1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
<define-tag pagetitle>Aggiornata Debian 6.0: rilasciata la versione 6.0.4</define-tag>
<define-tag release_date>2012-01-28</define-tag>
#use wml::debian::translation-check translation="1.4" maintainer="Mirco Scottà"
#use wml::debian::news
<define-tag release>6.0</define-tag>
<define-tag codename>squeeze</define-tag>
<define-tag revision>6.0.4</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
<p>Il progetto Debian è lieto di annunciare il quarto aggiornamento della sua
distribuzione stabile Debian <release> (nome in codice <q><codename></q>). Questo
aggiornamento aggiunge per lo più delle correzioni a problemi di sicurezza del
rilascio stabile, insieme ad alcune sistemazioni di problemi seri. Gli avvisi
di sicurezza sono già stati pubblicati separatamente e maggiori informazioni,
laddove disponibili, sono presenti nelle pagine ad essi dedicate.</p>
<p>Da notare che questo aggiornamento non costituisce una nuova versione di
Debian <release> ma aggiorna solamente alcuni dei pacchetti inclusi. Non c'è alcun
bisogno di gettare i CD o i DVD della versione <release>, ma è sufficiente connettersi
dopo l'installazione ad un mirror Debian aggiornato per provocare l'avanzamento
di tutti i pacchetti datati.</p>
<p>Coloro che aggiornano di frequente tramite security.debian.org non dovranno
aggiornare molti pacchetti poiché la maggior parte di quelli provenienti da
security.debian.org sono compresi in questo aggiornamento.</p>
<p>I nuovi supporti di installazione e le nuove immagini dei CD e DVD che
contengono i pacchetti aggiornati saranno presto disponibili agli indirizzi
consueti.</p>
<p>L'aggiornamento in linea a questa revisione viene di solito fatto puntando il
gestore dei pacchetti aptitude (o apt) (vedere la pagina di manuale
sources.list(5)) a uno dei molti mirror FTP o HTTP di Debian. Una lista
esaustiva dei mirror è disponibile qui:</p>
<div class="center">
<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>
<h2>Correzioni varie</h2>
<p>L'aggiornamento della versione stabile aggiunge alcune importanti correzioni
ai seguenti pacchetti:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction adolc "Remove Visual C++ runtime from windows/ directory">
<correction backuppc "Fix data corruption in tarballs due to logging to stdout and two XSS issues">
<correction base-files "Update /etc/debian_version for the point release">
<correction base-installer "Add POWER7 to the powerpc64 family">
<correction bti "Fix identi.ca OAuth URLs">
<correction bugzilla "Security fixes">
<correction byobu "Correct postinst chmod semantics">
<correction bzip2 "Fix CVE-2011-4089">
<correction c-ares "Fix encoded length for indirect root">
<correction cherokee "Avoid brute-forceable password in cherokee-admin">
<correction cifs-utils "Fix mtab corruption issues">
<correction clamav "New upstream version; fix potential DoS">
<correction clamz "Handle unencrypted amz files">
<correction cpufrequtils "Load powernow-k8 for AMD family 20 (i.e. AMD E-350 cpus); better support 3.0 kernels">
<correction debian-installer "Stop menu falling off the screen">
<correction debian-installer-netboot-images "Update to d-i 20110106+squeeze4">
<correction dpkg "Add armhf to {os,triplet}table; defer hardlink renames; do not fail to unpack shared directories missing on the file system from packages being replaced by other packages">
<correction eglibc "New upstream stable release plus fixes from stable branch">
<correction erlang "Fix CVE-2011-0766 (cryptographic weakness) in the erlang ssh application">
<correction etherape "Null pointer dereferences">
<correction gimp "Fix printing when used with libcairo version 1.10 or above">
<correction gnutls26 "Fix buffer overflow in gnutls_session_get_data()">
<correction hplip "Fix insecure use of temporary file">
<correction ia32-libs "Update packages">
<correction ia32-libs-gtk "Update packages">
<correction ifupdown-extra "Handle moved location of ethtool; fix handling of <q>rejects</q> in static-route; use --tmpdir for temporary files; move /etc/network/network-routes to /e/n/routes; documentation updates">
<correction iotop "Give a helpful error instead of crashing when Linux denies permission to read the taskstats files">
<correction jabberbot "Bind callbacks after the roster has been initialised">
<correction kernel-wedge "Add et131x to nic-extra-modules; add isci to scsi-extra-modules; add xhci-hcd to usb-modules">
<correction killer "Use DNS for mail domain rather than NIS; stop cron job failing when package is removed">
<correction ldap2zone "Don't send mail on success; syslog instead">
<correction libdata-formvalidator-perl "Fix possible passing of invalid data in untaint mode">
<correction libdebian-installer "Detect IBM pSeries platform as powerpc/chrp_ibm">
<correction libdigest-perl "Fix unsafe use of eval in Digest->new()">
<correction libhtml-template-pro-perl "Fix XSS">
<correction libjifty-dbi-perl "SQL injection">
<correction libmtp "Add support for Motorola Xoom devices">
<correction libpar-packer-perl "Fix use of unsafe and predictable temporary directories">
<correction libpar-perl "Fix use of unsafe and predictable temporary directories">
<correction linux-2.6 "Fixes for xen regression, GRO/GSO IPv6 forwarding, ppc vserver; add stable releases 2.6.32.47-54, various fixes; fix tg3 regression; xen fixes">
<correction linux-kernel-di-amd64-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-armel-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-i386-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-ia64-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-mips-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-mipsel-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-powerpc-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-s390-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction linux-kernel-di-sparc-2.6 "Rebuild against linux-2.6 kernel 2.6.32-41">
<correction masqmail "Fix improper seteuid() calls">
<correction mdadm "Quieten some cron messages; don't break when no scheduling class is specified or no devices are active; LSB header updates">
<correction mediawiki "Fix unintended exposure of hidden content through cache pollution; disable CVE-2011-4360.patch; doesn't apply to this version and causes errors">
<correction module-init-tools "Support 3.0 kernels">
<correction multipath-tools "Change HP hardware handler to hp_sw; update man pages">
<correction mutt "Fix validation of commonname (gnutls)">
<correction nfs-utils "Allow negotiated enctypes to be limited; avoid corrupting mtab">
<correction nginx "Fix compression pointer processing in DNS response greater than 255 bytes">
<correction nss-pam-ldapd "Correctly parse /etc/nsswitch.conf, detect calling process identity and fix disconnect logic">
<correction partman-target "Stop treating ISO hybrid images on USB sticks as real optical drives">
<correction pastebinit "Fix support for user configuration files">
<correction pbuilder "Rename the /run script from --execute to /runscript, for compatibility with wheezy and later which have /run as a directory replacing /var/run">
<correction perl "Unregister signal handler before destroying my_perl; fixes segfault; minor security fixes">
<correction phppgadmin "Fix XSS">
<correction pidgin "Fix remote crash issues">
<correction postgresql-8.4 "New upstream micro-release">
<correction pure-ftpd "Fix man in the middle attack on encrypted sessions">
<correction python-debian "Allow <q>:</q> as the first character of a value">
<correction python3-defaults "Ignore binary files while checking shebangs">
<correction qemu-kvm "Fix NIC hotplug from libvirt">
<correction quassel "Fix missing translations">
<correction recoll "Plug conversion descriptor leak in unac.c::convert() error path">
<correction rng-tools "Work around VIA Nano xstore bug; add 3.0 kernel support">
<correction rpm "Fix malformed header parsing">
<correction samba "Allow using unencrypted passwords with Windows clients with KB2536276 installed">
<correction shorewall "Install missing /usr/share/shorewall/helpers">
<correction shorewall-lite "Install missing /usr/share/shorewall/helpers">
<correction shorewall6 "Install missing /usr/share/shorewall/helpers">
<correction shorewall6-lite "Install missing /usr/share/shorewall/helpers">
<correction slbackup "Fix path to configuration file in the cron job">
<correction slbackup-php "Fix login issues, deal with blanks in filenames, fix last failed timestamp">
<correction tinyproxy "Validate port number specified in configuration">
<correction tzdata "New upstream version; add DST for America/Bahia">
<correction user-mode-linux "Rebuild against linux-source-2.6.32 (2.6.32-41)">
<correction webkit "Avoid doing lots of needless NULL DNS lookups">
<correction whatsnewfm "Handle renaming of freshmeat to freshcode">
<correction xorg-server "GLX: add missing input sanitization; fix a file disclosure vulnerability and a file permission change vulnerability">
<correction xpdf "Fix insecure temporary file usage">
</table>
<h2>Aggiornamenti di sicurezza</h2>
<p>Questa revisione aggiunge i seguenti aggiornamenti di sicurezza al rilascio
stabile. Il team della sicurezza ha già rilasciato un avviso per ciascuno di
questi aggiornamenti:</p>
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2011 2181 subversion "Denial of service">
<dsa 2011 2251 subversion "Multiple issues">
<dsa 2011 2283 krb5-appl "Programming error">
<dsa 2011 2284 opensaml2 "Implementation error">
<dsa 2012 2301 rails "Multiple issues">
<dsa 2011 2311 openjdk-6 "Multiple issues">
<dsa 2011 2315 openoffice.org "Multiple issues">
<dsa 2011 2318 cyrus-imapd-2.2 "Multiple issues">
<dsa 2011 2322 bugzilla "Multiple issues">
<dsa 2011 2323 radvd "Multiple issues">
<dsa 2011 2324 wireshark "Programming error">
<dsa 2011 2325 kfreebsd-8 "Privilege escalation/denial of service">
<dsa 2011 2326 pam "Multiple issues">
<dsa 2011 2327 libfcgi-perl "Authentication bypass">
<dsa 2011 2328 freetype "Missing input sanitising">
<dsa 2011 2329 torque "Buffer overflow">
<dsa 2011 2330 simplesamlphp "Multiple issues">
<dsa 2011 2331 tor "Multiple issues">
<dsa 2011 2332 python-django "Multiple issues">
<dsa 2011 2333 phpldapadmin "Multiple issues">
<dsa 2011 2334 mahara "Multiple issues">
<dsa 2011 2335 man2html "Missing input sanitization">
<dsa 2011 2337 xen "Multiple issues">
<dsa 2011 2338 moodle "Multiple issues">
<dsa 2011 2339 nss "Multiple issues">
<dsa 2011 2340 postgresql-8.4 "Weak password hashing">
<dsa 2011 2341 iceweasel "Multiple issues">
<dsa 2011 2342 iceape "Multiple issues">
<dsa 2011 2343 openssl "CA trust revocation">
<dsa 2011 2344 python-django-piston "Deserialization vulnerability">
<dsa 2011 2345 icedove "Multiple issues">
<dsa 2011 2346 proftpd-dfsg "Multiple issues">
<dsa 2011 2347 bind9 "Improper assert">
<dsa 2011 2348 systemtap "Multiple issues">
<dsa 2011 2349 spip "Multiple issues">
<dsa 2011 2350 freetype "Missing input sanitising">
<dsa 2011 2351 wireshark "Buffer overflow">
<dsa 2011 2353 ldns "Buffer overflow">
<dsa 2011 2354 cups "Multiple issues">
<dsa 2011 2355 clearsilver "Format string vulnerability">
<dsa 2011 2356 openjdk-6 "Multiple issues">
<dsa 2011 2357 evince "Multiple issues">
<dsa 2011 2361 chasen "Buffer overflow">
<dsa 2011 2362 acpid "Multiple issues">
<dsa 2011 2363 tor "Buffer overflow">
<dsa 2011 2364 xorg "Incorrect permission check">
<dsa 2011 2366 mediawiki "Multiple issues">
<dsa 2011 2367 asterisk "Multiple issues">
<dsa 2011 2368 lighttpd "Multiple issues">
<dsa 2011 2369 libsoup2.4 "Directory traversal">
<dsa 2011 2370 unbound "Multiple issues">
<dsa 2011 2371 jasper "Buffer overflows">
<dsa 2011 2372 heimdal "Buffer overflow">
<dsa 2011 2373 inetutils "Buffer overflow">
<dsa 2011 2374 openswan "Implementation error">
<dsa 2011 2375 krb5-appl "Buffer overflow">
<dsa 2011 2376 ipmitool "Insecure pid file">
<dsa 2012 2377 cyrus-imapd-2.2 "Denial of service">
<dsa 2012 2378 ffmpeg "Multiple issues">
<dsa 2012 2379 krb5 "Multiple issues">
<dsa 2012 2380 foomatic-filters "Shell command injection">
<dsa 2012 2381 squid3 "Invalid memory deallocation">
<dsa 2012 2382 ecryptfs-utils "Multiple issues">
<dsa 2012 2383 super "Buffer overflow">
<dsa 2012 2384 cacti "Multiple issues">
<dsa 2012 2385 pdns "Packet loop">
<dsa 2012 2386 openttd "Multiple issues">
<dsa 2012 2387 simplesamlphp "Cross site scripting">
<dsa 2012 2388 t1lib "Multiple issues">
<dsa 2012 2390 openssl "Multiple issues">
<dsa 2012 2391 phpmyadmin "Multiple issues">
<dsa 2012 2392 openssl "Out-of-bounds read">
<dsa 2012 2393 bip "Buffer overflow">
</table>
<h2>Installatore Debian</h2>
<p>L'installatore Debian è stato aggiornato in questa versione minore per
aggiungere il supporto per l'installazione su macchine POWER7 e per regolare
le dimensioni del menu di avvio iniziale, così da evitare problemi con
alcuni schermi.</p>
<p>L'immagine del kernel utilizzata dall'installatore è stata aggiornata per
incorporare diverse correzioni relative alla sicurezza e per aggiungere il supporto
per le schede di rete basate su Agere ET-1310 (driver et131x), i controller SAS/SATA
Intel della serie C600 (driver isci) ed i controller USB 3.0 (driver xhci).</p>
<h2>Pacchetti rimossi</h2>
<p>I seguenti pacchetti sono stati rimossi a causa di circostanze al di fuori
del nostro controllo:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction partlibrary "Non-distributable">
<correction qcad "Non-distributable">
</table>
<h2>URL</h2>
<p>La lista completa di pacchetti modificati con questa revisione:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>L'attuale distribuzione stabile:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Aggiornamenti proposti per la distribuzione stabile:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates">
</div>
<p>Informazioni sulla distribuzione stabile (note di rilascio, errata, ecc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
</div>
<p>Annunci e informazioni sulla sicurezza:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>Informazioni su Debian</h2>
<p>Il progetto Debian è un'associazione di sviluppatori di software libero che
volontariamente mettono a disposizione il loro tempo e le loro capacità per
creare il sistema operativo completamente libero Debian.</p>
<h2>Contatti</h2>
<p>Per ulteriori informazioni, visita il sito web all'indirizzo
<a href="$(HOME)/">https://www.debian.org/</a>, invia una email a
<press@debian.org>, oppure contatta il team del rilascio stabile
inviando una mail a <debian-release@lists.debian.org>.</p>
|
