Saturday, February 23, 2013

Updated Debian 6.0: 6.0.7 released

------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.7 released press@debian.org
February 23rd, 2013 http://www.debian.org/News/2013/20130223
------------------------------------------------------------------------


The Debian project is pleased to announce the seventh update of its
stable distribution Debian 6.0 (codename "squeeze"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

http://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package Reason

apt-show-versions Fix detection of squeeze-updates and
squeeze; update official
distribution list

base-files  Update for the point release

bcron  Don't allow jobs access to other
jobs' temporary files

bind9  Update IP for "D" root server

bugzilla  Add dependency on liburi-perl, used
during package configuration

choose-mirror  Update URL for master mirror list

clamav  New upstream version

claws-mail  Fix NULL pointer dereference

clive  Adapt for youtube.com changes

cups  Ship cups-files.conf's manpage

dbus  Avoid code execution in setuid/
setgid binaries

dbus-glib  Fix authentication bypass through
insufficient checks (CVE-2013-0292)

debian-installer  Rebuild for 6.0.7

debian-installer-netboot- Rebuild against debian-installer
images  20110106+squeeze4+b3

dtach  Properly handle close request
(CVE-2012-3368)

ettercap  Fix hosts list parsing (CVE-2013-
0722)

fglrx-driver  Fix diversion-related issues with
upgrades from lenny

flashplugin-nonfree  Use gpg --verify

fusionforge  Lenny to squeeze upgrade fix

gmime2.2  Add Conflicts: libgmime2.2-cil to
fix upgrades from lenny

gzip  Avoid using memcpy on overlapping
regions

ia32-libs  Update included packages from
stable / security.d.o

ia32-libs-core  Update included packages from
stable / security.d.o

kfreebsd-8  Fix CVE-2012-4576: memory access
without proper validation in linux
compat system

libbusiness-onlinepayment- Backport changes to IPPay gateway's
ippay-perl  server name and path

libproc-processtable- Fix unsafe temporary file usage
perl  (CVE-2011-4363)

libzorpll  Add missing Breaks/Replaces:
libzorp2-dev to libzorpll-dev

linux-2.6  Update to stable release 2.6.32.60.
Backport hpsa, isci and megaraid_sas
driver updates. Fix r8169 hangs

linux-kernel-di-amd64- Rebuild against linux-2.6 2.6.32-48
2.6 

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
armel-2.6 

linux-kernel-di-i386- Rebuild against linux-2.6 2.6.32-48
2.6 

linux-kernel-di-ia64- Rebuild against linux-2.6 2.6.32-48
2.6 

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mips-2.6 

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mipsel-2.6 

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
powerpc-2.6 

linux-kernel-di-s390- Rebuild against linux-2.6 2.6.32-48
2.6 

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
sparc-2.6 

magpierss  Fix upgrade issue

maradns  Fix CVE-2012-1570 (deleted domain
record cache persistence flaw)

mediawiki  Prevent session fixation in
Special:UserLogin (CVE-2012-5391);
prevent linker regex from exceeding
backtrack limit

moodle  Multiple security fixes

nautilus  Add Breaks: samba-common (<< 2:3.5)
to fix a lenny to squeeze upgrade
issue

openldap  Dump the database in prerm on
upgrades to help upgrades to
releases with newer libdb versions

openssh  Improve DoS resistance (CVE-2010-
5107)

pam-pgsql  Fix issue with NULL passwords

pam-shield  Correctly block IPs when
allow_missing_dns is "no"

perl  Fix misparsing of maketext strings
(CVE-2012-6329)

poppler  Security fixes; CVE-2010-0206,
CVE-2010-0207, CVE-2012-4653; fix
GooString::insert, correctly
initialise variables

portmidi  Fix crash

postgresql-8.4  New upstream micro-release

sdic  Move bzip2 from Suggests to Depends
as it is used during installation

snack  Fix buffer overflow (CVE-2012-6303)

sphinx  Fix incompatibility with jQuery>=
1.4

swath  Fix potential buffer overflow in
Mule mode

swi-prolog  Fix buffer overruns

ttf-ipafont  Fix removal of alternatives

tzdata  New upstream version; fix DST for
America/Bahia (Brazil)

unbound  Update IP address hints for D.ROOT-
SERVERS.NET

xen  Fix clock breakage

xnecview  Fix FTBFS on armel




Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:


Advisory ID Package Correction(s)

DSA-2550  asterisk  Multiple issues

DSA-2551  isc-dhcp  Denial of service

DSA-2552  tiff  Multiple issues

DSA-2553  iceweasel  Multiple issues

DSA-2554  iceape  Multiple issues

DSA-2555  libxslt  Multiple issues

DSA-2556  icedove  Multiple issues

DSA-2557  hostapd  Denial of service

DSA-2558  bacula  Information disclosure

DSA-2559  libexif  Multiple issues

DSA-2560  bind9  Denial of service

DSA-2561  tiff  Buffer overflow

DSA-2562  cups-pk-helper  Privilege escalation

DSA-2563  viewvc  Multiple issues

DSA-2564  tinyproxy  Denial of service

DSA-2565  iceweasel  Multiple issues

DSA-2566  exim4  Heap overflow

DSA-2567  request-tracker3.8 Multiple issues

DSA-2568  rtfm  Privilege escalation

DSA-2569  icedove  Multiple issues

DSA-2570  openoffice.org  Multiple issues

DSA-2571  libproxy  Buffer overflow

DSA-2572  iceape  Multiple issues

DSA-2573  radsecproxy  SSL certificate
verification weakness

DSA-2574  typo3-src  Multiple issues

DSA-2575  tiff  Heap overflow

DSA-2576  trousers  Denial of service

DSA-2577  libssh  Multiple issues

DSA-2578  rssh  Multiple issues

DSA-2579  apache2  Multiple issues

DSA-2580  libxml2  Buffer overflow

DSA-2582  xen  Denial of service

DSA-2583  iceweasel  Multiple issues

DSA-2584  iceape  Multiple issues

DSA-2585  bogofilter  Heap-based buffer
overflow

DSA-2586  perl  Multiple issues

DSA-2587  libcgi-pm-perl  HTTP header injection

DSA-2588  icedove  Multiple issues

DSA-2589  tiff  Buffer overflow

DSA-2590  wireshark  Multiple issues

DSA-2591  mahara  Multiple issues

DSA-2592  elinks  Programming error

DSA-2593  moin  Multiple issues

DSA-2594  virtualbox-ose  Programming error

DSA-2595  ghostscript  Buffer overflow

DSA-2596  mediawiki- Cross-site scripting in
extensions  RSSReader extension

DSA-2597  rails  Input validation error

DSA-2598  weechat  Multiple issues

DSA-2599  nss  Mis-issued intermediates

DSA-2600  cups  Privilege escalation

DSA-2601  gnupg2  Missing input sanitation

DSA-2601  gnupg  Missing input sanitation

DSA-2602  zendframework  XML external entity
inclusion

DSA-2603  emacs23  Programming error

DSA-2604  rails  Insufficient input
validation

DSA-2605  asterisk  Multiple issues

DSA-2606  proftpd-dfsg  Symlink race

DSA-2607  qemu-kvm  Buffer overflow

DSA-2608  qemu  Buffer overflow

DSA-2609  rails  SQL query manipulation

DSA-2610  ganglia  Remote code execution

DSA-2611  movabletype- Multiple issues
opensource 

DSA-2612  ircd-ratbox  Remote crash

DSA-2613  rails  Insufficient input
validation

DSA-2614  libupnp  Multiple issues

DSA-2615  libupnp4  Multiple issues

DSA-2616  nagios3  Buffer overflow
vulnerability

DSA-2617  samba  Multiple issues

DSA-2618  ircd-hybrid  Denial of service

DSA-2619  xen-qemu-dm-4.0  Buffer overflow

DSA-2620  rails  Multiple issues

DSA-2621  openssl  Multiple issues

DSA-2622  polarssl  Multiple issues

DSA-2623  openconnect  Buffer overflow

DSA-2624  ffmpeg  Multiple issues

DSA-2625  wireshark  Multiple issues

DSA-2626  lighttpd  Multiple issues

DSA-2627  nginx  Information leak


Debian Installer
----------------

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

Package Reason

elmerfem  License problems (GPL + non-GPL)


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/squeeze/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates/


stable distribution information (release notes, errata etc.):

http://www.debian.org/releases/stable/


Security announcements and information:

http://security.debian.org/ 


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)