news 28 Posted October 1, 2011 ------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Updated Debian 5.0: 5.0.9 released press ( -at -) debian.org October 1st, 2011 http://www.debian.org/News/2011/20111001 ------------------------------------------------------------------------ Updated Debian 5.0: 5.0.9 released The Debian project is pleased to announce the ninth update of its oldstable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustment to serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New installation media and CD and DVD images containing updated packages will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: Miscellaneous Bugfixes ---------------------- This oldstable update adds a few important corrections to the following packages: Package Reason aptitude Fix symlink attack in hierarchy editor atop Insecure use of temporary files base-files Update /etc/debian_version for the point release conky Fix file overwrite vulnerability dokuwiki RSS XSS security fix klibc Escape ipconfig's DHCP options linux-2.6 Several security updates and select fixes from upstream 2.6.27.58/9 magpierss Fix cross-site scripting vulnerability (CVE-2011-0740) mediawiki Protect against CSS injection vulnerability openldap Security fixes openssl Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites pmake Fix symlink attack via temporary files sun-java6 New upstream security update tesseract Disable xterm-based debug windows to avoid file overwrite vulnerability tzdata New upstream version user-mode-linux Rebuild against linux-2.6 2.6.26-27 v86d Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS vftool Fix a buffer overflow in linetoken() in parseAFM.c xorg-server GLX: don't crash in SwapBuffers if we don't have a context Due to the timing of this point release relative to the next update for the stable release (Debian 6.0 "squeeze"), the versions of atop and tzdata included in this point release are higher than the corresponding packages currently in stable. The next stable point release is planned for one week's time, after which the package versions in stable will once again be higher, as expected. We do not expect that this situation will cause any issues with upgrades from oldstable to the stable release during this short period of time, but please report any such issues which do arise. (See the "Contact Information" section below). Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package Correction(s) DSA-2043 vlc Arbitrary code execution DSA-2149 dbus Denial of service DSA-2150 request-tracker3.6 Salt password hashing DSA-2151 openoffice.org Multiple issues DSA-2152 hplip Buffer overflow DSA-2153 linux-2.6 Multiple issues DSA-2153 user-mode-linux Multiple issues DSA-2154 exim4 Privilege escalation DSA-2155 freetype Multiple issues DSA-2156 pcsc-lite Buffer overflow DSA-2157 postgresql-8.3 Buffer overflow DSA-2158 cgiirc Cross-site scripting flaw DSA-2165 ffmpeg-debian Buffer overflow DSA-2167 phpmyadmin SQL injection DSA-2168 openafs Multiple issues DSA-2169 telepathy-gabble Missing input validation DSA-2170 mailman Multiple issues DSA-2171 asterisk Buffer overflow DSA-2172 moodle Multiple issues DSA-2173 pam-pgsql Buffer overflow DSA-2174 avahi Denial of service DSA-2175 samba Missing input sanitising DSA-2176 cups Multiple issues DSA-2179 dtc SQL injection DSA-2181 subversion Denial of service DSA-2182 logwatch Remote code execution DSA-2183 nbd Arbitrary code execution DSA-2186 xulrunner Multiple issues DSA-2191 proftpd-dfsg Multiple issues DSA-2195 php5 Multiple issues DSA-2196 maradns Buffer overflow DSA-2197 quagga Denial of service DSA-2200 nss Compromised certificate authority DSA-2200 xulrunner Update HTTPS certificate blacklist DSA-2201 wireshark Multiple issues DSA-2203 nss Update HTTPS certificate blacklist DSA-2204 imp4 Insufficient input sanitising DSA-2206 mahara Multiple issues DSA-2207 tomcat5.5 Multiple issues DSA-2208 bind9 Issue with processing of new DNSSEC DS records DSA-2210 tiff Multiple issues DSA-2211 vlc Missing input sanitising DSA-2213 x11-xserver-utils Missing input sanitizing DSA-2214 ikiwiki Missing input validation DSA-2217 dhcp3 Missing input sanitizing DSA-2219 xmlsec1 File overwrite DSA-2220 request-tracker3.6 Multiple issues DSA-2225 asterisk Multiple issues DSA-2226 libmodplug Buffer overflow DSA-2228 xulrunner Multiple issues DSA-2233 postfix Multiple issues DSA-2234 zodb Multiple issues DSA-2242 cyrus-imapd-2.2 Implementation error DSA-2243 unbound Design flaw DSA-2244 bind9 Wrong boundary condition DSA-2246 mahara Multiple issues DSA-2247 rails Multiple issues DSA-2248 ejabberd Denial of service DSA-2250 citadel Denial of service DSA-2253 fontforge Buffer overflow DSA-2254 oprofile Command injection DSA-2255 libxml2 Buffer overflow DSA-2260 rails Multiple issues DSA-2264 linux-2.6 Multiple issues DSA-2264 user-mode-linux Multiple issues DSA-2266 php5 Multiple issues DSA-2268 xulrunner Multiple issues DSA-2272 bind9 Denial of service DSA-2274 wireshark Multiple issues DSA-2276 asterisk Multiple issues DSA-2277 xml-security-c Buffer overflow DSA-2278 horde3 Multiple issues DSA-2280 libvirt Multiple issues DSA-2286 phpmyadmin Multiple issues DSA-2288 libsndfile Integer overflow DSA-2289 typo3-src Multiple issues DSA-2290 samba Cross-side scripting DSA-2291 squirrelmail Multiple issues DSA-2292 dhcp3 Denial of service DSA-2293 libxfont Buffer overflow DSA-2294 freetype Missing input sanitization DSA-2296 xulrunner Multiple issues DSA-2298 apache2 Denial of service DSA-2298 apache2-mpm-itk Denial of service DSA-2300 nss Compromised certificate authority DSA-2301 rails Multiple issues DSA-2302 bcfg2 Arbitrary code execution DSA-2304 squid3 Buffer overflow DSA-2308 mantis Multiple issues DSA-2309 openssl Compromised certificate authority DSA-2310 linux-2.6 Multiple issues Debian Installer ---------------- The Debian Installer has been updated to incorporate a new kernel containing a number of important and security-related fixes. Removed package --------------- The following package was removed due to circumstances beyond our control: Package Reason pixelpost Unmaintained, multiple security issues URLs ---- The complete lists of packages that have changed with this revision: The current stable distribution: Proposed updates to the stable distribution: Stable distribution information (release notes, errata etc.): Security announcements and information: About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux. Contact Information ------------------- For further information, please visit the Debian web pages at , send mail to , or contact the stable release team at -- To UNSUBSCRIBE, email to debian-announce-REQUEST ( -at -) lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster ( -at -) lists.debian.org Archive: http://lists.debian.org/20111001181847.GP3666 ( -at -) finlandia.home.infodrom.org Share this post Link to post
