Debian 10258 Published by

The sixth update of Debian 6.0 has been released. Here the announcement:



------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.6 released press@debian.org
September 29th, 2012 http://www.debian.org/News/2012/20120929
------------------------------------------------------------------------

The Debian project is pleased to announce the sixth update of its
stable distribution Debian 6.0 (codename "squeeze"). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.

Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:


Package Reason
alpine Fix crash in embedded UW-IMAP copy
apache2 mod_negotiation - fix CVE-2012-2687;
mod_cache - don't cache partial
connections; read timeouts should
result in a 408
automake1.10 Fix CVE-2012-3386
automake1.11 Fix CVE-2012-3386
automake1.7 Fix CVE-2012-3386
automake1.9 Fix CVE-2012-3386
base-files Update /etc/debian_version for the point
release
checkgmail Fix GMail authentication issues
clamav New upstream release
debian-archive-keyring Add wheezy stable and archive signing
keys
dpkg Ensure a reliable unpack on SELinux
systems
eglibc Really enable
patches/any/cvs-dlopen-tls.diff;
fix FORTIFY_SOURCE format string
protection bypass;
fix a DoS in RPC implementation
emesene Update contact end-point to
local-bay.contacts.msn.com
geshi Fix 'Local File Inclusion Vulnerability
in contrib script'
gosa Security fix (missing escaping)
ia32-libs Update packages
libconfig-inifiles-perl Fix insecure temporary file use
libgc Check for integer overflow in internal
malloc and calloc routines
libmtp Fix device flags for some devices; add
support for new devices
libxslt Fix CVE-2011-1202, CVE-2011-3970,
CVE-2012-2825
links2 Security fixes
linux-2.6 DRM fixes; leap second fix; security
fixes; various driver fixes
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-46
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-46
lockfile-progs Ensure the correct PID is used when
creating lockfiles
mysql-mmm Add dependency on libpath-class-perl
network-manager Stop allowing ad-hoc WPA networks to
be created; kernel bugs mean they get
created as open networks
nss-pam-ldapd Support larger gecos values;
reliability fixes
nvidia-graphics-drivers Fix information leak in the kernel
module; fix arbitrary memory access
vulnerability; fix local privilege
escalation through VGA window
manipulation
nvidia-graphics-modules Rebuild against 195.36.31-6squeeze1
kernel modules for security fixes;
rebuild to fix CVE-2012-4225
php-memcached Fix session.gc_maxlifetime handling
plymouth Fix the init script to not fail when
the package is removed
policyd-weight Remove rfc-ignorant.org RBLs (due to
upcoming shutdown) and
rbl.ipv6-world.net
postgresql-common Do not remove the PID file after
SIGKILLing the postmaster in the
last-ditch
powertop Fix segfault on newer kernels with
large config files
publican Add dependency and build-dependency on
libio-string-perl
rstatd Support Linux 3.x kernels
spip Fix base name disclosure; security
fixes
tor New upstream; fix TLS 1.1/1.2
renegotiation with openssl 1.0.1;
fix potential DOS; fix two crashes and
an information disclosure issue
ttb Add dependency on python-glade2
vte Fix a memory exhaustion vulnerability
wims Fix installation problem
wireshark Fix crashes in ANSI A detector and
pcap / pcap-ng parsers
xserver-xorg-video-intel UXA/glyphs: fall back instead of
crashing on large strings
yaws Fix RNG strength; fix mail config
loading

Security Updates
----------------

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:


Advisory ID Package Correction(s)
DSA-2457 iceweasel Regression fix
DSA-2458 iceape Regression fix
DSA-2465 php5 Multiple issues
DSA-2466 rails Cross site scripting
DSA-2467 mahara Insecure defaults
DSA-2468 libjakarta-poi-java Unbounded memory allocation
DSA-2470 wordpress Multiple issues
DSA-2471 ffmpeg Multiple issues
DSA-2472 gridengine Privilege escalation
DSA-2473 openoffice.org Buffer overflow
DSA-2474 ikiwiki Cross-site scripting
DSA-2475 openssl Integer underflow
DSA-2476 pidgin-otr Format string vulnerability
DSA-2477 sympa Authorization bypass
DSA-2478 sudo Parsing error
DSA-2479 libxml2 Off-by-one
DSA-2480 request-tracker3.8 Regression
DSA-2481 arpwatch Fails to drop supplementary groups
DSA-2482 libgdata No verification of TLS certificates against system root CA
DSA-2483 strongswan Authentication bypass
DSA-2484 nut Denial of service
DSA-2485 imp4 Cross site scripting
DSA-2486 bind9 Denial of service
DSA-2487 openoffice.org Buffer overflow
DSA-2488 iceweasel Multiple issues
DSA-2489 iceape Multiple issues
DSA-2490 nss Denial of service
DSA-2491 postgresql-8.4 Multiple issues
DSA-2492 php5 Buffer overflow
DSA-2493 asterisk Denial of service
DSA-2494 ffmpeg Multiple issues
DSA-2495 openconnect Buffer overflow
DSA-2497 quagga Denial of service
DSA-2498 dhcpcd Remote stack overflow
DSA-2499 icedove Multiple issues
DSA-2500 mantis Multiple issues
DSA-2501 xen Multiple issues
DSA-2502 python-crypto Programming error
DSA-2503 bcfg2 Shell command injection
DSA-2504 libspring-2.5-java Information disclosure
DSA-2505 zendframework Information disclosure
DSA-2506 libapache-mod-security Modsecurity bypass
DSA-2507 openjdk-6 Multiple issues
DSA-2508 kfreebsd-8 Privilege escalation
DSA-2509 pidgin Remote code execution
DSA-2510 extplorer Cross-site request forgery
DSA-2511 puppet Multiple issues
DSA-2512 mono Missing input sanitising
DSA-2513 iceape Multiple issues
DSA-2514 iceweasel Multiple issues
DSA-2515 nsd3 Null pointer dereference
DSA-2516 isc-dhcp Denial of service
DSA-2517 bind9 Denial of service
DSA-2518 krb5 Denial of service
DSA-2519 isc-dhcp Denial of service
DSA-2520 openoffice.org Multiple heap-based buffer overflows
DSA-2521 libxml2 Integer overflows
DSA-2522 fckeditor Cross site scripting
DSA-2523 globus-gridftp-server Programming error
DSA-2524 openttd Multiple issues
DSA-2525 expat Multiple issues
DSA-2526 libotr Buffer overflow
DSA-2527 php5 Multiple issues
DSA-2528 icedove Multiple issues
DSA-2529 python-django Multiple issues
DSA-2530 rssh Shell command injection
DSA-2531 xen Denial of service
DSA-2532 libapache2-mod-rpaf Denial of service
DSA-2533 pcp Multiple issues
DSA-2534 postgresql-8.4 Multiple issues
DSA-2535 rtfm Cross-site scripting
DSA-2536 otrs2 Cross-site scripting
DSA-2537 typo3-src Multiple issues
DSA-2538 moin Privilege escalation
DSA-2539 zabbix SQL injection
DSA-2540 mahara Cross-site scripting
DSA-2541 beaker Information disclosure
DSA-2542 qemu-kvm Multiple issues
DSA-2543 xen-qemu-dm-4.0 Multiple issues
DSA-2544 xen Denial of service
DSA-2545 qemu Multiple issues
DSA-2546 freeradius Code execution
DSA-2547 bind9 Improper assert
DSA-2548 tor Multiple issues
DSA-2549 devscripts Multiple issues

Debian Installer
----------------

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:


Package Reason
blockade Non-distributable data files
kcheckgmail Unmaintained; broken by Google changes
libtrash Unmaintained; broken

URLs
----
The complete lists of packages that have changed with this revision:



The current stable distribution:



Proposed updates to the stable distribution:



stable distribution information (release notes, errata etc.):



Security announcements and information:



About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
  Debian 6.0.6 released