Debian 9859 Published by

Debian 6.0.2 has been released. Here the announcement:



------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.2 released press@debian.org
June 25th, 2011 http://www.debian.org/News/2011/20110625
------------------------------------------------------------------------

Updated Debian 6.0: 6.0.1 released

The Debian project is pleased to announce the first update of its stable
distribution Debian 6.0 (codename "Squeeze"). This update mainly adds
corrections for security problems to the stable release, along with a
few adjustments to serious problems.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

http://www.debian.org/mirror/list


Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package Reason

aide Properly support large files on 32-bit systems; fix group for bind9 log files
approx Don't try caching InRelease or non-.gz compressed files
apr Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*
apt Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support
apt-listchanges Correctly handle NEWS files containing only one entry
base-files Update /etc/debian_version
clive Adapt for liveleak.com changes
dbus Fix local DoS for system services (CVE-2011-2200)
deborphan Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes
dokuwiki Fix an ACL bypass issue in the XMLRPC interface
dpkg Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration
e2fsprogs Various bug fixes
fakechroot Fix 'debootstrap --variant=fakechroot'
fcgiwrap Fix init script's 'stop' target
gdm3 Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down
git Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user
gnome-settings-daemon Work around possible race condition when starting Xsettings manager
ia32-libs Refresh packages from stable and proposed-updates.
iceowl Security updates
im-config Avoid breaking login via GDM if im-config is removed but not purged
inn Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default
josm Give more verbose explanation to users who haven't agreed to the new OSM license
kde4libs Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes
kdenetwork Improve fix for CVE-2010-1000 directory traversal issue
kernel-wedge Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules
kerneltop Increase line buffer size to 1024 bytes
klibc ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)
krb5 Fix several security and interoperability problems
kupfer Use correct parameter type to allow keybindings to work again
libapache2-mod-perl2 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
libburn Don't create images with overly-restrictive permissions
libfinance-quotehist-perl Disable test suite, broken by website changes
libmms Fix alignment issues on arm
linux-2.6 New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables
linux-kernel-di-amd64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-armel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-i386-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-ia64-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mips-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-mipsel-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-powerpc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-s390-2.6 Rebuild against kernel-wedge 2.74+squeeze3
linux-kernel-di-sparc-2.6 Rebuild against kernel-wedge 2.74+squeeze3
lua-expat Fix the 'billion laughs' DoS attack
monkeysphere Fix monkeysphere-host revoke-key
nagios-plugins Allocate a big enough buffer to handle all IPs of hosts being pinged
nsd3 Remove statoverride before removing the package's user
openldap Fix possible database corruption issues, several security issues and dpkg-reconfigure
php-svn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
php5 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
pianobar Update API keys for XMLRPC v30
postgresql-8.4 New upstream bugfix release; fix pg_upgrade use with TOAST tables
prosody Fix the 'billion laughs' DoS attack
puppet Fix service provider to properly use update-rc.d disable API
python-apt Strip multiarch by default in RealParseDepends; add XZ support
python-gudev Add missing dependency on python-gobject
q4wine Stop shipping the library in lib64
qemu Don't register qemu-mips(el) with binfmt on mips(el)
qemu-kvm Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit
qt4-x11 Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification
rapidsvn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD
refpolicy Various permissions fixes
reprepro Handle Release files which don't contain md5sums
ruby1.8 Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8
samba Sevral bugfixes
schroot Fix loading of dchroot.conf
softhsm Remove statoverride entries before the package's user
sun-java6 New upstream security update
tzdata New upstream version
vimperator Resolve compatibility issues with iceweasel
widelands Fix potential security issue in Internet games
xenomai Adapt kernel patch to apply cleanly to squeeze's kernel
xserver-xorg-video-tseng Fix driver initialisation


Debian Installer
----------------

The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with support for
additional hardware.


Security Updates
----------------

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID Package Correction(s)

DSA-2161 openjdk-6 Denial of service
DSA-2193 libcgroup Several
DSA-2194 libvirt Privilege escalation
DSA-2195 php5 Several
DSA-2197 quagga Denial of service
DSA-2198 tex-common Insufficient input sanitizing
DSA-2199 iceape Update HTTPS certificate blacklist
DSA-2200 iceweasel Update HTTPS certificate blacklist
DSA-2201 wireshark Several
DSA-2202 apache2 Failure to drop root privileges
DSA-2203 nss Update HTTPS certificate blacklist
DSA-2205 gdm3 Privilege escalation
DSA-2206 mahara Several
DSA-2208 bind9 Denial of service
DSA-2209 tgt Double free
DSA-2211 vlc Missing input sanitising
DSA-2212 tmux Privilege escalation
DSA-2213 x11-xserver-utils Missing input sanitizing
DSA-2214 ikiwiki Missing input validation
DSA-2215 gitolite Directory traversal
DSA-2216 isc-dhcp Missing input sanitizing
DSA-2218 vlc Heap-based buffer overflow
DSA-2219 xmlsec1 File overwrite
DSA-2220 request-tracker3.8 Several
DSA-2221 libmojolicious-perl Directory traversal
DSA-2222 tinyproxy Incorrect ACL processing
DSA-2223 doctrine SQL injection
DSA-2224 openjdk-6 Several
DSA-2225 asterisk Several
DSA-2226 libmodplug Buffer overflow
DSA-2227 iceape Several
DSA-2229 spip Denial of service
DSA-2230 qemu-kvm Several
DSA-2231 otrs2 Cross-site scripting
DSA-2232 exim4 Format string vulnerability
DSA-2233 postfix Several
DSA-2235 icedove Several
DSA-2236 exim4 Command injection
DSA-2237 apr Denial of service
DSA-2238 vino Denial of service
DSA-2239 libmojolicious-perl Several
DSA-2240 user-mode-linux Several issues
DSA-2240 linux-2.6 Several issues
DSA-2241 qemu-kvm Implementation error
DSA-2242 cyrus-imapd-2.2 Implementation error
DSA-2244 bind9 Wrong boundary condition
DSA-2245 chromium-browser Several vulnerabilities
DSA-2246 mahara Several vulnerabilities
DSA-2247 rails Several vulnerabilities
DSA-2249 jabberd14 Denial of service
DSA-2250 citadel Denial of service
DSA-2254 oprofile Command injection
DSA-2255 libxml2 Buffer overflow
DSA-2257 vlc Buffer overflow
DSA-2259 fex Authentication bypass
DSA-2261 redmine Several
DSA-2262 moodle Several
DSA-2263 movabletype-opensource Several
DSA-2265 perl Missing taint check


Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

Package Reason

ktsuss security issues; unmaintained


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/squeeze/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

Stable distribution information (release notes, errata etc.):

http://www.debian.org/releases/stable/

Security announcements and information:

http://www.debian.org/security/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to , or contact
the stable release team at

--
GNU does not eliminate all the world's problems, only some of them.
-- The GNU Manifesto