Debian 9858 Published by

Debian 6.0.7 has been released



Here the full announcement:

The Debian project is pleased to announce the seventh update of its
stable distribution Debian 6.0 (codename "squeeze"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian
6.0 but only updates some of the packages included. There is no need to
throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian
mirror after an installation, to cause any out of date packages to be
updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

http://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

Package Reason

apt-show-versions Fix detection of squeeze-updates and
squeeze; update official
distribution list

base-files Update for the point release

bcron Don't allow jobs access to other
jobs' temporary files

bind9Â Update IP for "D" root server

bugzilla Add dependency on liburi-perl, used
during package configuration

choose-mirror Update URL for master mirror list

clamav New upstream version

claws-mail Fix NULL pointer dereference

clive Adapt for youtube.com changes

cups Ship cups-files.conf's manpage

dbus Avoid code execution in setuid/
setgid binaries

dbus-glib Fix authentication bypass through
insufficient checks (CVE-2013-0292)

debian-installer Rebuild for 6.0.7

debian-installer-netboot- Rebuild against debian-installer
images 20110106+squeeze4+b3

dtach Properly handle close request
(CVE-2012-3368)

ettercap Fix hosts list parsing (CVE-2013-
0722)

fglrx-driver Fix diversion-related issues with
upgrades from lenny

flashplugin-nonfree Use gpg --verify

fusionforge Lenny to squeeze upgrade fix

gmime2.2Â Add Conflicts: libgmime2.2-cil to
fix upgrades from lenny

gzip Avoid using memcpy on overlapping
regions

ia32-libs Update included packages from
stable / security.d.o

ia32-libs-core Update included packages from
stable / security.d.o

kfreebsd-8Â Fix CVE-2012-4576: memory access
without proper validation in linux
compat system

libbusiness-onlinepayment- Backport changes to IPPay gateway's
ippay-perl server name and path

libproc-processtable- Fix unsafe temporary file usage
perl (CVE-2011-4363)

libzorpll Add missing Breaks/Replaces:
libzorp2-dev to libzorpll-dev

linux-2.6Â Update to stable release 2.6.32.60.
Backport hpsa, isci and megaraid_sas
driver updates. Fix r8169 hangs

linux-kernel-di-amd64- Rebuild against linux-2.6 2.6.32-48
2.6Â

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
armel-2.6Â

linux-kernel-di-i386- Rebuild against linux-2.6 2.6.32-48
2.6Â

linux-kernel-di-ia64- Rebuild against linux-2.6 2.6.32-48
2.6Â

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mips-2.6Â

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
mipsel-2.6Â

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
powerpc-2.6Â

linux-kernel-di-s390- Rebuild against linux-2.6 2.6.32-48
2.6Â

linux-kernel-di- Rebuild against linux-2.6 2.6.32-48
sparc-2.6Â

magpierss Fix upgrade issue

maradns Fix CVE-2012-1570 (deleted domain
record cache persistence flaw)

mediawiki Prevent session fixation in
Special:UserLogin (CVE-2012-5391);
prevent linker regex from exceeding
backtrack limit

moodle Multiple security fixes

nautilus Add Breaks: samba-common (=
1.4

swath Fix potential buffer overflow in
Mule mode

swi-prolog Fix buffer overruns

ttf-ipafont Fix removal of alternatives

tzdata New upstream version; fix DST for
America/Bahia (Brazil)

unbound Update IP address hints for D.ROOT-
SERVERS.NET

xen Fix clock breakage

xnecview Fix FTBFS on armel




Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:


Advisory ID Package Correction(s)

DSA-2550 asterisk Multiple issues

DSA-2551 isc-dhcp Denial of service

DSA-2552 tiff Multiple issues

DSA-2553 iceweasel Multiple issues

DSA-2554 iceape Multiple issues

DSA-2555 libxslt Multiple issues

DSA-2556 icedove Multiple issues

DSA-2557 hostapd Denial of service

DSA-2558 bacula Information disclosure

DSA-2559 libexif Multiple issues

DSA-2560Â bind9Â Denial of service

DSA-2561 tiff Buffer overflow

DSA-2562 cups-pk-helper Privilege escalation

DSA-2563 viewvc Multiple issues

DSA-2564 tinyproxy Denial of service

DSA-2565 iceweasel Multiple issues

DSA-2566Â exim4Â Heap overflow

DSA-2567Â request-tracker3.8 Multiple issues

DSA-2568 rtfm Privilege escalation

DSA-2569 icedove Multiple issues

DSA-2570 openoffice.org Multiple issues

DSA-2571 libproxy Buffer overflow

DSA-2572 iceape Multiple issues

DSA-2573 radsecproxy SSL certificate
verification weakness

DSA-2574 typo3-src Multiple issues

DSA-2575 tiff Heap overflow

DSA-2576 trousers Denial of service

DSA-2577 libssh Multiple issues

DSA-2578 rssh Multiple issues

DSA-2579Â apache2Â Multiple issues

DSA-2580Â libxml2Â Buffer overflow

DSA-2582 xen Denial of service

DSA-2583 iceweasel Multiple issues

DSA-2584 iceape Multiple issues

DSA-2585 bogofilter Heap-based buffer
overflow

DSA-2586 perl Multiple issues

DSA-2587 libcgi-pm-perl HTTP header injection

DSA-2588 icedove Multiple issues

DSA-2589 tiff Buffer overflow

DSA-2590 wireshark Multiple issues

DSA-2591 mahara Multiple issues

DSA-2592 elinks Programming error

DSA-2593 moin Multiple issues

DSA-2594 virtualbox-ose Programming error

DSA-2595 ghostscript Buffer overflow

DSA-2596Â mediawiki- Cross-site scripting in
extensions RSSReader extension

DSA-2597 rails Input validation error

DSA-2598 weechat Multiple issues

DSA-2599 nss Mis-issued intermediates

DSA-2600 cups Privilege escalation

DSA-2601Â gnupg2Â Missing input sanitation

DSA-2601 gnupg Missing input sanitation

DSA-2602 zendframework XML external entity
inclusion

DSA-2603Â emacs23Â Programming error

DSA-2604 rails Insufficient input
validation

DSA-2605 asterisk Multiple issues

DSA-2606 proftpd-dfsg Symlink race

DSA-2607 qemu-kvm Buffer overflow

DSA-2608 qemu Buffer overflow

DSA-2609 rails SQL query manipulation

DSA-2610 ganglia Remote code execution

DSA-2611Â movabletype- Multiple issues
opensourceÂ

DSA-2612 ircd-ratbox Remote crash

DSA-2613 rails Insufficient input
validation

DSA-2614 libupnp Multiple issues

DSA-2615Â libupnp4Â Multiple issues

DSA-2616Â nagios3Â Buffer overflow
vulnerability

DSA-2617 samba Multiple issues

DSA-2618 ircd-hybrid Denial of service

DSA-2619Â xen-qemu-dm-4.0Â Buffer overflow

DSA-2620 rails Multiple issues

DSA-2621 openssl Multiple issues

DSA-2622 polarssl Multiple issues

DSA-2623 openconnect Buffer overflow

DSA-2624 ffmpeg Multiple issues

DSA-2625 wireshark Multiple issues

DSA-2626 lighttpd Multiple issues

DSA-2627 nginx Information leak


Debian Installer
----------------

The installer has been rebuilt to include the fixes incorporated into
stable by the point release.

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

Package Reason

elmerfem License problems (GPL + non-GPL)


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/squeeze/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates/


stable distribution information (release notes, errata etc.):

http://www.debian.org/releases/stable/


Security announcements and information:

http://security.debian.org/
  Debian 6.0.7 released