1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
<define-tag pagetitle>Updated Debian 6.0: 6.0.6 released</define-tag>
<define-tag release_date>2012-09-29</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.6</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
##
## Translators should uncomment the following line and add their name
## Leaving translation at 1.1 is okay; that's the first version which will
## be added to Debian's webwml repository
##
# ← this one must be removed; not that one → #use wml::debian::translation-check translation="1.1" maintainer=""
<p>The Debian project is pleased to announce the sixth update of its
stable distribution Debian <release> (codename <q><codename></q>).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.</p>
<p>Please note that this update does not constitute a new version of Debian
<release> but only updates some of the packages included. There is
no need to throw away <release> CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.</p>
<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>
<p>New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.</p>
<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:</p>
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
<h2>Miscellaneous Bugfixes</h2>
<p>This stable update adds a few important corrections to the following
packages:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction alpine "Fix crash in embedded UW-IMAP copy">
<correction apache2 "mod_negotiation - fix CVE-2012-2687; mod_cache - don't cache partial connections; read timeouts should result in a 408">
<correction automake1.10 "Fix CVE-2012-3386">
<correction automake1.11 "Fix CVE-2012-3386">
<correction automake1.7 "Fix CVE-2012-3386">
<correction automake1.9 "Fix CVE-2012-3386">
<correction base-files "Update /etc/debian_version for the point release">
<correction checkgmail "Fix GMail authentication issues">
<correction clamav "New upstream release">
<correction debian-archive-keyring "Add wheezy stable and archive signing keys">
<correction dpkg "Ensure a reliable unpack on SELinux systems">
<correction eglibc "Really enable patches/any/cvs-dlopen-tls.diff; fix FORTIFY_SOURCE format string protection bypass; fix a DoS in RPC implementation">
<correction emesene "Update contact end-point to local-bay.contacts.msn.com">
<correction geshi "Fix 'Local File Inclusion Vulnerability in contrib script'">
<correction gosa "Security fix (missing escaping)">
<correction ia32-libs "Update packages">
<correction libconfig-inifiles-perl "Fix insecure temporary file use">
<correction libgc "Check for integer overflow in internal malloc and calloc routines">
<correction libmtp "Fix device flags for some devices; add support for new devices">
<correction libxslt "Fix CVE-2011-1202, CVE-2011-3970, CVE-2012-2825">
<correction links2 "Security fixes">
<correction linux-2.6 "DRM fixes; leap second fix; security fixes; various driver fixes">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 2.6.32-46">
<correction lockfile-progs "Ensure the correct PID is used when creating lockfiles">
<correction mysql-mmm "Add dependency on libpath-class-perl">
<correction network-manager "Stop allowing ad-hoc WPA networks to be created; kernel bugs mean they get created as open networks">
<correction nss-pam-ldapd "Support larger gecos values; reliability fixes">
<correction nvidia-graphics-drivers "Fix information leak in the kernel module; fix arbitrary memory access vulnerability; fix local privilege escalation through VGA window manipulation">
<correction nvidia-graphics-modules "Rebuild against 195.36.31-6squeeze1 kernel modules for security fixes; rebuild to fix CVE-2012-4225">
<correction php-memcached "Fix session.gc_maxlifetime handling">
<correction plymouth "Fix the init script to not fail when the package is removed">
<correction policyd-weight "Remove rfc-ignorant.org RBLs (due to upcoming shutdown) and rbl.ipv6-world.net">
<correction postgresql-common "Do not remove the PID file after SIGKILLing the postmaster in the <q>last-ditch effort to shut down</q> in --force mode">
<correction powertop "Fix segfault on newer kernels with large config files">
<correction publican "Add dependency and build-dependency on libio-string-perl">
<correction rstatd "Support Linux 3.x kernels">
<correction spip "Fix base name disclosure; security fixes">
<correction tor "New upstream; fix TLS 1.1/1.2 renegotiation with openssl 1.0.1; fix potential DOS; fix two crashes and an information disclosure issue">
<correction ttb "Add dependency on python-glade2">
<correction vte "Fix a memory exhaustion vulnerability">
<correction wims "Fix installation problem">
<correction wireshark "Fix crashes in ANSI A detector and pcap / pcap-ng parsers">
<correction xserver-xorg-video-intel "UXA/glyphs: fall back instead of crashing on large strings">
<correction yaws "Fix RNG strength; fix mail config loading">
</table>
<h2>Security Updates</h2>
<p>This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:</p>
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2012 2457 iceweasel "Regression fix">
<dsa 2012 2458 iceape "Regression fix">
<dsa 2012 2465 php5 "Multiple issues">
<dsa 2012 2466 rails "Cross site scripting">
<dsa 2012 2467 mahara "Insecure defaults">
<dsa 2012 2468 libjakarta-poi-java "Unbounded memory allocation">
<dsa 2012 2470 wordpress "Multiple issues">
<dsa 2012 2471 ffmpeg "Multiple issues">
<dsa 2012 2472 gridengine "Privilege escalation">
<dsa 2012 2473 openoffice.org "Buffer overflow">
<dsa 2012 2474 ikiwiki "Cross-site scripting">
<dsa 2012 2475 openssl "Integer underflow">
<dsa 2012 2476 pidgin-otr "Format string vulnerability">
<dsa 2012 2477 sympa "Authorization bypass">
<dsa 2012 2478 sudo "Parsing error">
<dsa 2012 2479 libxml2 "Off-by-one">
<dsa 2012 2480 request-tracker3.8 "Regression">
<dsa 2012 2481 arpwatch "Fails to drop supplementary groups">
<dsa 2012 2482 libgdata "No verification of TLS certificates against system root CA">
<dsa 2012 2483 strongswan "Authentication bypass">
<dsa 2012 2484 nut "Denial of service">
<dsa 2012 2485 imp4 "Cross site scripting">
<dsa 2012 2486 bind9 "Denial of service">
<dsa 2012 2487 openoffice.org "Buffer overflow">
<dsa 2012 2488 iceweasel "Multiple issues">
<dsa 2012 2489 iceape "Multiple issues">
<dsa 2012 2490 nss "Denial of service">
<dsa 2012 2491 postgresql-8.4 "Multiple issues">
<dsa 2012 2492 php5 "Buffer overflow">
<dsa 2012 2493 asterisk "Denial of service">
<dsa 2012 2494 ffmpeg "Multiple issues">
<dsa 2012 2495 openconnect "Buffer overflow">
<dsa 2012 2497 quagga "Denial of service">
<dsa 2012 2498 dhcpcd "Remote stack overflow">
<dsa 2012 2499 icedove "Multiple issues">
<dsa 2012 2500 mantis "Multiple issues">
<dsa 2012 2501 xen "Multiple issues">
<dsa 2012 2502 python-crypto "Programming error">
<dsa 2012 2503 bcfg2 "Shell command injection">
<dsa 2012 2504 libspring-2.5-java "Information disclosure">
<dsa 2012 2505 zendframework "Information disclosure">
<dsa 2012 2506 libapache-mod-security "Modsecurity bypass">
<dsa 2012 2507 openjdk-6 "Multiple issues">
<dsa 2012 2508 kfreebsd-8 "Privilege escalation">
<dsa 2012 2509 pidgin "Remote code execution">
<dsa 2012 2510 extplorer "Cross-site request forgery">
<dsa 2012 2511 puppet "Multiple issues">
<dsa 2012 2512 mono "Missing input sanitising">
<dsa 2012 2513 iceape "Multiple issues">
<dsa 2012 2514 iceweasel "Multiple issues">
<dsa 2012 2515 nsd3 "Null pointer dereference">
<dsa 2012 2516 isc-dhcp "Denial of service">
<dsa 2012 2517 bind9 "Denial of service">
<dsa 2012 2518 krb5 "Denial of service">
<dsa 2012 2519 isc-dhcp "Denial of service">
<dsa 2012 2520 openoffice.org "Multiple heap-based buffer overflows">
<dsa 2012 2521 libxml2 "Integer overflows">
<dsa 2012 2522 fckeditor "Cross site scripting">
<dsa 2012 2523 globus-gridftp-server "Programming error">
<dsa 2012 2523 globus-gridftp-server-control "Programming error">
<dsa 2012 2524 openttd "Multiple issues">
<dsa 2012 2525 expat "Multiple issues">
<dsa 2012 2526 libotr "Buffer overflow">
<dsa 2012 2527 php5 "Multiple issues">
<dsa 2012 2528 icedove "Multiple issues">
<dsa 2012 2529 python-django "Multiple issues">
<dsa 2012 2530 rssh "Shell command injection">
<dsa 2012 2531 xen "Denial of service">
<dsa 2012 2532 libapache2-mod-rpaf "Denial of service">
<dsa 2012 2533 pcp "Multiple issues">
<dsa 2012 2534 postgresql-8.4 "Multiple issues">
<dsa 2012 2535 rtfm "Cross-site scripting">
<dsa 2012 2536 otrs2 "Cross-site scripting">
<dsa 2012 2537 typo3-src "Multiple issues">
<dsa 2012 2538 moin "Privilege escalation">
<dsa 2012 2539 zabbix "SQL injection">
<dsa 2012 2540 mahara "Cross-site scripting">
<dsa 2012 2541 beaker "Information disclosure">
<dsa 2012 2542 qemu-kvm "Multiple issues">
<dsa 2012 2543 xen-qemu-dm-4.0 "Multiple issues">
<dsa 2012 2544 xen "Denial of service">
<dsa 2012 2545 qemu "Multiple issues">
<dsa 2012 2546 freeradius "Code execution">
<dsa 2012 2547 bind9 "Improper assert">
<dsa 2012 2548 tor "Multiple issues">
<dsa 2012 2549 devscripts "Multiple issues">
</table>
<h2>Debian Installer</h2>
<p>
The installer has been rebuilt to include the fixes incorporated
into stable by the point release.
</p>
<h2>Removed packages</h2>
<p>The following packages were removed due to circumstances beyond our
control:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction blockade "Non-distributable data files">
<correction kcheckgmail "Unmaintained; broken by Google changes">
<correction libtrash "Unmaintained; broken">
</table>
<h2>URLs</h2>
<p>The complete lists of packages that have changed with this
revision:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>The current stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Proposed updates to the stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates">
</div>
<p>stable distribution information (release notes, errata etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
<p>Security announcements and information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>About Debian</h2>
<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.</p>
<h2>Contact Information</h2>
<p>For further information, please visit the Debian web pages at <a
href="$(HOME)/">http://www.debian.org/</a>, send mail to
<press@debian.org>, or contact the stable release team at
<debian-release@lists.debian.org>.</p>
|
