Updated Debian 6.0: 6.0.4 released
January 28th, 2012
The Debian project is pleased to announce the fourth update of its
stable distribution Debian 6.0 (codename squeeze
).
This update mainly adds corrections for security problems to the stable
release, along with a few adjustments to serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
adolc | Remove Visual C++ runtime from windows/ directory |
backuppc | Fix data corruption in tarballs due to logging to stdout and two XSS issues |
base-files | Update /etc/debian_version for the point release |
base-installer | Add POWER7 to the powerpc64 family |
bti | Fix identi.ca OAuth URLs |
bugzilla | Security fixes |
byobu | Correct postinst chmod semantics |
bzip2 | Fix CVE-2011-4089 |
c-ares | Fix encoded length for indirect root |
cherokee | Avoid brute-forceable password in cherokee-admin |
cifs-utils | Fix mtab corruption issues |
clamav | New upstream version; fix potential DoS |
clamz | Handle unencrypted amz files |
cpufrequtils | Load powernow-k8 for AMD family 20 (i.e. AMD E-350 cpus); better support 3.0 kernels |
debian-installer | Stop menu falling off the screen |
debian-installer-netboot-images | Update to d-i 20110106+squeeze4 |
dpkg | Add armhf to {os,triplet}table; defer hardlink renames; do not fail to unpack shared directories missing on the file system from packages being replaced by other packages |
eglibc | New upstream stable release plus fixes from stable branch |
erlang | Fix CVE-2011-0766 (cryptographic weakness) in the erlang ssh application |
etherape | Null pointer dereferences |
gimp | Fix printing when used with libcairo version 1.10 or above |
gnutls26 | Fix buffer overflow in gnutls_session_get_data() |
hplip | Fix insecure use of temporary file |
ia32-libs | Update packages |
ia32-libs-gtk | Update packages |
ifupdown-extra | Handle moved location of ethtool; fix handling of rejectsin static-route; use --tmpdir for temporary files; move /etc/network/network-routes to /e/n/routes; documentation updates |
iotop | Give a helpful error instead of crashing when Linux denies permission to read the taskstats files |
jabberbot | Bind callbacks after the roster has been initialised |
kernel-wedge | Add et131x to nic-extra-modules; add isci to scsi-extra-modules; add xhci-hcd to usb-modules |
killer | Use DNS for mail domain rather than NIS; stop cron job failing when package is removed |
ldap2zone | Don't send mail on success; syslog instead |
libdata-formvalidator-perl | Fix possible passing of invalid data in untaint mode |
libdebian-installer | Detect IBM pSeries platform as powerpc/chrp_ibm |
libdigest-perl | Fix unsafe use of eval in Digest->new() |
libhtml-template-pro-perl | Fix XSS |
libjifty-dbi-perl | SQL injection |
libmtp | Add support for Motorola Xoom devices |
libpar-packer-perl | Fix use of unsafe and predictable temporary directories |
libpar-perl | Fix use of unsafe and predictable temporary directories |
linux-2.6 | Fixes for xen regression, GRO/GSO IPv6 forwarding, ppc vserver; add stable releases 2.6.32.47-54, various fixes; fix tg3 regression; xen fixes |
linux-kernel-di-amd64-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-armel-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-i386-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-ia64-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-mips-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-mipsel-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-powerpc-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-s390-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
linux-kernel-di-sparc-2.6 | Rebuild against linux-2.6 kernel 2.6.32-41 |
masqmail | Fix improper seteuid() calls |
mdadm | Quieten some cron messages; don't break when no scheduling class is specified or no devices are active; LSB header updates |
mediawiki | Fix unintended exposure of hidden content through cache pollution; disable CVE-2011-4360.patch; doesn't apply to this version and causes errors |
module-init-tools | Support 3.0 kernels |
multipath-tools | Change HP hardware handler to hp_sw; update man pages |
mutt | Fix validation of commonname (gnutls) |
nfs-utils | Allow negotiated enctypes to be limited; avoid corrupting mtab |
nginx | Fix compression pointer processing in DNS response greater than 255 bytes |
nss-pam-ldapd | Correctly parse /etc/nsswitch.conf, detect calling process identity and fix disconnect logic |
partman-target | Stop treating ISO hybrid images on USB sticks as real optical drives |
pastebinit | Fix support for user configuration files |
pbuilder | Rename the /run script from --execute to /runscript, for compatibility with wheezy and later which have /run as a directory replacing /var/run |
perl | Unregister signal handler before destroying my_perl; fixes segfault; minor security fixes |
phppgadmin | Fix XSS |
pidgin | Fix remote crash issues |
postgresql-8.4 | New upstream micro-release |
pure-ftpd | Fix man in the middle attack on encrypted sessions |
python-debian | Allow :as the first character of a value |
python3-defaults | Ignore binary files while checking shebangs |
qemu-kvm | Fix NIC hotplug from libvirt |
quassel | Fix missing translations |
recoll | Plug conversion descriptor leak in unac.c::convert() error path |
rng-tools | Work around VIA Nano xstore bug; add 3.0 kernel support |
rpm | Fix malformed header parsing |
samba | Allow using unencrypted passwords with Windows clients with KB2536276 installed |
shorewall | Install missing /usr/share/shorewall/helpers |
shorewall-lite | Install missing /usr/share/shorewall/helpers |
shorewall6 | Install missing /usr/share/shorewall/helpers |
shorewall6-lite | Install missing /usr/share/shorewall/helpers |
slbackup | Fix path to configuration file in the cron job |
slbackup-php | Fix login issues, deal with blanks in filenames, fix last failed timestamp |
tinyproxy | Validate port number specified in configuration |
tzdata | New upstream version; add DST for America/Bahia |
user-mode-linux | Rebuild against linux-source-2.6.32 (2.6.32-41) |
webkit | Avoid doing lots of needless NULL DNS lookups |
whatsnewfm | Handle renaming of freshmeat to freshcode |
xorg-server | GLX: add missing input sanitization; fix a file disclosure vulnerability and a file permission change vulnerability |
xpdf | Fix insecure temporary file usage |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-2181 | subversion | Denial of service |
DSA-2251 | subversion | Multiple issues |
DSA-2283 | krb5-appl | Programming error |
DSA-2284 | opensaml2 | Implementation error |
DSA-2301 | rails | Multiple issues |
DSA-2311 | openjdk-6 | Multiple issues |
DSA-2315 | openoffice.org | Multiple issues |
DSA-2318 | cyrus-imapd-2.2 | Multiple issues |
DSA-2322 | bugzilla | Multiple issues |
DSA-2323 | radvd | Multiple issues |
DSA-2324 | wireshark | Programming error |
DSA-2325 | kfreebsd-8 | Privilege escalation/denial of service |
DSA-2326 | pam | Multiple issues |
DSA-2327 | libfcgi-perl | Authentication bypass |
DSA-2328 | freetype | Missing input sanitising |
DSA-2329 | torque | Buffer overflow |
DSA-2330 | simplesamlphp | Multiple issues |
DSA-2331 | tor | Multiple issues |
DSA-2332 | python-django | Multiple issues |
DSA-2333 | phpldapadmin | Multiple issues |
DSA-2334 | mahara | Multiple issues |
DSA-2335 | man2html | Missing input sanitization |
DSA-2337 | xen | Multiple issues |
DSA-2338 | moodle | Multiple issues |
DSA-2339 | nss | Multiple issues |
DSA-2340 | postgresql-8.4 | Weak password hashing |
DSA-2341 | iceweasel | Multiple issues |
DSA-2342 | iceape | Multiple issues |
DSA-2343 | openssl | CA trust revocation |
DSA-2344 | python-django-piston | Deserialization vulnerability |
DSA-2345 | icedove | Multiple issues |
DSA-2346 | proftpd-dfsg | Multiple issues |
DSA-2347 | bind9 | Improper assert |
DSA-2348 | systemtap | Multiple issues |
DSA-2349 | spip | Multiple issues |
DSA-2350 | freetype | Missing input sanitising |
DSA-2351 | wireshark | Buffer overflow |
DSA-2353 | ldns | Buffer overflow |
DSA-2354 | cups | Multiple issues |
DSA-2355 | clearsilver | Format string vulnerability |
DSA-2356 | openjdk-6 | Multiple issues |
DSA-2357 | evince | Multiple issues |
DSA-2361 | chasen | Buffer overflow |
DSA-2362 | acpid | Multiple issues |
DSA-2363 | tor | Buffer overflow |
DSA-2364 | xorg | Incorrect permission check |
DSA-2366 | mediawiki | Multiple issues |
DSA-2367 | asterisk | Multiple issues |
DSA-2368 | lighttpd | Multiple issues |
DSA-2369 | libsoup2.4 | Directory traversal |
DSA-2370 | unbound | Multiple issues |
DSA-2371 | jasper | Buffer overflows |
DSA-2372 | heimdal | Buffer overflow |
DSA-2373 | inetutils | Buffer overflow |
DSA-2374 | openswan | Implementation error |
DSA-2375 | krb5-appl | Buffer overflow |
DSA-2376 | ipmitool | Insecure pid file |
DSA-2377 | cyrus-imapd-2.2 | Denial of service |
DSA-2378 | ffmpeg | Multiple issues |
DSA-2379 | krb5 | Multiple issues |
DSA-2380 | foomatic-filters | Shell command injection |
DSA-2381 | squid3 | Invalid memory deallocation |
DSA-2382 | ecryptfs-utils | Multiple issues |
DSA-2383 | super | Buffer overflow |
DSA-2384 | cacti | Multiple issues |
DSA-2385 | pdns | Packet loop |
DSA-2386 | openttd | Multiple issues |
DSA-2387 | simplesamlphp | Cross site scripting |
DSA-2388 | t1lib | Multiple issues |
DSA-2390 | openssl | Multiple issues |
DSA-2391 | phpmyadmin | Multiple issues |
DSA-2392 | openssl | Out-of-bounds read |
DSA-2393 | bip | Buffer overflow |
Debian Installer
The installer has been updated with this point release to add support for installing on POWER7 machines and to adjust the dimensions of the initial boot menu to avoid issues with some screens.
The kernel used by the installer has been updated to include various security fixes and to add support for Agere ET-1310-based network cards (et131x driver), Intel C600-series SAS/SATA controllers (isci driver) and USB 3.0 controllers (xhci driver).
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
partlibrary | Non-distributable |
qcad | Non-distributable |
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.