Debian 10226 Published by

New versions of Debian 7 and 8 are available:

Updated Debian 7: 7.10 released
Updated Debian 8: 8.4 released



Updated Debian 7: 7.10 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 7: 7.10 released press@debian.org
April 2nd, 2016 https://www.debian.org/News/2016/2016040202
------------------------------------------------------------------------


The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 7 (codename "wheezy"). This update mainly
adds corrections for security problems to the oldstable release, along
with a few adjustments for serious problems. Security advisories were
already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following
packages:

Package Reason
amd64-microcode Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch
aptdaemon Security fix [CVE-2015-1323]
base-files Update for the point release
c-icap Fix FTBFS with "newer" OpenSSL versions; rebuild against libclamav7
c-icap-modules Rebuild against libclamav7
calendarserver Fix POODLE; update zoneinfo to tzdata 2015g
clamav Avoid unaligned memory access; new upstream release
commons-httpclient Ensure HTTPS calls use http.socket.timeout during SSL Handshake [CVE-2015-5262]
dansguardian Rebuild against libclamav7
dbconfig-common Fix permission of PostgreSQL backup files
debian-installer Rebuild against oldstable-proposed-updates
debian-installer-netboot-images Rebuild against new debian-installer
exfat-utils Fix buffer overflow and infinite loop
exim4 Fix defect in 89_02_Store-the-initial-working-directory.diff patch from the previous security upload
firebug Update for compatibility with newer Iceweasel versions
fuse-exfat Fix buffer overflow and infinite loop
giflib Bail out if Width > SWidth [CVE-2015-7555]
gummi Avoid predictable naming of temporary files [CVE 2015-7758]
iptables-persistent Stop rules files being world-readable
libclamunrar Rebuild for libclamav7
libdatetime-timezone-perl Update included data to tzdata 2016c
libhtml-scrubber-perl Fix cross-site scripting vulnerability in comments [CVE-2015-5667]
libiptables-parse-perl Fix use of predictable names for temporary files [CVE-2015-8326]
librsvg Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557]
libssh Fix "Double free on dangling pointers in initial key exchange packet" [CVE-2014-8132]; fix "null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets" [CVE-2015-3146]
linux update to new upstream stable release 3.2.78; drm, agp: Update to 3.4.110; rt: update to 3.2.77-rt111; ppp, slip: Validate VJ compression slot parameters completely [CVE-2015-7799]; KVM: svm: unconditionally intercept #DB [CVE-2015-8104]
live-tools Depend on initramfs-tools
maven2 Rebuild with libmaven2-core-java 2.2.1-8+deb7u1 to use a secure connection by default to download artifacts from the Maven Central repository
maven2-core Use a secure connection by default to download artifacts from the Maven Central repository
nvidia-graphics-drivers New upstream release [CVE-2015-5950]; fix Unsanitized User Mode Input issue [CVE-2015-7869]
nvidia-graphics-modules Rebuild with nvidia-kernel-source 304.131
pykerberos Add KDC authenticity verification support [CVE-2015-3206]
python-clamav Rebuild against libclamav7
sendmail Properly set the close-on-exec flag for file descriptors before executing mailers [CVE-2014-3956]; fix an incorrect assertion in libmilter; add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2; fix A-only MX CNAME interface binding issues when using IPv6; raise MAXDAEMONS from 10 to 64; start sendmail after bind9 (or any other named) if it is installed; fix infinite loop in update_db
stk Install missing SKINI.msg and .tbl include files
tzdata New upstream release
zendframework Fix entropy issue with captcha [ZF2015-09]

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:
Advisory ID Package
DSA-2722 openjdk-7
DSA-2923 openjdk-7
DSA-2987 openjdk-7
DSA-3080 openjdk-7
DSA-3132 icedove
DSA-3144 openjdk-7
DSA-3173 libgtk2-perl
DSA-3179 icedove
DSA-3208 freexl
DSA-3212 icedove
DSA-3235 openjdk-7
DSA-3264 icedove
DSA-3316 openjdk-7
DSA-3324 icedove
DSA-3337 gdk-pixbuf
DSA-3346 drupal7
DSA-3349 qemu-kvm
DSA-3349 qemu
DSA-3350 bind9
DSA-3352 screen
DSA-3353 openslp-dfsg
DSA-3355 libvdpau
DSA-3358 php5
DSA-3359 virtualbox
DSA-3361 qemu
DSA-3362 qemu-kvm
DSA-3364 linux
DSA-3365 iceweasel
DSA-3366 rpcbind
DSA-3369 zendframework
DSA-3370 freetype
DSA-3371 spice
DSA-3377 mysql-5.5
DSA-3378 gdk-pixbuf
DSA-3379 miniupnpc
DSA-3380 php5
DSA-3381 openjdk-7
DSA-3382 phpmyadmin
DSA-3383 wordpress
DSA-3384 virtualbox
DSA-3386 unzip
DSA-3387 openafs
DSA-3388 ntp
DSA-3390 xen
DSA-3392 freeimage
DSA-3393 iceweasel
DSA-3395 krb5
DSA-3397 wpa
DSA-3398 strongswan
DSA-3399 libpng
DSA-3401 openjdk-7
DSA-3403 libcommons-collections3-java
DSA-3404 python-django
DSA-3405 smokeping
DSA-3406 nspr
DSA-3407 dpkg
DSA-3408 gnutls26
DSA-3409 putty
DSA-3413 openssl
DSA-3416 libphp-phpmailer
DSA-3417 bouncycastle
DSA-3420 bind9
DSA-3421 grub2
DSA-3422 iceweasel
DSA-3423 cacti
DSA-3426 linux
DSA-3426 ctdb
DSA-3427 blueman
DSA-3429 foomatic-filters
DSA-3430 libxml2
DSA-3431 ganeti
DSA-3433 samba
DSA-3434 linux
DSA-3435 git
DSA-3436 openssl
DSA-3437 gnutls26
DSA-3438 xscreensaver
DSA-3439 prosody
DSA-3440 sudo
DSA-3443 libpng
DSA-3444 wordpress
DSA-3445 pygments
DSA-3446 openssh
DSA-3447 tomcat7
DSA-3450 ecryptfs-utils
DSA-3452 claws-mail
DSA-3459 mysql-5.5
DSA-3460 privoxy
DSA-3461 freetype
DSA-3462 radicale
DSA-3463 prosody
DSA-3466 krb5
DSA-3468 polarssl
DSA-3469 qemu
DSA-3470 qemu-kvm
DSA-3472 wordpress
DSA-3473 nginx
DSA-3478 libgcrypt11
DSA-3479 graphite2
DSA-3483 cpio
DSA-3484 xdelta3
DSA-3485 didiwiki
DSA-3487 libssh2
DSA-3488 libssh
DSA-3489 lighttpd
DSA-3490 websvn
DSA-3492 gajim
DSA-3493 xerces-c
DSA-3494 cacti
DSA-3498 drupal7
DSA-3499 python-imaging
DSA-3500 openssl
DSA-3501 perl
DSA-3502 roundup
DSA-3503 linux
DSA-3504 bsh
DSA-3505 wireshark
DSA-3506 libav
DSA-3508 jasper
DSA-3511 bind9
DSA-3512 libotr
DSA-3514 samba
DSA-3516 wireshark
DSA-3517 exim4
DSA-3518 spip
DSA-3521 git
DSA-3522 squid3
DSA-3524 activemq
DSA-3525 pixman
DSA-3526 libmatroska
DSA-3527 inspircd
DSA-3532 quagga
Removed packages

The following packages were removed due to circumstances beyond our control:
Package Reason
gnome-gmail Broken
libnsbmp Security issues, unmaintained
libnsgif Security issues, unmaintained
tlslite Unmaintained, outdated
vimperator Incompatible with newer iceweasel versions

Debian Installer
The installer has been updated to include the fixes incorporated into oldstable by the point release.

URLs

The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/wheezy/ChangeLog

The current oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable/

Proposed updates to the oldstable distribution:
http://ftp.debian.org/debian/dists/oldstable-proposed-updates

oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/

Security announcements and information:
https://security.debian.org/

Updated Debian 8: 8.4 released

------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 8: 8.4 released press@debian.org
April 2nd, 2016 https://www.debian.org/News/2016/20160402
------------------------------------------------------------------------


The Debian project is pleased to announce the fourth update of its
stable distribution Debian 8 (codename "jessie"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
8 but only updates some of the packages included. There is no need to
throw away old "jessie" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package Reason
amavisd-new Set LC_ALL before running daemon
amd64-microcode Update AMD microcode patch firmware for AMD Family 15h Processors to fix bugs in prior microcode patch
apt apt-pkg/algorithms.cc: Avoid stack buffer overflow in KillList
aptdaemon Security fix [CVE-2015-1323]
ardour Repack to remove libs/pdb/dmalloc.cc
base-files Update for the point release
c-icap-modules Rebuild against libclamav7
cairo Security fix [CVE-2016-3190]
cinnamon-settings-daemon Fix a minor security bug (missing polkit check)
clamav New upstream version; avoid unaligned memory access
conkeror Fix matching of module load error messages to work with Firefox 36
dansguardian Rebuild against libclamav7
debian-installer Rebuild against proposed-updates
debian-installer-netboot-images Rebuild against new debian-installer
dolibarr Multiple security fixes [CVE-2015-3935 CVE-2015-8685 CVE-2016-1912]
espeakup Make looking up available languages independent from file hierarchy; use Portuguese for Galician; synth.c: Fix looking up voices by language name
exactimage Security fix [CVE-2015-8366]
fglrx-driver libfglrx-amdxvba1: add Breaks+Replaces: xvba-va-driver ( SWidth [CVE-2015-7555]
glib2.0 Rebuild against updated pcre3 to pull in security updates
glibc Improve granpt when /dev/pts is not mounted with the correct options; don't build pt_chown [CVE-2013-2207]
gnome-shell-extension-weather New upstream snapshot, compatible with the new API of openweathermap.org
gnupg Correctly handle unknown subkey types
gtk+2.0 Avoid integer overflow when allocating a large block of memory [CVE-2013-7447]
gummi Update fix for predictable temporary filenames [CVE-2015-7758] to use upstream's fix
havp Rebuild against libclamav7
imagemagick Security fixes
initramfs-tools Add missing drivers and various bugfixes
installation-guide Add QNAP TS-109, TS-209, TS-409 and TS-409U as supported models again
libclamunrar Rebuild for libclamav7
libdatetime-timezone-perl Update included timezone data to tzdata 2016c
librsvg Fix out-of-bounds heap read when parsing SVG file [CVE-2015-7557]
libsndfile Fix denial of service through division by zero [CVE-2014-9756] and heap overflow in AIFF parser [CVE-2015-7805]
libvirt Don't allow allow '/' in filesystem volume [CVE-2015-5313]; libvirt-daemon: Expect qemu-bridge-helper in /usr/lib/qemu
linux Update to new upstream release 3.16.7-ckt25; add dm-service-time to multipath-modules; add support for MIPS 5KE CPU
mongrel2 Comment out failing test caused by an expired certificate
mozilla-devscripts Update dh_xul-ext's substvar generation for the upcoming transitions in stable from iceweasel to firefox-esr, and from icedove to thunderbird
nettle Multiple security fixes [CVE-2015-8803 CVE-2015-8804 CVE-2015-8805]
nss-pam-ldapd Fix issues with daemonising nslcd and avoid a race condition in signal handling during start-up; fix password policy expiration warnings; ensure proper return code of init script
osmo Fix corrupt data backup on i386
pagekite Add missing build dependency python-openssl to fix test failure
pam Rebuild to fix multi-arch co-installability
pcre3 Fix workspace overflow for (*ACCEPT) with deeply nested parentheses [CVE-2016-3191]; fix heap buffer overflow in handling of duplicate named groups [CVE-2016-1283]; fix an issue with nested table jumps [CVE-2014-9769]
pgplot5 Fix build failure by using multiarch path to zconf.h
php-dompdf Fix information disclosure vulnerability [CVE-2014-5011], denial of service [CVE-2014-5012] and remote code execution [CVE-2014-5013]
php-mail-mime Add missing dependency on php-pear
php-net-ldap2 Fix fatal error with newer PEAR versions
php5 New upstream stable release; revert PEAR version to last working version from PHP 5.6.14
postgresql-9.1 New upstream release
postgresql-common pg_upgradecluster: Set default dynamic_shared_memory_type = mmap; this primarily avoids problems with upgrading existing clusters in a LXC container
python-clamav Rebuild against libclamav7
python-rsa Fix possible signature forgery using Bleichenbacher'06 attack [CVE-2016-1494]
rdesktop Fix sigsegv while using credssp and Kerberos without specifying domainname as argument
rsnapshot Fix regression on --rsh with arguments
ruby-defaults ruby: make the conflict on ruby-activesupport-2.3 versioned on (