X kernels |
pyspf | Correctly process CNAMEs in SPF records |
python-defaults | Correctly remove /var/lib/python/python2.6_already_installed |
python-virtualenv | Fix insecure temp file handling |
rott | Fallback to downloading shareware data files from pkg-games.alioth.debian.org |
sks | Use standards-compliant POSTs |
sysvinit | Enable use of either rpcbind or portmap for NFS |
texlive-base | Don't try to repair a missing pdftexconfig.tex in preinst |
tremulous | Rate-limit getstatus and rcon connectionless packets, to avoid their use for traffic amplification; fix several security bugs; disable auto-downloading |
tzdata | New upstream version |
wicd | Fix local privilege escalation, CVE-2012-2095 |
xfce4-weather-plugin | Update service key to restore access to server |
yapra | Add ruby1.8 build-dependency to fix broken build in clean environment |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-2321 | moin | Cross-site scripting |
DSA-2352 | puppet | Programming error |
DSA-2359 | mojarra | EL injection |
DSA-2394 | libxml2 | Multiple issues |
DSA-2395 | wireshark | Buffer underflow |
DSA-2396 | qemu-kvm | Buffer underflow |
DSA-2397 | icu | Buffer underflow |
DSA-2398 | curl | Multiple issues |
DSA-2399 | php5 | Multiple issues |
DSA-2400 | iceweasel | Multiple issues |
DSA-2401 | tomcat6 | Multiple issues |
DSA-2402 | iceape | Multiple issues |
DSA-2403 | php5 | Code injection |
DSA-2404 | xen-qemu-dm-4.0 | Buffer overflow |
DSA-2405 | apache2 | Multiple issues |
DSA-2406 | icedove | Multiple issues |
DSA-2407 | cvs | Heap overflow |
DSA-2408 | php5 | Multiple issues |
DSA-2409 | devscripts | Multiple issues |
DSA-2410 | libpng | Integer overflow |
DSA-2411 | mumble | Information disclosure |
DSA-2412 | libvorbis | Buffer overflow |
DSA-2413 | libarchive | Buffer overflows |
DSA-2414 | fex | Insufficient input sanitization |
DSA-2415 | libmodplug | Multiple issues |
DSA-2416 | notmuch | Information disclosure |
DSA-2417 | libxml2 | Denial of service |
DSA-2418 | postgresql-8.4 | Multiple issues |
DSA-2419 | puppet | Multiple issues |
DSA-2420 | openjdk-6 | Multiple issues |
DSA-2421 | moodle | Multiple issues |
DSA-2422 | file | Missing bounds check |
DSA-2423 | movabletype-opensource | Multiple issues |
DSA-2424 | libxml-atom-perl | XML entity expansion |
DSA-2425 | plib | Buffer overflow |
DSA-2426 | gimp | Multiple issues |
DSA-2427 | imagemagick | Multiple issues |
DSA-2428 | freetype | Multiple issues |
DSA-2430 | python-pam | Double free |
DSA-2431 | libdbd-pg-perl | Format string vulnerabilities |
DSA-2432 | libyaml-libyaml-perl | Format string vulnerability |
DSA-2433 | iceweasel | Multiple issues |
DSA-2434 | nginx | Sensitive information leak |
DSA-2435 | gnash | Multiple issues |
DSA-2436 | libapache2-mod-fcgid | Inactive resource limits |
DSA-2437 | icedove | Multiple issues |
DSA-2438 | raptor | Programming error |
DSA-2439 | libpng | Buffer overflow |
DSA-2440 | libtasn1-3 | Integer overflow |
DSA-2441 | gnutls26 | Missing bounds check |
DSA-2442 | openarena | UDP traffic amplification |
DSA-2443 | linux-2.6 | Multiple issues |
DSA-2443 | user-mode-linux | Multiple issues |
DSA-2444 | tryton-server | Privilege escalation |
DSA-2445 | typo3-src | Multiple issues |
DSA-2446 | libpng | Incorrect memory handling |
DSA-2447 | tiff | Integer overflow |
DSA-2448 | inspircd | Buffer overflow |
DSA-2449 | sqlalchemy | Missing input sanitization |
DSA-2450 | samba | Privilege escalation |
DSA-2451 | puppet | Multiple issues |
DSA-2452 | apache2 | Insecure default configuration |
DSA-2453 | gajim | Multiple issues |
DSA-2454 | openssl | Multiple issues |
DSA-2455 | typo3-src | Cross site scripting |
DSA-2456 | dropbear | Use after free |
DSA-2457 | iceweasel | Multiple issues |
DSA-2458 | iceape | Multiple issues |
DSA-2459 | quagga | Multiple issues |
DSA-2460 | asterisk | Multiple issues |
DSA-2461 | spip | Multiple issues |
DSA-2462 | imagemagick | Multiple issues |
DSA-2463 | samba | Missing permission checks |
DSA-2464 | icedove | Multiple issues |
Debian Installer
The installer has been rebuilt to include the fixes incorporated into stable by the point release.
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.