The following updates has been released for Debian GNU/Linux:
[DLA 359-1] MySQL 5.5 packages added; end of support for MySQL 5.1
[DLA 369-1] pygments security update
[DSA 3419-1] cups-filters security update
[DSA 3420-1] bind9 security update
[DLA 359-1] MySQL 5.5 packages added; end of support for MySQL 5.1
[DLA 369-1] pygments security update
[DSA 3419-1] cups-filters security update
[DSA 3420-1] bind9 security update
[DLA 359-1] MySQL 5.5 packages added; end of support for MySQL 5.1
Oracle, the upstream maintainer of MySQL, no longer supports MySQL
version 5.1, which is included in Debian 6.0 "squeeze". MySQL 5.1 likely
suffers from multiple vulnerabilities fixed in newer versions after the
end of upstream support, but Oracle does not disclose enough information
either to verify or to fix them.
As an alternative, the Debian LTS team is providing MySQL 5.5 packages
for use in Debian 6.0 "squeeze". We recommend that Squeeze LTS users
install them and migrate their MySQL databases.
Please note that a dist-upgrade will not consider these MySQL 5.5
packages automatically, so users need to install them explicitly.
If you are running a MySQL server:
apt-get install mysql-server-5.5
If you only need the MySQL client:
apt-get install mysql-client-5.5
Compatibility updates
=====================
Some packages were updated to solve incompatibility issues, that were
fixed in the following versions:
* bacula-director-mysql 5.0.2-2.2+squeeze2
* cacti 0.8.7g-1+squeeze9
* phpmyadmin 4:3.3.7-10
* postfix-policyd 1.82-2+deb6u1
* prelude-manager 1.0.0-1+deb6u1
We recommend that you upgrade these packages before upgrading to
MySQL 5.5. A common dist-upgrade should be enough.
We have done our best to provide you with reliable MySQL 5.5 packages. We
have made available test packages for some time, although we did not get
any feedback from users. In any case, don't hesitate to report any issues
related to this MySQL upgrade to debian-lts@lists.debian.org.
[DLA 369-1] pygments security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : pygments
Version : 1.3.1+dfsg-1+deb6u11
CVE ID : CVE-2015-8557
Debian Bug : 802828
It was discovered that there was a shell injection vulnerability in
pygments, a syntax highlighting package written in Python.
For Debian 6 Squeeze, this issue has been fixed in pygments
version 1.3.1+dfsg-1+deb6u11.
[DSA 3419-1] cups-filters security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3419-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : cups-filters
CVE ID : CVE-2015-8560
Debian Bug : 807930
Adam Chester discovered that missing input sanitising in the
foomatic-rip print filter might result in the execution of arbitrary
commands.
For the stable distribution (jessie), this problem has been fixed in
version 1.0.61-5+deb8u3.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.0-1.
We recommend that you upgrade your cups-filters packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[DSA 3420-1] bind9 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3420-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : bind9
CVE ID : CVE-2015-8000
Debian Bug : 808081
It was discovered that the BIND DNS server does not properly handle the
parsing of incoming responses, allowing some records with an incorrect
class to be accepted by BIND instead of being rejected as malformed.
This can trigger a REQUIRE assertion failure when those records are
subsequently cached. A remote attacker can exploit this flaw to cause a
denial of service against servers performing recursive queries.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8.
For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u4.
We recommend that you upgrade your bind9 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/