Uppdaterad Debian 6.0: 6.0.4 utgiven
28 januari 2012
Debianprojektet tillkännager stolt den fjärde uppdateringen av dess stabila
utgåva Debian 6.0 (med kodnamn squeeze
).
Denna uppdatering lägger främst till rättningar för säkerhetsproblem till den
stabila utgåvan, tillsammans med några korrigeringar till några allvarliga
problem. Säkerhetsbulletiner har redan publicerats separat och refereras när
de finns tillgängliga.
Vänligen notera att denna uppdatering inte innebär en ny version av Debian 6.0 utan endast uppdaterar några av de inkluderade paketen. Det finns ingen anledning att kasta bort 6.0-CDs eller DVDs utan allt som behövs är att uppdatera via en uppdaterad Debianspegling efter en installation, för att få alla inaktuella paket uppdaterade.
De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket och de flesta uppdateringar från security.debian.org inkluderas i denna uppdatering.
Nya installationsmedia och CD- och DVD-avbildningar med uppdaterade paket kommer att finnas tillgängliga snart på de vanliga platserna.
En uppgradering online till denna revision görs vanligtvis genom att peka paketverktyget aptitude eller apt (se manualsidan för sources.list(5)) mot en av Debians många FTP eller HTTP-speglingar. En fullständig lista på speglar finns på:
Diverse Felrättningar
Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:
| Paket | Orsak |
|---|---|
| adolc | Remove Visual C++ runtime from windows/ directory |
| backuppc | Fix data corruption in tarballs due to logging to stdout and two XSS issues |
| base-files | Update /etc/debian_version for the point release |
| base-installer | Add POWER7 to the powerpc64 family |
| bti | Fix identi.ca OAuth URLs |
| bugzilla | Security fixes |
| byobu | Correct postinst chmod semantics |
| bzip2 | Fix CVE-2011-4089 |
| c-ares | Fix encoded length for indirect root |
| cherokee | Avoid brute-forceable password in cherokee-admin |
| cifs-utils | Fix mtab corruption issues |
| clamav | New upstream version; fix potential DoS |
| clamz | Handle unencrypted amz files |
| cpufrequtils | Load powernow-k8 for AMD family 20 (i.e. AMD E-350 cpus); better support 3.0 kernels |
| debian-installer | Stop menu falling off the screen |
| debian-installer-netboot-images | Update to d-i 20110106+squeeze4 |
| dpkg | Add armhf to {os,triplet}table; defer hardlink renames; do not fail to unpack shared directories missing on the file system from packages being replaced by other packages |
| eglibc | New upstream stable release plus fixes from stable branch |
| erlang | Fix CVE-2011-0766 (cryptographic weakness) in the erlang ssh application |
| etherape | Null pointer dereferences |
| gimp | Fix printing when used with libcairo version 1.10 or above |
| gnutls26 | Fix buffer overflow in gnutls_session_get_data() |
| hplip | Fix insecure use of temporary file |
| ia32-libs | Update packages |
| ia32-libs-gtk | Update packages |
| ifupdown-extra | Handle moved location of ethtool; fix handling of rejectsin static-route; use --tmpdir for temporary files; move /etc/network/network-routes to /e/n/routes; documentation updates |
| iotop | Give a helpful error instead of crashing when Linux denies permission to read the taskstats files |
| jabberbot | Bind callbacks after the roster has been initialised |
| kernel-wedge | Add et131x to nic-extra-modules; add isci to scsi-extra-modules; add xhci-hcd to usb-modules |
| killer | Use DNS for mail domain rather than NIS; stop cron job failing when package is removed |
| ldap2zone | Don't send mail on success; syslog instead |
| libdata-formvalidator-perl | Fix possible passing of invalid data in untaint mode |
| libdebian-installer | Detect IBM pSeries platform as powerpc/chrp_ibm |
| libdigest-perl | Fix unsafe use of eval in Digest->new() |
| libhtml-template-pro-perl | Fix XSS |
| libjifty-dbi-perl | SQL injection |
| libmtp | Add support for Motorola Xoom devices |
| libpar-packer-perl | Fix use of unsafe and predictable temporary directories |
| libpar-perl | Fix use of unsafe and predictable temporary directories |
| linux-2.6 | Fixes for xen regression, GRO/GSO IPv6 forwarding, ppc vserver; add stable releases 2.6.32.47-54, various fixes; fix tg3 regression; xen fixes |
| linux-kernel-di-amd64-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-armel-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-i386-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-ia64-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-mips-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-mipsel-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-powerpc-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-s390-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| linux-kernel-di-sparc-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
| masqmail | Fix improper seteuid() calls |
| mdadm | Quieten some cron messages; don't break when no scheduling class is specified or no devices are active; LSB header updates |
| mediawiki | Fix unintended exposure of hidden content through cache pollution; disable CVE-2011-4360.patch; doesn't apply to this version and causes errors |
| module-init-tools | Support 3.0 kernels |
| multipath-tools | Change HP hardware handler to hp_sw; update man pages |
| mutt | Fix validation of commonname (gnutls) |
| nfs-utils | Allow negotiated enctypes to be limited; avoid corrupting mtab |
| nginx | Fix compression pointer processing in DNS response greater than 255 bytes |
| nss-pam-ldapd | Correctly parse /etc/nsswitch.conf, detect calling process identity and fix disconnect logic |
| partman-target | Stop treating ISO hybrid images on USB sticks as real optical drives |
| pastebinit | Fix support for user configuration files |
| pbuilder | Rename the /run script from --execute to /runscript, for compatibility with wheezy and later which have /run as a directory replacing /var/run |
| perl | Unregister signal handler before destroying my_perl; fixes segfault; minor security fixes |
| phppgadmin | Fix XSS |
| pidgin | Fix remote crash issues |
| postgresql-8.4 | New upstream micro-release |
| pure-ftpd | Fix man in the middle attack on encrypted sessions |
| python-debian | Allow :as the first character of a value |
| python3-defaults | Ignore binary files while checking shebangs |
| qemu-kvm | Fix NIC hotplug from libvirt |
| quassel | Fix missing translations |
| recoll | Plug conversion descriptor leak in unac.c::convert() error path |
| rng-tools | Work around VIA Nano xstore bug; add 3.0 kernel support |
| rpm | Fix malformed header parsing |
| samba | Allow using unencrypted passwords with Windows clients with KB2536276 installed |
| shorewall | Install missing /usr/share/shorewall/helpers |
| shorewall-lite | Install missing /usr/share/shorewall/helpers |
| shorewall6 | Install missing /usr/share/shorewall/helpers |
| shorewall6-lite | Install missing /usr/share/shorewall/helpers |
| slbackup | Fix path to configuration file in the cron job |
| slbackup-php | Fix login issues, deal with blanks in filenames, fix last failed timestamp |
| tinyproxy | Validate port number specified in configuration |
| tzdata | New upstream version; add DST for America/Bahia |
| user-mode-linux | Rebuild against linux-source-2.6.32 (2.6.32-41) |
| webkit | Avoid doing lots of needless NULL DNS lookups |
| whatsnewfm | Handle renaming of freshmeat to freshcode |
| xorg-server | GLX: add missing input sanitization; fix a file disclosure vulnerability and a file permission change vulnerability |
| xpdf | Fix insecure temporary file usage |
Säkerhetsuppdateringar
Denna revision lägger till följande säkerhetsuppgraderingar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för följande uppdateringar:
| Bulletin-ID | Paket | Rättning(ar) |
|---|---|---|
| DSA-2181 | subversion | Denial of service |
| DSA-2251 | subversion | Multiple issues |
| DSA-2283 | krb5-appl | Programming error |
| DSA-2284 | opensaml2 | Implementation error |
| DSA-2301 | rails | Multiple issues |
| DSA-2311 | openjdk-6 | Multiple issues |
| DSA-2315 | openoffice.org | Multiple issues |
| DSA-2318 | cyrus-imapd-2.2 | Multiple issues |
| DSA-2322 | bugzilla | Multiple issues |
| DSA-2323 | radvd | Multiple issues |
| DSA-2324 | wireshark | Programming error |
| DSA-2325 | kfreebsd-8 | Privilege escalation/denial of service |
| DSA-2326 | pam | Multiple issues |
| DSA-2327 | libfcgi-perl | Authentication bypass |
| DSA-2328 | freetype | Missing input sanitising |
| DSA-2329 | torque | Buffer overflow |
| DSA-2330 | simplesamlphp | Multiple issues |
| DSA-2331 | tor | Multiple issues |
| DSA-2332 | python-django | Multiple issues |
| DSA-2333 | phpldapadmin | Multiple issues |
| DSA-2334 | mahara | Multiple issues |
| DSA-2335 | man2html | Missing input sanitization |
| DSA-2337 | xen | Multiple issues |
| DSA-2338 | moodle | Multiple issues |
| DSA-2339 | nss | Multiple issues |
| DSA-2340 | postgresql-8.4 | Weak password hashing |
| DSA-2341 | iceweasel | Multiple issues |
| DSA-2342 | iceape | Multiple issues |
| DSA-2343 | openssl | CA trust revocation |
| DSA-2344 | python-django-piston | Deserialization vulnerability |
| DSA-2345 | icedove | Multiple issues |
| DSA-2346 | proftpd-dfsg | Multiple issues |
| DSA-2347 | bind9 | Improper assert |
| DSA-2348 | systemtap | Multiple issues |
| DSA-2349 | spip | Multiple issues |
| DSA-2350 | freetype | Missing input sanitising |
| DSA-2351 | wireshark | Buffer overflow |
| DSA-2353 | ldns | Buffer overflow |
| DSA-2354 | cups | Multiple issues |
| DSA-2355 | clearsilver | Format string vulnerability |
| DSA-2356 | openjdk-6 | Multiple issues |
| DSA-2357 | evince | Multiple issues |
| DSA-2361 | chasen | Buffer overflow |
| DSA-2362 | acpid | Multiple issues |
| DSA-2363 | tor | Buffer overflow |
| DSA-2364 | xorg | Incorrect permission check |
| DSA-2366 | mediawiki | Multiple issues |
| DSA-2367 | asterisk | Multiple issues |
| DSA-2368 | lighttpd | Multiple issues |
| DSA-2369 | libsoup2.4 | Directory traversal |
| DSA-2370 | unbound | Multiple issues |
| DSA-2371 | jasper | Buffer overflows |
| DSA-2372 | heimdal | Buffer overflow |
| DSA-2373 | inetutils | Buffer overflow |
| DSA-2374 | openswan | Implementation error |
| DSA-2375 | krb5-appl | Buffer overflow |
| DSA-2376 | ipmitool | Insecure pid file |
| DSA-2377 | cyrus-imapd-2.2 | Denial of service |
| DSA-2378 | ffmpeg | Multiple issues |
| DSA-2379 | krb5 | Multiple issues |
| DSA-2380 | foomatic-filters | Shell command injection |
| DSA-2381 | squid3 | Invalid memory deallocation |
| DSA-2382 | ecryptfs-utils | Multiple issues |
| DSA-2383 | super | Buffer overflow |
| DSA-2384 | cacti | Multiple issues |
| DSA-2385 | pdns | Packet loop |
| DSA-2386 | openttd | Multiple issues |
| DSA-2387 | simplesamlphp | Cross site scripting |
| DSA-2388 | t1lib | Multiple issues |
| DSA-2390 | openssl | Multiple issues |
| DSA-2391 | phpmyadmin | Multiple issues |
| DSA-2392 | openssl | Out-of-bounds read |
| DSA-2393 | bip | Buffer overflow |
Debianinstalleraren
Installeraren har uppdaterats med denna punktutgåva för att lägga till stöd för att installera på POWER7-maskiner och för att korrigera dimensionerna på startmenyn för att undvika problem med vissa skärmar.
Kärnan som används av installeraren har uppdaterats för att inkludera olika säkerhetsrättningar och för att lägga till stöd för Agere ET-1310-baserade nätverkskort (et131x-drivrutinen), SAS/SATA-styrenheter från Intel C600-serien (isci-drivrutinen) och USB 3.0-styrenheter (xhci-drivrutinen).
Borttagna paket
Följande paket har tagits bort som en följd av problem utom vår kontroll:
| Paket | Orsak |
|---|---|
| partlibrary | Icke-distribuerbart |
| qcad | Icke-distribuerbart |
URLer
Denna fullständiga listan på paket som vi har förändrat med denna revision:
Den aktuella stabila utgåvan:
Föreslagna uppdateringar till den stabila utgåvan:
Information om den stabila utgåvan (versionsfakta, kända problem, osv.):
Säkerhetsbulletiner och information:
Om Debian
Debianprojektet är en grupp av utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.
Kontaktinformation
För mer information, besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org> (på engelska), eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org> (på engelska).