news 28 Posted June 27, 2009 ------------------------------------------------------------------------- The Debian Project http://www.debian.org/ Debian GNU/Linux 5.0 updated press ( -at -) debian.org June 27th, 2009 http://www.debian.org/News/2009/20090627 ------------------------------------------------------------------------- Debian GNU/Linux 5.0 updated The Debian project is pleased to announce the second update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to- date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations. Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: Package Reason apr-util Fix information disclosure (CVE-2009-1956) asciidoc Replace fop with dblatex backuppc Fix permissions of CGI script and ht* files base-files Bump version to 5.0.2 bind9 Fix DNSSEC lookaside validation failed to handle unknown algorithms cdebconf Optimize screen usage in newt frontend choose-mirror Make preseeding of oldstable possible glib2.0 Fix crashes in gvfs gnupg Fix memory leak and cleanup terminal attributes on interrupt hobbit Create /var/run/hobbit if missing installation-guide New sections on accessibility support iodine Fix segfault when 5.x client connects jd Fix posting comments kfreebsd-7 Fix several vulnerabilities libapache2-authcassimple-perl Fix POST request handling libaqbanking Fix segfault in qt3-wizard libnet-rawip-perl Fix segmentation fault libxcb Fix important performance issues linux-2.6 Several fixes linux-kernel-di-alpha-2.6 Rebuild against latest kernel linux-kernel-di-amd64-2.6 Rebuild against latest kernel linux-kernel-di-arm-2.6 Rebuild against latest kernel linux-kernel-di-armel-2.6 Rebuild against latest kernel linux-kernel-di-hppa-2.6 Rebuild against latest kernel linux-kernel-di-i386-2.6 Rebuild against latest kernel linux-kernel-di-ia64-2.6 Rebuild against latest kernel linux-kernel-di-mips-2.6 Rebuild against latest kernel linux-kernel-di-mipsel-2.6 Rebuild against latest kernel linux-kernel-di-powerpc-2.6 Rebuild against latest kernel linux-kernel-di-s390-2.6 Rebuild against latest kernel linux-kernel-di-sparc-2.6 Rebuild against latest kernel live-initramfs Better support for persistent mode live-magic Fix handling of /etc/debian_version mdadm Fix stability issues mt-daapd Add musepack to transcoding list nagios3 Fix nagios3-common's prerm script nss Fix alignment issues on sparc and ia64 onak Always open db read/write pango1.0 Fix arbitrary code execution pidgin-otr Sourceful upload with bumped version number to fix a collision with a binNMU poppler Fix several vulnerabilities pygobject Fix inconsistent use of tabs and spaces in indentation samba Fix memory leak, winbind crashes and Win200 SP4 joining issues screen Fix symlink attack slime Remove non-free xref.lisp smstools Fix modem timeouts solr Fix simultaneous installation of tomcat5.5 with solr-tomcat5.5 sound-juicer Fix a crash on invocation of the preferences dialog system-config-printer New Romanian translation system-tools-backends Fix limiting effective password length to 8 characters (CVE-2008-6792) and handle new format of /etc/debian_version tzdata New timezone information user-mode-linux Several fixes xorg Default to fbdev driver on sparc xorg-server Fix wakeup storm in idletime xsync counter New version of the debian-installer ----------------------------------- The debian-installer has been updated to allow the installation of the previous stable release (Debian 4.0 "etch") and to include an updated cdebconf package which resolves several issues with installation menu rendering using the newt frontend, including: - explanatory text overlapping with the input box due to a height miscalculation - overlapping of the "Go Back" button and the select list on certain screens - suboptimal screen usage, particularly affecting debian-edu installations The installer has been rebuilt to use the updated kernel packages included in this point release, resolving issues with installation on s390 G5 systems and IBM summit-based i386 systems. Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package(s) Correction(s) DSA 1761 moodle File disclosure DSA 1762 icu Cross-site scripting DSA 1763 openssl Denial of service DSA 1764 tunapie Several vulnerabilities DSA 1766 krb5 Several vulnerabilities DSA 1767 multipath-tools Denial of service DSA 1768 openafs Potential code execution DSA 1771 clamav Several vulnerabilities DSA 1772 udev Critical privilege escalation DSA 1773 cups Arbitrary code execution DSA 1774 ejabberd Cross-site scripting DSA 1776 slurm-llnl Privilege escalation DSA 1777 git-core Privilege escalation DSA 1778 mahara Cross-site scripting DSA 1779 apt Several vulnerabilities DSA 1781 ffmpeg-debian Arbitrary code execution DSA 1783 mysql-dfsg-5.0 Several vulnerabilities DSA 1784 freetype Arbitrary code execution DSA 1785 wireshark Several vulnerabilities DSA 1786 acpid Denial of service DSA 1788 quagga Denial of service DSA 1789 php5 Several vulnerabilities DSA 1790 xpdf Multiple vulnerabilities DSA 1791 moin Cross-site scripting DSA 1792 drupal6 Multiple vulnerabilities DSA 1793 kdegraphics Multiple vulnerabilities DSA 1795 ldns Arbitrary code execution DSA 1797 xulrunner Multiple vulnerabilities DSA 1798 pango1.0 Arbitrary code execution DSA 1799 qemu Several vulnerabilities DSA 1800 linux-2.6,user-mode-linux Several vulnerabilities DSA 1801 ntp Several vulnerabilities DSA 1802 squirrelmail Several vulnerabilities DSA 1803 nsd, nsd3 Denial of service DSA 1804 ipsec-tools Denial of service DSA 1805 pidgin Several vulnerabilities DSA 1806 cscope Arbitrary code execution DSA 1807 cyrus-sasl2 Arbitrary code execution DSA 1807 cyrus-sasl2-heimdal Arbitrary code execution DSA 1808 drupal6 Insufficient input sanitising DSA 1809 linux-2.6,user-mode-linux Several vulnerabilities DSA 1810 libapache-mod-jk Information disclosure DSA 1811 cups Denial of service DSA 1812 apr-util Several vulnerabilities DSA 1813 evolution-data-server Several vulnerabilities DSA 1814 libsndfile Arbitrary code execution DSA 1815 libtorrent-rasterbar Denial of service DSA 1817 ctorrent Arbitrary code execution DSA 1818 gforge Insufficient input sanitising DSA 1820 xulrunner Several vulnerabilities DSA 1821 amule Insufficient input sanitising DSA 1822 mahara Cross-site scripting DSA 1823 samba Several vulnerabilities DSA 1824 phpmyadmin Several vulnerabilities URLs ---- The complete lists of packages that have changed with this revision: The current stable distribution: Proposed updates to the stable distribution: stable distribution information (release notes, errata etc.): Security announcements and information: About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux. Contact Information ------------------- For further information, please visit the Debian web pages at , send mail to , or contact the stable release team at -- To UNSUBSCRIBE, email to debian-announce-REQUEST ( -at -) lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster ( -at -) lists.debian.org Share this post Link to post