Updated Debian 5.0: 5.0.10 released
March 10th, 2012
The Debian project is pleased to announce the tenth and final update of its
oldstable distribution Debian 5.0 (codename lenny
).
This update mainly adds corrections for security problems to the oldstable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
The alpha and ia64 packages from DSA 1769 are not included in this point
release for technical reasons. All other security updates released during
the lifetime of lenny
that have not previously been part of a point
release are included in this update.
Please note that the security support for the oldstable distribution ended in February 2012 and no updates have been released since that point.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Please note that the oldstable distribution will be moved from the main archive to the archive.debian.org repository after March 24th 2012. After this move, it will no longer be available from the main mirror network. More information about the distribution archive and a list of mirrors is available at:
Miscellaneous Bugfixes
This oldstable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
apr | Disable robust pthread mutexes on alpha, arm, and armel |
base-files | Update /etc/debian_version for the point release |
ia32-libs | Refresh packages to include recent security updates |
libdigest-perl | Fix unsafe use of eval in Digest->new() |
linux-2.6 | Various security fixes |
phppgadmin | Fix XSS |
postgresql-8.3 | New upstream micro-release |
typo3-src | Fix cache flooding via improper error handling |
xapian-omega | Fix escaping issues in templates |
xpdf | Insecure tempfile usage in zxpdf |
user-mode-linux | Rebuild against linux-source-2.6.26 (2.6.26-29) |
Security Updates
This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-1769 | openjdk-6 | Arbitrary code execution |
DSA-2161 | openjdk-6 | Multiple issues |
DSA-2224 | openjdk-6 | Multiple issues |
DSA-2237 | apr | Denial of service |
DSA-2251 | subversion | Multiple issues |
DSA-2258 | kolab-cyrus-imapd | Implementation error |
DSA-2263 | movabletype-opensource | Multiple issues |
DSA-2265 | perl | Missing taint check |
DSA-2267 | perl | Restriction bypass |
DSA-2271 | curl | Improper delegation of client credentials |
DSA-2281 | opie | Multiple issues |
DSA-2284 | opensaml2 | Implementation error |
DSA-2285 | mapserver | Multiple issues |
DSA-2287 | libpng | Multiple issues |
DSA-2301 | rails | Multiple issues |
DSA-2305 | vsftpd | Denial of service |
DSA-2313 | xulrunner | Multiple issues |
DSA-2315 | openoffice.org | Multiple issues |
DSA-2316 | quagga | Multiple issues |
DSA-2318 | cyrus-imapd-2.2 | Multiple issues |
DSA-2320 | dokuwiki | Regression fix |
DSA-2321 | moin | Cross-site scripting |
DSA-2323 | radvd | Multiple issues |
DSA-2324 | wireshark | Programming error |
DSA-2328 | freetype | Missing input sanitising |
DSA-2332 | python-django | Multiple issues |
DSA-2333 | phpldapadmin | Multiple issues |
DSA-2334 | mahara | Multiple issues |
DSA-2335 | man2html | Missing input sanitization |
DSA-2339 | nss | Multiple issues |
DSA-2340 | postgresql-8.3 | Weak password hashing |
DSA-2341 | xulrunner | Multiple issues |
DSA-2343 | openssl | CA trust revocation |
DSA-2346 | proftpd-dfsg | Multiple issues |
DSA-2347 | bind9 | Improper assert |
DSA-2350 | freetype | Missing input sanitising |
DSA-2351 | wireshark | Buffer overflow |
DSA-2352 | puppet | Programming error |
DSA-2354 | cups | Multiple issues |
DSA-2355 | clearsilver | Format string vulnerability |
DSA-2357 | evince | Multiple issues |
DSA-2358 | openjdk-6 | Multiple issues |
DSA-2361 | chasen | Buffer overflow |
DSA-2362 | acpid | Multiple issues |
DSA-2363 | tor | Buffer overflow |
DSA-2365 | dtc | Multiple issues |
DSA-2366 | mediawiki | Multiple issues |
DSA-2367 | asterisk | Multiple issues |
DSA-2368 | lighttpd | Multiple issues |
DSA-2369 | libsoup2.4 | Directory traversal |
DSA-2370 | unbound | Multiple issues |
DSA-2371 | jasper | Buffer overflows |
DSA-2372 | heimdal | Buffer overflow |
DSA-2373 | inetutils | Buffer overflow |
DSA-2374 | openswan | Implementation error |
DSA-2375 | krb5 | Buffer overflow |
DSA-2376 | ipmitool | Insecure pid file |
DSA-2377 | cyrus-imapd-2.2 | Denial of service |
DSA-2380 | foomatic-filters | Shell command injection |
DSA-2382 | ecryptfs-utils | Multiple issues |
DSA-2383 | super | Buffer overflow |
DSA-2384 | cacti | Multiple issues |
DSA-2385 | pdns | Packet loop |
DSA-2386 | openttd | Multiple issues |
DSA-2388 | t1lib | Multiple issues |
DSA-2390 | openssl | Multiple issues |
DSA-2392 | openssl | Out-of-bounds read |
DSA-2394 | libxml2 | Multiple issues |
DSA-2397 | icu | Buffer underflow |
DSA-2398 | curl | Multiple issues |
DSA-2399 | php5 | Multiple issues |
DSA-2400 | xulrunner | Multiple issues |
DSA-2403 | php5 | Code injection |
DSA-2405 | apache2 | Multiple issues |
DSA-2405 | apache2-mpm-itk | Multiple issues |
Debian Installer / kernel
The kernel included in this point release has been updated to incorporate fixes for a number of security issues. The installer has been rebuilt to use the new kernel.
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
qcad | Non-distributable |
partlibary | Non-distributable |
URLs
The complete lists of packages that have changed with this revision:
The current oldstable distribution:
Proposed updates to the oldstable distribution:
oldstable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.