We should update nebka. Also we need a planned downtime at Xmas to upgrade to mysql 5.1 ----- Forwarded message from Joey Schulze <joey@infodrom.org> ----- From: Joey Schulze <joey@infodrom.org> To: debian-announce@lists.debian.org Subject: Debian GNU/Linux 5.0 updated ------------------------------------------------------------------------- The Debian Project http://www.debian.org/ Debian GNU/Linux 5.0 updated press@debian.org June 26th, 2010 http://www.debian.org/News/2010/20100626 ------------------------------------------------------------------------- Debian GNU/Linux 5.0 updated The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to- date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: <http://www.debian.org/distrib/ftplist> Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason alien-arena Fix a buffer overflow and a denial of service apache2 Add missing psmisc dependency; fix memory leak in brigade cleanup apache2-mpm-itk Ensure child processes get correctly reaped on reload apr Set FD_CLOEXEC on file descriptors to avoid potential leaks apt Allow Files sections to contain more than 999 characters base-files Update /etc/debian_version for the point release cpio Fix buffer overflow in rmt_read__ dia2code Fix segfault parsing large files gtk+2.0 Fix hang when printing large documents libapache-dbi-perl Fix loading of module from Apache startup files libapache2-mod-perl2 Fix XSS in Apache2::Status libjavascript-perl Fix segfault when calling non-existent function libjson-ruby Fix parser DoS and use libjs-prototype rather than embedding the library liblog-handler-perl Add missing dependency on libuniversal-require-perl libmediawiki-perl Update to match mediawiki changes libnamespace-clean-perl Add missing dependency on libscope-guard-perl libnet-smtp-server-perl Add missing dependency on libnet-dns-perl libxext Ensure display lock is held before calling XAllocID linux-2.6 Several fixes and driver updates mailman Don't add multiple Mime-Version headers mpg123 Allow modules to be located again (broken by libltdl security fix) nano Fix symlink attack and arbitrary file ownership change issue nfs-utils Update test for NFS kernel server support in init script to support partial upgrades nut Move library to /lib to allow power-down with separated /usr open-iscsi Fix temporary file vulnerability openssl Check return value of bn_wexpand() (CVE-2009-3245) openttd Fix several DoS and crash vulnerabilities php5 Fix overflows, add missing sybase aliases, improve e-mail validation poppler Fix remote code execution via crafted PDF files postgresql-8.3 Several vulnerabilities pyftpd Security fixes - disable default users, anonymous access and logging to /tmp python-support Use sane default umask in update-python-modules request-tracker3.6 Fix login problem introduced in security update samba Fix memory leaks with domain trust passwords; fix interdomain trust with Windows 2008 r2 servers slim Make magic cookie less predictable; don't save screenshots in /tmp sun-java5 Update to new upstream release to fix security issues sun-java6 Update to new upstream release to fix security issues tar Security fix in rmt texlive-bin Security fixes in dvips tla Fix DoS in embedded expat library tzdata Update timezone data usbutils Update USB ID list user-mode-linux Rebuild against linux-2.6 2.6.26-24 wordpress Fix DoS xerces-c2 Fix DoS attack with nested DTDs xmonad-contrib Fix installability on 64-bit architectures xserver-xorg-input-elographics Prevent X server hangs when using the touchscreen xserver-xorg-video-intel Add support for ASUS eeetop LVDS output Note that due to problems with the package build process, updated sun-java5 and sun-java6 packages for the ia64 architecture are not included in this point release. These packages will be provided in proposed-updates as soon as they are available and included in a future point release. Kernel Updates -------------- The kernel images included in this point release incorporate a number of important and security-related fixes together with support for additional hardware. On the amd64 and i386 architectures, support has been re-introduced for automatically running the lilo bootloader when a kernel image is added, updated or removed in order to ensure that this is correctly registered with the bootloader. Debian Installer ---------------- The Debian Installer has been updated in this point release to correct an issue with the display of the "BIOS boot area" partitioner option when using GPT partitions and to update the list of available mirror servers for package installation. The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware. Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package Correction(s) DSA 1841 git-core Denial of service DSA 1955 network-manager-applet Information disclosure DSA 1973 glibc Information disclosure DSA 1977 python2.4 Several vulnerabilities DSA 1977 python2.5 Several vulnerabilities DSA 1980 ircd-ratbox Arbitrary code execution DSA 1981 maildrop Privilege escalation DSA 1982 hybserv Denial of service DSA 1983 wireshark Several vulnerabilities DSA 1984 libxerces2-java Denial of service DSA 1985 sendmail Insufficient input validation DSA 1986 moodle Several vulnerabilities DSA 1987 lighttpd Denial of service DSA 1988 qt4-x11 Several vulnerabilities DSA 1989 fuse Denial of service DSA 1990 trac-git Code execution DSA 1991 squid3 Denial of service DSA 1992 chrony Denial of service DSA 1993 otrs2 SQL injection DSA 1994 ajaxterm Session hijacking DSA 1995 openoffice.org Several vulnerabilities DSA 1996 linux-2.6 Several vulnerabilities DSA 1997 mysql-dfsg-5.0 Several vulnerabilities DSA 1998 kdelibs Arbitrary code execution DSA 1999 xulrunner Several vulnerabilities DSA 2000 ffmpeg-debian Several vulnerabilities DSA 2001 php5 Multiple vulnerabilities DSA 2002 polipo Denial of service DSA 2004 samba Several vulnerabilities DSA 2006 sudo Several vulnerabilities DSA 2007 cups Arbitrary code execution DSA 2008 typo3-src Several vulnerabilities DSA 2009 tdiary Cross-site scripting DSA 2010 kvm Several vulnerabilities DSA 2011 dpkg Path traversal DSA 2012 user-mode-linux Several vulnerabilities DSA 2012 linux-2.6 Several vulnerabilities DSA 2013 egroupware Several vulnerabilities DSA 2014 moin Several vulnerabilities DSA 2015 drbd8 Privilege escalation DSA 2015 linux-modules-extra-2.6 Privilege escalation DSA 2016 drupal6 Several vulnerabilities DSA 2017 pulseaudio Insecure temporary directory DSA 2018 php5 Null pointer dereference DSA 2019 pango1.0 Denial of service DSA 2020 ikiwiki Cross-site scripting DSA 2021 spamass-milter Missing input sanitization DSA 2022 mediawiki Several vulnerabilities DSA 2023 curl Arbitrary code execution DSA 2024 moin Cross-site scripting DSA 2025 icedove Several vulnerabilities DSA 2026 netpbm-free Denial of service DSA 2027 xulrunner Several vulnerabilities DSA 2028 xpdf Several vulnerabilities DSA 2029 imlib2 Arbitrary code execution DSA 2030 mahara SQL injection DSA 2031 krb5 Denial of service DSA 2032 libpng Several vulnerabilities DSA 2033 ejabberd Denial of service DSA 2034 phpmyadmin Several vulnerabilities DSA 2035 apache2 Several vulnerabilities DSA 2036 jasper Denial of service DSA 2037 kdebase Privilege escalation DSA 2038 pidgin Denial of service DSA 2039 cacti Missing input sanitising DSA 2040 squidguard Several vulnerabilities DSA 2041 mediawiki Cross-site request forgery DSA 2042 iscsitarget Arbitrary code execution DSA 2044 mplayer Arbitrary code execution DSA 2045 libtheora Arbitrary code execution DSA 2046 phpgroupware Several vulnerabilities DSA 2047 aria2 Directory traversal DSA 2048 dvipng Arbitrary code execution DSA 2049 barnowl Arbitrary code execution DSA 2050 postgresql-8.3 Several vulnerabilities DSA 2052 krb5 Denial of service DSA 2053 linux-2.6 Several issues DSA 2054 bind9 Cache poisoning DSA 2055 openoffice.org Arbitrary code execution DSA 2056 zonecheck Cross-site scripting DSA 2057 mysql-dfsg-5.0 Several vulnerabilities DSA 2058 pcsc-lite Privilege escalation DSA 2058 glibc Several vulnerabilities DSA 2060 cacti SQL injection DSA 2062 sudo Missing input sanitization DSA 2063 pmount Denial of service Removed packages ---------------- The following packages were removed due to circumstances beyond our control: Package Reason eclipse incompatible with stable's xulrunner; not easily fixable eclipse-cdt depends on removed eclipse eclipse-nls-sdk depends on removed eclipse URLs ---- The complete list of packages that have changed with this revision: <http://ftp.debian.org/debian/dists/lenny/ChangeLog> The current stable distribution: <http://ftp.debian.org/debian/dists/stable> Proposed updates to the stable distribution: <http://ftp.debian.org/debian/dists/proposed-updates> Stable distribution information (release notes, errata etc.): <http://www.debian.org/releases/stable/> Security announcements and information: <http://www.debian.org/security/> About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux. Contact Information ------------------- For further information, please visit the Debian web pages at <http://www.debian.org/>, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org> -- To UNSUBSCRIBE, email to debian-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20100626160545.GK31750@finlandia.home.infodrom.org ----- End forwarded message ----- -- Cheers, Thomas Krichel http://openlib.org/home/krichel http://authorclaim.org/profile/pkr1 skype: thomaskrichel