Nuovo aggiornamento per Lenny

Il Progetto Debian è lieto di annunciare il quinto aggiornamento per Debian 5.0, Lenny. Ovviamente questa non è una nuova release. Con  questo aggiornamento vengono corretti alcuni bug ed alcuni problemi relativi alla sicurezza. Coloro che hanno aggiornato quotidianamente non devono fare nulla, chi non lo ha fatto basta il solito

  • apt-get update
  • apt-get upgrade

Per coloro che non hanno una connessione veloce fra poco sarà disponibile un cd con solo gli upgrade.

Debian GNU/Linux 5.0 updated
June 26th, 2010

The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to- date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
http://www.debian.org/mirror/list
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:

Package
Reason

alien-arena
Fix a buffer overflow and a denial of service

apache2
Add missing psmisc dependency; fix memory leak in brigade cleanup

apache2-mpm-itk
Ensure child processes get correctly reaped on reload

apr
Set FD_CLOEXEC on file descriptors to avoid potential leaks

apt
Allow Files sections to contain more than 999 characters

base-files
Update /etc/debian_version for the point release

cpio
Fix buffer overflow in rmt_read__

dia2code
Fix segfault parsing large files

gtk+2.0
Fix hang when printing large documents

libapache-dbi-perl
Fix loading of module from Apache startup files

libapache2-mod-perl2
Fix XSS in Apache2::Status

libjavascript-perl
Fix segfault when calling non-existent function

libjson-ruby
Fix parser DoS and use libjs-prototype rather than embedding the library

liblog-handler-perl
Add missing dependency on libuniversal-require-perl

libmediawiki-perl
Update to match mediawiki changes

libnamespace-clean-perl
Add missing dependency on libscope-guard-perl

libnet-smtp-server-perl
Add missing dependency on libnet-dns-perl

libxext
Ensure display lock is held before calling XAllocID

linux-2.6
Several fixes and driver updates

mailman
Don't add multiple Mime-Version headers

mpg123
Allow modules to be located again (broken by libltdl security fix)

nano
Fix symlink attack and arbitrary file ownership change issue

nfs-utils
Update test for NFS kernel server support in init script to support partial upgrades

nut
Move library to /lib to allow power-down with separated /usr

open-iscsi
Fix temporary file vulnerability

openssl
Check return value of bn_wexpand() (CVE-2009-3245)

openttd
Fix several DoS and crash vulnerabilities

php5
Fix overflows, add missing sybase aliases, improve e-mail validation

poppler
Fix remote code execution via crafted PDF files

postgresql-8.3
Several vulnerabilities

pyftpd
Security fixes - disable default users, anonymous access and logging to /tmp

python-support
Use sane default umask in update-python-modules

request-tracker3.6
Fix login problem introduced in security update

samba
Fix memory leaks with domain trust passwords; fix interdomain trust with Windows 2008 r2 servers

slim
Make magic cookie less predictable; don't save screenshots in /tmp

sun-java5
Update to new upstream release to fix security issues

sun-java6
Update to new upstream release to fix security issues

tar
Security fix in rmt

texlive-bin
Security fixes in dvips

tla
Fix DoS in embedded expat library

tzdata
Update timezone data

usbutils
Update USB ID list

user-mode-linux
Rebuild against linux-2.6 2.6.26-24

wordpress
Fix DoS

xerces-c2
Fix DoS attack with nested DTDs

xmonad-contrib
Fix installability on 64-bit architectures

xserver-xorg-input-elographics
Prevent X server hangs when using the touchscreen

xserver-xorg-video-intel
Add support for ASUS eeetop LVDS output

Note that due to problems with the package build process, updated sun-java5 and sun-java6 packages for the ia64 architecture are not included in this point release. These packages will be provided in proposed-updates as soon as they are available and included in a future point release.
Kernel Updates
The kernel images included in this point release incorporate a number of important and security-related fixes together with support for additional hardware.

On the amd64 and i386 architectures, support has been re-introduced for automatically running the lilo bootloader when a kernel image is added, updated or removed in order to ensure that this is correctly registered with the bootloader.
Debian Installer
The Debian Installer has been updated in this point release to correct an issue with the display of the "BIOS boot area" partitioner option when using GPT partitions and to update the list of available mirror servers for package installation.

The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware.
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID
Package
Correction(s)

DSA-1841
git-core
Denial of service

DSA-1955
network-manager-applet
Information disclosure

DSA-1973
glibc
Information disclosure

DSA-1977
python2.4
Several vulnerabilities

DSA-1977
python2.5
Several vulnerabilities

DSA-1980
ircd-ratbox
Arbitrary code execution

DSA-1981
maildrop
Privilege escalation

DSA-1982
hybserv
Denial of service

DSA-1983
wireshark
Several vulnerabilities

DSA-1984
libxerces2-java
Denial of service

DSA-1985
sendmail
Insufficient input validation

DSA-1986
moodle
Several vulnerabilities

DSA-1987
lighttpd
Denial of service

DSA-1988
qt4-x11
Several vulnerabilities

DSA-1989
fuse
Denial of service

DSA-1990
trac-git
Code execution

DSA-1991
squid3
Denial of service

DSA-1992
chrony
Denial of service

DSA-1993
otrs2
SQL injection

DSA-1994
ajaxterm
Session hijacking

DSA-1995
openoffice.org
Several vulnerabilities

DSA-1996
linux-2.6
Several vulnerabilities

DSA-1997
mysql-dfsg-5.0
Several vulnerabilities

DSA-1998
kdelibs
Arbitrary code execution

DSA-1999
xulrunner
Several vulnerabilities

DSA-2000
ffmpeg-debian
Several vulnerabilities

DSA-2001
php5
Multiple vulnerabilities

DSA-2002
polipo
Denial of service

DSA-2004
samba
Several vulnerabilities

DSA-2006
sudo
Several vulnerabilities

DSA-2007
cups
Arbitrary code execution

DSA-2008
typo3-src
Several vulnerabilities

DSA-2009
tdiary
Cross-site scripting

DSA-2010
kvm
Several vulnerabilities

DSA-2011
dpkg
Path traversal

DSA-2012
user-mode-linux
Several vulnerabilities

DSA-2012
linux-2.6
Several vulnerabilities

DSA-2013
egroupware
Several vulnerabilities

DSA-2014
moin
Several vulnerabilities

DSA-2015
drbd8
Privilege escalation

DSA-2015
linux-modules-extra-2.6
Privilege escalation

DSA-2016
drupal6
Several vulnerabilities

DSA-2017
pulseaudio
Insecure temporary directory

DSA-2018
php5
Null pointer dereference

DSA-2019
pango1.0
Denial of service

DSA-2020
ikiwiki
Cross-site scripting

DSA-2021
spamass-milter
Missing input sanitization

DSA-2022
mediawiki
Several vulnerabilities

DSA-2023
curl
Arbitrary code execution

DSA-2024
moin
Cross-site scripting

DSA-2025
icedove
Several vulnerabilities

DSA-2026
netpbm-free
Denial of service

DSA-2027
xulrunner
Several vulnerabilities

DSA-2028
xpdf
Several vulnerabilities

DSA-2029
imlib2
Arbitrary code execution

DSA-2030
mahara
SQL injection

DSA-2031
krb5
Denial of service

DSA-2032
libpng
Several vulnerabilities

DSA-2033
ejabberd
Denial of service

DSA-2034
phpmyadmin
Several vulnerabilities

DSA-2035
apache2
Several vulnerabilities

DSA-2036
jasper
Denial of service

DSA-2037
kdebase
Privilege escalation

DSA-2038
pidgin
Denial of service

DSA-2039
cacti
Missing input sanitising

DSA-2040
squidguard
Several vulnerabilities

DSA-2041
mediawiki
Cross-site request forgery

DSA-2042
iscsitarget
Arbitrary code execution

DSA-2044
mplayer
Arbitrary code execution

DSA-2045
libtheora
Arbitrary code execution

DSA-2046
phpgroupware
Several vulnerabilities

DSA-2047
aria2
Directory traversal

DSA-2048
dvipng
Arbitrary code execution

DSA-2049
barnowl
Arbitrary code execution

DSA-2050
postgresql-8.3
Several vulnerabilities

DSA-2052
krb5
Denial of service

DSA-2053
linux-2.6
Several issues

DSA-2054
bind9
Cache poisoning

DSA-2055
openoffice.org
Arbitrary code execution

DSA-2056
zonecheck
Cross-site scripting

DSA-2057
mysql-dfsg-5.0
Several vulnerabilities

DSA-2058
pcsc-lite
Privilege escalation

DSA-2058
glibc
Several vulnerabilities

DSA-2060
cacti
SQL injection

DSA-2062
sudo
Missing input sanitization

DSA-2063
pmount
Denial of service

Removed packages
The following packages were removed due to circumstances beyond our control:

Package
Reason

eclipse
incompatible with stable's xulrunner; not easily fixable

eclipse-cdt
depends on removed eclipse

eclipse-nls-sdk
depends on removed eclipse

URLs
The complete lists of packages that have changed with this release:
http://ftp.debian.org/debian/dists/lenny/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates/
Stable distribution information (release notes, errata, etc.):
http://www.debian.org/releases/stable/
Security announcements and information:
http://security.debian.org/
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux.

debian.org