Debian GNU/Linux 5.0 Updated

53

The Debian project is pleased to announce the second update of its stable distribution Debian GNU/Linux 5.0 (codename “lenny”).  This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included.  There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won’t have to update many packages and most updates from security.debian.org are included in this update.

New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors.  A comprehensive list of mirrors is available at:

   <http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

   Package                            Reason

   apr-util                           Fix information disclosure (CVE-2009-1956)
   asciidoc                           Replace fop with dblatex
   backuppc                           Fix permissions of CGI script and ht* files
   base-files                         Bump version to 5.0.2
   bind9                              Fix DNSSEC lookaside validation failed to handle unknown algorithms
   cdebconf                           Optimize screen usage in newt frontend
   choose-mirror                      Make preseeding of oldstable possible
   glib2.0                            Fix crashes in gvfs
   gnupg                              Fix memory leak and cleanup terminal attributes on interrupt
   hobbit                             Create /var/run/hobbit if missing
   installation-guide                 New sections on accessibility support
   iodine                             Fix segfault when 5.x client connects
   jd                                 Fix posting comments
   kfreebsd-7                         Fix several vulnerabilities
   libapache2-authcassimple-perl      Fix POST request handling
   libaqbanking                       Fix segfault in qt3-wizard
   libnet-rawip-perl                  Fix segmentation fault
   libxcb                             Fix important performance issues
   linux-2.6                          Several fixes
   linux-kernel-di-alpha-2.6          Rebuild against latest kernel
   linux-kernel-di-amd64-2.6          Rebuild against latest kernel
   linux-kernel-di-arm-2.6            Rebuild against latest kernel
   linux-kernel-di-armel-2.6          Rebuild against latest kernel
   linux-kernel-di-hppa-2.6           Rebuild against latest kernel
   linux-kernel-di-i386-2.6           Rebuild against latest kernel
   linux-kernel-di-ia64-2.6           Rebuild against latest kernel
   linux-kernel-di-mips-2.6           Rebuild against latest kernel
   linux-kernel-di-mipsel-2.6         Rebuild against latest kernel
   linux-kernel-di-powerpc-2.6        Rebuild against latest kernel
   linux-kernel-di-s390-2.6           Rebuild against latest kernel
   linux-kernel-di-sparc-2.6          Rebuild against latest kernel
   live-initramfs                     Better support for persistent mode
   live-magic                         Fix handling of /etc/debian_version
   mdadm                              Fix stability issues
   mt-daapd                           Add musepack to transcoding list
   nagios3                            Fix nagios3-common’s prerm script
   nss                                Fix alignment issues on sparc and ia64
   onak                               Always open db read/write
   pango1.0                           Fix arbitrary code execution
   pidgin-otr                         Sourceful upload with bumped version number to fix a collision with a binNMU
   poppler                            Fix several vulnerabilities
   pygobject                          Fix inconsistent use of tabs and spaces in indentation
   samba                              Fix memory leak, winbind crashes and Win200 SP4 joining issues
   screen                             Fix symlink attack
   slime                              Remove non-free xref.lisp
   smstools                           Fix modem timeouts
   solr                               Fix simultaneous installation of tomcat5.5 with solr-tomcat5.5
   sound-juicer                       Fix a crash on invocation of the preferences dialog
   system-config-printer              New Romanian translation
   system-tools-backends              Fix limiting effective password length to 8 characters (CVE-2008-6792)
                                      and handle new format of /etc/debian_version
   tzdata                             New timezone information
   user-mode-linux                    Several fixes
   xorg                               Default to fbdev driver on sparc
   xorg-server                        Fix wakeup storm in idletime xsync counter

New Version of the debian-installer

The debian-installer has been updated to allow the installation of the previous stable release (Debian 4.0 “etch”) and to include an updated cdebconf package which resolves several issues with installation menu rendering using the newt frontend, including:

  • Explanatory text overlapping with the input box due to a height  miscalculation

  • Overlapping of the “Go Back” button and the select list on certain screens

  • Suboptimal screen usage, particularly affecting debian-edu installations

The installer has been rebuilt to use the updated kernel packages included in this point release, resolving issues with installation on s390 G5 systems and IBM summit-based i386 systems.

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

   Advisory ID    Package(s)                 Correction(s)

   DSA 1761       moodle                     File disclosure
   DSA 1762       icu                        Cross-site scripting
   DSA 1763       openssl                    Denial of service
   DSA 1764       tunapie                    Several vulnerabilities
   DSA 1766       krb5                       Several vulnerabilities
   DSA 1767       multipath-tools            Denial of service
   DSA 1768       openafs                    Potential code execution
   DSA 1771       clamav                     Several vulnerabilities
   DSA 1772       udev                       Critical privilege escalation
   DSA 1773       cups                       Arbitrary code execution
   DSA 1774       ejabberd                   Cross-site scripting
   DSA 1776       slurm-llnl                 Privilege escalation
   DSA 1777       git-core                   Privilege escalation
   DSA 1778       mahara                     Cross-site scripting
   DSA 1779       apt                        Several vulnerabilities
   DSA 1781       ffmpeg-debian              Arbitrary code execution
   DSA 1783       mysql-dfsg-5.0             Several vulnerabilities
   DSA 1784       freetype                   Arbitrary code execution
   DSA 1785       wireshark                  Several vulnerabilities
   DSA 1786       acpid                      Denial of service
   DSA 1788       quagga                     Denial of service
   DSA 1789       php5                       Several vulnerabilities
   DSA 1790       xpdf                       Multiple vulnerabilities
   DSA 1791       moin                       Cross-site scripting
   DSA 1792       drupal6                    Multiple vulnerabilities
   DSA 1793       kdegraphics                Multiple vulnerabilities
   DSA 1795       ldns                       Arbitrary code execution
   DSA 1797       xulrunner                  Multiple vulnerabilities
   DSA 1798       pango1.0                   Arbitrary code execution
   DSA 1799       qemu                       Several vulnerabilities
   DSA 1800       linux-2.6,user-mode-linux  Several vulnerabilities
   DSA 1801       ntp                        Several vulnerabilities
   DSA 1802       squirrelmail               Several vulnerabilities
   DSA 1803       nsd, nsd3                  Denial of service
   DSA 1804       ipsec-tools                Denial of service
   DSA 1805       pidgin                     Several vulnerabilities
   DSA 1806       cscope                     Arbitrary code execution
   DSA 1807       cyrus-sasl2                Arbitrary code execution
   DSA 1807       cyrus-sasl2-heimdal        Arbitrary code execution
   DSA 1808       drupal6                    Insufficient input sanitising
   DSA 1809       linux-2.6,user-mode-linux  Several vulnerabilities
   DSA 1810       libapache-mod-jk           Information disclosure
   DSA 1811       cups                       Denial of service
   DSA 1812       apr-util                   Several vulnerabilities
   DSA 1813       evolution-data-server      Several vulnerabilities
   DSA 1814       libsndfile                 Arbitrary code execution
   DSA 1815       libtorrent-rasterbar       Denial of service
   DSA 1817       ctorrent                   Arbitrary code execution
   DSA 1818       gforge                     Insufficient input sanitising
   DSA 1820       xulrunner                  Several vulnerabilities
   DSA 1821       amule                      Insufficient input sanitising
   DSA 1822       mahara                     Cross-site scripting
   DSA 1823       samba                      Several vulnerabilities
   DSA 1824       phpmyadmin                 Several vulnerabilities

URLs

 
The complete lists of packages that have changed with this revision:

 <http://ftp.debian.org/debian/dists/lenny/ChangeLog>

The current stable distribution:

 <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

 <http://ftp.debian.org/debian/dists/proposed-updates>

stable distribution information (release notes, errata etc.):

 <http://www.debian.org/releases/stable/>

Security announcements and information:

 <http://www.debian.org/security/>

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at <http://www.debian.org/>, send mail to <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>, or contact the stable release team at <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>