Updated Debian 6.0: 6.0.7 released

February 23rd, 2013

The Debian project is pleased to announce the seventh update of its stable distribution Debian 6.0 (codename squeeze ). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason apt-show-versions Fix detection of squeeze-updates and squeeze; update official distribution list base-files Update for the point release bcron Don't allow jobs access to other jobs' temporary files bind9 Update IP for D root server bugzilla Add dependency on liburi-perl, used during package configuration choose-mirror Update URL for master mirror list clamav New upstream version claws-mail Fix NULL pointer dereference clive Adapt for youtube.com changes cups Ship cups-files.conf's manpage dbus Avoid code execution in setuid/setgid binaries dbus-glib Fix authentication bypass through insufficient checks (CVE-2013-0292) debian-installer Rebuild for 6.0.7 debian-installer-netboot-images Rebuild against debian-installer 20110106+squeeze4+b3 dtach Properly handle close request (CVE-2012-3368) ettercap Fix hosts list parsing (CVE-2013-0722) fglrx-driver Fix diversion-related issues with upgrades from lenny flashplugin-nonfree Use gpg --verify fusionforge Lenny to squeeze upgrade fix gmime2.2 Add Conflicts: libgmime2.2-cil to fix upgrades from lenny gzip Avoid using memcpy on overlapping regions ia32-libs Update included packages from stable / security.d.o ia32-libs-core Update included packages from stable / security.d.o kfreebsd-8 Fix CVE-2012-4576: memory access without proper validation in linux compat system libbusiness-onlinepayment-ippay-perl Backport changes to IPPay gateway's server name and path libproc-processtable-perl Fix unsafe temporary file usage (CVE-2011-4363) libzorpll Add missing Breaks/Replaces: libzorp2-dev to libzorpll-dev linux-2.6 Update to stable release 2.6.32.60. Backport hpsa, isci and megaraid_sas driver updates. Fix r8169 hangs linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-armel-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-i386-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-mips-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-s390-2.6 Rebuild against linux-2.6 2.6.32-48 linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 2.6.32-48 magpierss Fix upgrade issue maradns Fix CVE-2012-1570 (deleted domain record cache persistence flaw) mediawiki Prevent session fixation in Special:UserLogin (CVE-2012-5391); prevent linker regex from exceeding backtrack limit moodle Multiple security fixes nautilus Add Breaks: samba-common (<< 2:3.5) to fix a lenny to squeeze upgrade issue openldap Dump the database in prerm on upgrades to help upgrades to releases with newer libdb versions openssh Improve DoS resistance (CVE-2010-5107) pam-pgsql Fix issue with NULL passwords pam-shield Correctly block IPs when allow_missing_dns is no perl Fix misparsing of maketext strings (CVE-2012-6329) poppler Security fixes; CVE-2010-0206, CVE-2010-0207, CVE-2012-4653; fix GooString::insert, correctly initialise variables portmidi Fix crash postgresql-8.4 New upstream micro-release sdic Move bzip2 from Suggests to Depends as it is used during installation snack Fix buffer overflow (CVE-2012-6303) sphinx Fix incompatibility with jQuery>= 1.4 swath Fix potential buffer overflow in Mule mode swi-prolog Fix buffer overruns ttf-ipafont Fix removal of alternatives tzdata New upstream version; fix DST for America/Bahia (Brazil) unbound Update IP address hints for D.ROOT-SERVERS.NET xen Fix clock breakage xnecview Fix FTBFS on armel

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s) DSA-2550 asterisk Multiple issues DSA-2551 isc-dhcp Denial of service DSA-2552 tiff Multiple issues DSA-2553 iceweasel Multiple issues DSA-2554 iceape Multiple issues DSA-2555 libxslt Multiple issues DSA-2556 icedove Multiple issues DSA-2557 hostapd Denial of service DSA-2558 bacula Information disclosure DSA-2559 libexif Multiple issues DSA-2560 bind9 Denial of service DSA-2561 tiff Buffer overflow DSA-2562 cups-pk-helper Privilege escalation DSA-2563 viewvc Multiple issues DSA-2564 tinyproxy Denial of service DSA-2565 iceweasel Multiple issues DSA-2566 exim4 Heap overflow DSA-2567 request-tracker3.8 Multiple issues DSA-2568 rtfm Privilege escalation DSA-2569 icedove Multiple issues DSA-2570 openoffice.org Multiple issues DSA-2571 libproxy Buffer overflow DSA-2572 iceape Multiple issues DSA-2573 radsecproxy SSL certificate verification weakness DSA-2574 typo3-src Multiple issues DSA-2575 tiff Heap overflow DSA-2576 trousers Denial of service DSA-2577 libssh Multiple issues DSA-2578 rssh Multiple issues DSA-2579 apache2 Multiple issues DSA-2580 libxml2 Buffer overflow DSA-2582 xen Denial of service DSA-2583 iceweasel Multiple issues DSA-2584 iceape Multiple issues DSA-2585 bogofilter Heap-based buffer overflow DSA-2586 perl Multiple issues DSA-2587 libcgi-pm-perl HTTP header injection DSA-2588 icedove Multiple issues DSA-2589 tiff Buffer overflow DSA-2590 wireshark Multiple issues DSA-2591 mahara Multiple issues DSA-2592 elinks Programming error DSA-2593 moin Multiple issues DSA-2594 virtualbox-ose Programming error DSA-2595 ghostscript Buffer overflow DSA-2596 mediawiki-extensions Cross-site scripting in RSSReader extension DSA-2597 rails Input validation error DSA-2598 weechat Multiple issues DSA-2599 nss Mis-issued intermediates DSA-2600 cups Privilege escalation DSA-2601 gnupg2 Missing input sanitation DSA-2601 gnupg Missing input sanitation DSA-2602 zendframework XML external entity inclusion DSA-2603 emacs23 Programming error DSA-2604 rails Insufficient input validation DSA-2605 asterisk Multiple issues DSA-2606 proftpd-dfsg Symlink race DSA-2607 qemu-kvm Buffer overflow DSA-2608 qemu Buffer overflow DSA-2609 rails SQL query manipulation DSA-2610 ganglia Remote code execution DSA-2611 movabletype-opensource Multiple issues DSA-2612 ircd-ratbox Remote crash DSA-2613 rails Insufficient input validation DSA-2614 libupnp Multiple issues DSA-2615 libupnp4 Multiple issues DSA-2616 nagios3 Buffer overflow vulnerability DSA-2617 samba Multiple issues DSA-2618 ircd-hybrid Denial of service DSA-2619 xen-qemu-dm-4.0 Buffer overflow DSA-2620 rails Multiple issues DSA-2621 openssl Multiple issues DSA-2622 polarssl Multiple issues DSA-2623 openconnect Buffer overflow DSA-2624 ffmpeg Multiple issues DSA-2625 wireshark Multiple issues DSA-2626 lighttpd Multiple issues DSA-2627 nginx Information leak

Debian Installer

The installer has been rebuilt to include the fixes incorporated into stable by the point release.

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason elmerfem License problems (GPL + non-GPL)

URLs

The complete lists of packages that have changed with this revision:

The current stable distribution:

Proposed updates to the stable distribution:

stable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.