Updated Debian 5.0: 5.0.10 released
March 10th, 2012
The Debian project is pleased to announce the tenth and final update of its
oldstable distribution Debian 5.0 (codename
This update mainly adds corrections for security problems to the oldstable
release, along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
The alpha and ia64 packages from DSA 1769 are not included in this point
release for technical reasons. All other security updates released during
the lifetime of
lenny that have not previously been part of a point
release are included in this update.
Please note that the security support for the oldstable distribution ended in February 2012 and no updates have been released since that point.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Please note that the oldstable distribution will be moved from the main archive to the archive.debian.org repository after March 24th 2012. After this move, it will no longer be available from the main mirror network. More information about the distribution archive and a list of mirrors is available at:
This oldstable update adds a few important corrections to the following packages:
|apr||Disable robust pthread mutexes on alpha, arm, and armel|
|base-files||Update /etc/debian_version for the point release|
|ia32-libs||Refresh packages to include recent security updates|
|libdigest-perl||Fix unsafe use of eval in Digest->new()|
|linux-2.6||Various security fixes|
|postgresql-8.3||New upstream micro-release|
|typo3-src||Fix cache flooding via improper error handling|
|xapian-omega||Fix escaping issues in templates|
|xpdf||Insecure tempfile usage in zxpdf|
|user-mode-linux||Rebuild against linux-source-2.6.26 (2.6.26-29)|
This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:
|DSA-1769||openjdk-6||Arbitrary code execution|
|DSA-2237||apr||Denial of service|
|DSA-2265||perl||Missing taint check|
|DSA-2271||curl||Improper delegation of client credentials|
|DSA-2305||vsftpd||Denial of service|
|DSA-2328||freetype||Missing input sanitising|
|DSA-2335||man2html||Missing input sanitization|
|DSA-2340||postgresql-8.3||Weak password hashing|
|DSA-2343||openssl||CA trust revocation|
|DSA-2350||freetype||Missing input sanitising|
|DSA-2355||clearsilver||Format string vulnerability|
|DSA-2376||ipmitool||Insecure pid file|
|DSA-2377||cyrus-imapd-2.2||Denial of service|
|DSA-2380||foomatic-filters||Shell command injection|
Debian Installer / kernel
The kernel included in this point release has been updated to incorporate fixes for a number of security issues. The installer has been rebuilt to use the new kernel.
The following packages were removed due to circumstances beyond our control:
The complete lists of packages that have changed with this revision:
The current oldstable distribution:
Proposed updates to the oldstable distribution:
oldstable distribution information (release notes, errata etc.):
Security announcements and information:
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <email@example.com>, or contact the stable release team at <firstname.lastname@example.org>.