Updated Debian 6.0: 6.0.2 released
June 25th, 2011
The Debian project is pleased to announce the second update of its
stable distribution Debian 6.0 (codename squeeze
).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments to serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
aide | Properly support large files on 32-bit systems; fix group for bind9 log files |
approx | Don't try caching InRelease or non-.gz compressed files |
apr | Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-* |
apt | Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on apt-get update; add XZ support |
apt-listchanges | Correctly handle NEWS files containing only one entry |
base-files | Update /etc/debian_version |
clive | Adapt for liveleak.com changes |
dbus | Fix local DoS for system services (CVE-2011-2200) |
deborphan | Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes |
dokuwiki | Fix an ACL bypass issue in the XMLRPC interface |
dpkg | Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration |
e2fsprogs | Various bug fixes |
fakechroot | Fix 'debootstrap --variant=fakechroot' |
fcgiwrap | Fix init script's 'stop' target |
gdm3 | Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down |
git | Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user |
gnome-settings-daemon | Work around possible race condition when starting Xsettings manager |
ia32-libs | Refresh packages from stable and proposed-updates. |
iceowl | Security updates |
im-config | Avoid breaking login via GDM if im-config is removed but not purged |
inn | Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default |
josm | Give more verbose explanation to users who haven't agreed to the new OSM license |
kde4libs | Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes |
kdenetwork | Improve fix for CVE-2010-1000 directory traversal issue |
kernel-wedge | Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules |
kerneltop | Increase line buffer size to 1024 bytes |
klibc | ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930) |
krb5 | Fix DoS; fix interoperability with w2k8r2 KDCs; fix invalid free and double free; don't make authentication fail if PAC verification fails |
kupfer | Use correct parameter type to allow keybindings to work again |
libapache2-mod-perl2 | Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD |
libburn | Don't create images with overly-restrictive permissions |
libfinance-quotehist-perl | Disable test suite, broken by website changes |
libmms | Fix alignment issues on arm |
linux-2.6 | New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables |
linux-kernel-di-amd64-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-armel-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-i386-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-ia64-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-mips-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-mipsel-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-powerpc-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-s390-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
linux-kernel-di-sparc-2.6 | Rebuild against kernel-wedge 2.74+squeeze3 |
lua-expat | Fix the 'billion laughs' DoS attack |
monkeysphere | Fix monkeysphere-host revoke-key |
nagios-plugins | Allocate a big enough buffer to handle all IPs of hosts being pinged |
nsd3 | Remove statoverride before removing the package's user |
openldap | Fix possible database corruption issues, several security issues and dpkg-reconfigure |
php-svn | Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD |
php5 | Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD |
pianobar | Update API keys for XMLRPC v30 |
postgresql-8.4 | New upstream bugfix release; fix pg_upgrade use with TOAST tables |
prosody | Fix the 'billion laughs' DoS attack |
puppet | Fix service provider to properly use update-rc.d disable API |
python-apt | Strip multiarch by default in RealParseDepends; add XZ support |
python-gudev | Add missing dependency on python-gobject |
q4wine | Stop shipping the library in lib64 |
qemu | Don't register qemu-mips(el) with binfmt on mips(el) |
qemu-kvm | Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit |
qt4-x11 | Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification |
rapidsvn | Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD |
refpolicy | Various permissions fixes |
reprepro | Handle Release files which don't contain md5sums |
ruby1.8 | Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8 |
samba | Fix undefined symbol error from tdb2.so; several printing related bugs and a gid leak in winbind / idmap. Document the new and potentially disruptive 'map untrusted to domain' |
schroot | Fix loading of dchroot.conf |
softhsm | Remove statoverride entries before the package's user |
sun-java6 | New upstream security update |
tzdata | New upstream version |
vimperator | Resolve compatibility issues with iceweasel |
widelands | Fix potential security issue in Internet games |
xenomai | Adapt kernel patch to apply cleanly to squeeze's kernel |
xserver-xorg-video-tseng | Fix driver initialisation |
Debian Installer
The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware.
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-2161 | openjdk-6 | Denial of service |
DSA-2193 | libcgroup | Several |
DSA-2194 | libvirt | Privilege escalation |
DSA-2195 | php5 | Several |
DSA-2197 | quagga | Denial of service |
DSA-2198 | tex-common | Insufficient input sanitizing |
DSA-2199 | iceape | Update HTTPS certificate blacklist |
DSA-2200 | iceweasel | Update HTTPS certificate blacklist |
DSA-2201 | wireshark | Several |
DSA-2202 | apache2 | Failure to drop root privileges |
DSA-2203 | nss | Update HTTPS certificate blacklist |
DSA-2205 | gdm3 | Privilege escalation |
DSA-2206 | mahara | Several |
DSA-2208 | bind9 | Denial of service |
DSA-2209 | tgt | Double free |
DSA-2211 | vlc | Missing input sanitising |
DSA-2212 | tmux | Privilege escalation |
DSA-2213 | x11-xserver-utils | Missing input sanitizing |
DSA-2214 | ikiwiki | Missing input validation |
DSA-2215 | gitolite | Directory traversal |
DSA-2216 | isc-dhcp | Missing input sanitizing |
DSA-2218 | vlc | Heap-based buffer overflow |
DSA-2219 | xmlsec1 | File overwrite |
DSA-2220 | request-tracker3.8 | Several |
DSA-2221 | libmojolicious-perl | Directory traversal |
DSA-2222 | tinyproxy | Incorrect ACL processing |
DSA-2223 | doctrine | SQL injection |
DSA-2224 | openjdk-6 | Several |
DSA-2225 | asterisk | Several |
DSA-2226 | libmodplug | Buffer overflow |
DSA-2227 | iceape | Several |
DSA-2229 | spip | Denial of service |
DSA-2230 | qemu-kvm | Several |
DSA-2231 | otrs2 | Cross-site scripting |
DSA-2232 | exim4 | Format string vulnerability |
DSA-2233 | postfix | Several |
DSA-2235 | icedove | Several |
DSA-2236 | exim4 | Command injection |
DSA-2237 | apr | Denial of service |
DSA-2238 | vino | Denial of service |
DSA-2239 | libmojolicious-perl | Several |
DSA-2240 | user-mode-linux | Several issues |
DSA-2240 | linux-2.6 | Several issues |
DSA-2241 | qemu-kvm | Implementation error |
DSA-2242 | cyrus-imapd-2.2 | Implementation error |
DSA-2244 | bind9 | Wrong boundary condition |
DSA-2245 | chromium-browser | Several vulnerabilities |
DSA-2246 | mahara | Several vulnerabilities |
DSA-2247 | rails | Several vulnerabilities |
DSA-2249 | jabberd14 | Denial of service |
DSA-2250 | citadel | Denial of service |
DSA-2254 | oprofile | Command injection |
DSA-2255 | libxml2 | Buffer overflow |
DSA-2257 | vlc | Buffer overflow |
DSA-2259 | fex | Authentication bypass |
DSA-2261 | redmine | Several |
DSA-2262 | moodle | Several |
DSA-2263 | movabletype-opensource | Several |
DSA-2265 | perl | Missing taint check |
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
ktsuss | security issues; unmaintained |
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.