Updated Debian 5.0: 5.0.9 released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Updated Debian 5.0: 5.0.9 released

Joey Schulze
The Debian Project                                http://www.debian.org/
Updated Debian 5.0: 5.0.9 released                      [hidden email]
October 1st, 2011               http://www.debian.org/News/2011/20111001

Updated Debian 5.0: 5.0.9 released

The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian GNU/Linux 5.0 (codename "lenny"). This
update mainly adds corrections for security problems to the oldstable
release, along with a few adjustment to serious problems. Security
advisories were already published separately and are referenced where

Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included. There is
no need to throw away 5.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page)
to one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following

Package          Reason

aptitude         Fix symlink attack in hierarchy editor
atop             Insecure use of temporary files
base-files       Update /etc/debian_version for the point release
conky            Fix file overwrite vulnerability
dokuwiki         RSS XSS security fix
klibc            Escape ipconfig's DHCP options
linux-2.6        Several security updates and select fixes from upstream
magpierss        Fix cross-site scripting vulnerability (CVE-2011-0740)
mediawiki        Protect against CSS injection vulnerability
openldap         Security fixes
openssl          Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
pmake            Fix symlink attack via temporary files
sun-java6        New upstream security update
tesseract        Disable xterm-based debug windows to avoid file overwrite vulnerability
tzdata           New upstream version
user-mode-linux  Rebuild against linux-2.6 2.6.26-27
v86d             Fix CVE-2011-1070: failure to validate netlink message sender;
                 do not include random kernel headers in CFLAGS
vftool           Fix a buffer overflow in linetoken() in parseAFM.c
xorg-server      GLX: don't crash in SwapBuffers if we don't have a context

Due to the timing of this point release relative to the next update for
the stable release (Debian 6.0 "squeeze"), the versions of atop and
tzdata included in this point release are higher than the corresponding
packages currently in stable. The next stable point release is planned
for one week's time, after which the package versions in stable will
once again be higher, as expected.

We do not expect that this situation will cause any issues with upgrades
from oldstable to the stable release during this short period of time,
but please report any such issues which do arise. (See the "Contact
Information" section below).

Security Updates

This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID  Package                      Correction(s)

DSA-2043     vlc                          Arbitrary code execution
DSA-2149     dbus                         Denial of service
DSA-2150     request-tracker3.6           Salt password hashing
DSA-2151     openoffice.org               Multiple issues
DSA-2152     hplip                        Buffer overflow
DSA-2153     linux-2.6                    Multiple issues
DSA-2153     user-mode-linux              Multiple issues
DSA-2154     exim4                        Privilege escalation
DSA-2155     freetype                     Multiple issues
DSA-2156     pcsc-lite                    Buffer overflow
DSA-2157     postgresql-8.3               Buffer overflow
DSA-2158     cgiirc                       Cross-site scripting flaw
DSA-2165     ffmpeg-debian                Buffer overflow
DSA-2167     phpmyadmin                   SQL injection
DSA-2168     openafs                      Multiple issues
DSA-2169     telepathy-gabble             Missing input validation
DSA-2170     mailman                      Multiple issues
DSA-2171     asterisk                     Buffer overflow
DSA-2172     moodle                       Multiple issues
DSA-2173     pam-pgsql                    Buffer overflow
DSA-2174     avahi                        Denial of service
DSA-2175     samba                        Missing input sanitising
DSA-2176     cups                         Multiple issues
DSA-2179     dtc                          SQL injection
DSA-2181     subversion                   Denial of service
DSA-2182     logwatch                     Remote code execution
DSA-2183     nbd                          Arbitrary code execution
DSA-2186     xulrunner                    Multiple issues
DSA-2191     proftpd-dfsg                 Multiple issues
DSA-2195     php5                         Multiple issues
DSA-2196     maradns                      Buffer overflow
DSA-2197     quagga                       Denial of service
DSA-2200     nss                          Compromised certificate authority
DSA-2200     xulrunner                    Update HTTPS certificate blacklist
DSA-2201     wireshark                    Multiple issues
DSA-2203     nss                          Update HTTPS certificate blacklist
DSA-2204     imp4                         Insufficient input sanitising
DSA-2206     mahara                       Multiple issues
DSA-2207     tomcat5.5                    Multiple issues
DSA-2208     bind9                        Issue with processing of new DNSSEC DS records
DSA-2210     tiff                         Multiple issues
DSA-2211     vlc                          Missing input sanitising
DSA-2213     x11-xserver-utils            Missing input sanitizing
DSA-2214     ikiwiki                      Missing input validation
DSA-2217     dhcp3                        Missing input sanitizing
DSA-2219     xmlsec1                      File overwrite
DSA-2220     request-tracker3.6           Multiple issues
DSA-2225     asterisk                     Multiple issues
DSA-2226     libmodplug                   Buffer overflow
DSA-2228     xulrunner                    Multiple issues
DSA-2233     postfix                      Multiple issues
DSA-2234     zodb                         Multiple issues
DSA-2242     cyrus-imapd-2.2              Implementation error
DSA-2243     unbound                      Design flaw
DSA-2244     bind9                        Wrong boundary condition
DSA-2246     mahara                       Multiple issues
DSA-2247     rails                        Multiple issues
DSA-2248     ejabberd                     Denial of service
DSA-2250     citadel                      Denial of service
DSA-2253     fontforge                    Buffer overflow
DSA-2254     oprofile                     Command injection
DSA-2255     libxml2                      Buffer overflow
DSA-2260     rails                        Multiple issues
DSA-2264     linux-2.6                    Multiple issues
DSA-2264     user-mode-linux              Multiple issues
DSA-2266     php5                         Multiple issues
DSA-2268     xulrunner                    Multiple issues
DSA-2272     bind9                        Denial of service
DSA-2274     wireshark                    Multiple issues
DSA-2276     asterisk                     Multiple issues
DSA-2277     xml-security-c               Buffer overflow
DSA-2278     horde3                       Multiple issues
DSA-2280     libvirt                      Multiple issues
DSA-2286     phpmyadmin                   Multiple issues
DSA-2288     libsndfile                   Integer overflow
DSA-2289     typo3-src                    Multiple issues
DSA-2290     samba                        Cross-side scripting
DSA-2291     squirrelmail                 Multiple issues
DSA-2292     dhcp3                        Denial of service
DSA-2293     libxfont                     Buffer overflow
DSA-2294     freetype                     Missing input sanitization
DSA-2296     xulrunner                    Multiple issues
DSA-2298     apache2                      Denial of service
DSA-2298     apache2-mpm-itk              Denial of service
DSA-2300     nss                          Compromised certificate authority
DSA-2301     rails                        Multiple issues
DSA-2302     bcfg2                        Arbitrary code execution
DSA-2304     squid3                       Buffer overflow
DSA-2308     mantis                       Multiple issues
DSA-2309     openssl                      Compromised certificate authority
DSA-2310     linux-2.6                    Multiple issues

Debian Installer

The Debian Installer has been updated to incorporate a new kernel
containing a number of important and security-related fixes.

Removed package

The following package was removed due to circumstances beyond our control:

Package            Reason

pixelpost          Unmaintained, multiple security issues


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <[hidden email]>, or contact
the stable release team at <[hidden email]>

To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20111001181847.GP3666@...