Inicio > Debian, Linux > Ya está disponible la actualización de Debian Lenny

Ya está disponible la actualización de Debian Lenny

Sábado, 26 junio 2010

Hola,

desde hoy ya tenemos disponible para descarga la quinta actualización de Debian Lenny. Hay que recordar que esto no costituye una versión nueva ya que solo añade todas las actualizaciones de seguridad que salieron desde la publicación de Debian Lenny.

Paso a copiar el correo recibido de la lista de distribución de Debian.

————————————————————————-
The Debian Project                                 http://www.debian.org/
Debian GNU/Linux 5.0 updated                             press@debian.org
June 26th, 2010                  http://www.debian.org/News/2010/20100626
————————————————————————-

Debian GNU/Linux 5.0 updated

The Debian project is pleased to announce the fifth update of its stable
distribution Debian GNU/Linux 5.0 (codename “lenny”).  This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included.  There is
no need to throw away 5.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

<http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes
———————-

This stable update adds a few important corrections to the following
packages:

Package                          Reason

alien-arena                      Fix a buffer overflow and a denial of service
apache2                          Add missing psmisc dependency; fix memory leak in brigade cleanup
apache2-mpm-itk                  Ensure child processes get correctly reaped on reload
apr                              Set FD_CLOEXEC on file descriptors to avoid potential leaks
apt                              Allow Files sections to contain more than 999 characters
base-files                       Update /etc/debian_version for the point release
cpio                             Fix buffer overflow in rmt_read__
dia2code                         Fix segfault parsing large files
gtk+2.0                          Fix hang when printing large documents
libapache-dbi-perl               Fix loading of module from Apache startup files
libapache2-mod-perl2             Fix XSS in Apache2::Status
libjavascript-perl               Fix segfault when calling non-existent function
libjson-ruby                     Fix parser DoS and use libjs-prototype rather than embedding the library
liblog-handler-perl              Add missing dependency on libuniversal-require-perl
libmediawiki-perl                Update to match mediawiki changes
libnamespace-clean-perl          Add missing dependency on libscope-guard-perl
libnet-smtp-server-perl          Add missing dependency on libnet-dns-perl
libxext                          Ensure display lock is held before calling XAllocID
linux-2.6                        Several fixes and driver updates
mailman                          Don’t add multiple Mime-Version headers
mpg123                           Allow modules to be located again (broken by libltdl security fix)
nano                             Fix symlink attack and arbitrary file ownership change issue
nfs-utils                        Update test for NFS kernel server support in init script to support partial upgrades
nut                              Move library to /lib to allow power-down with separated /usr
open-iscsi                       Fix temporary file vulnerability
openssl                          Check return value of bn_wexpand() (CVE-2009-3245)
openttd                          Fix several DoS and crash vulnerabilities
php5                             Fix overflows, add missing sybase aliases, improve e-mail validation
poppler                          Fix remote code execution via crafted PDF files
postgresql-8.3                   Several vulnerabilities
pyftpd                           Security fixes – disable default users, anonymous access and logging to /tmp
python-support                   Use sane default umask in update-python-modules
request-tracker3.6               Fix login problem introduced in security update
samba                            Fix memory leaks with domain trust passwords; fix interdomain trust with Windows 2008 r2 servers
slim                             Make magic cookie less predictable; don’t save screenshots in /tmp
sun-java5                        Update to new upstream release to fix security issues
sun-java6                        Update to new upstream release to fix security issues
tar                              Security fix in rmt
texlive-bin                      Security fixes in dvips
tla                              Fix DoS in embedded expat library
tzdata                           Update timezone data
usbutils                         Update USB ID list
user-mode-linux                  Rebuild against linux-2.6 2.6.26-24
wordpress                        Fix DoS
xerces-c2                        Fix DoS attack with nested DTDs
xmonad-contrib                   Fix installability on 64-bit architectures
xserver-xorg-input-elographics   Prevent X server hangs when using the touchscreen
xserver-xorg-video-intel         Add support for ASUS eeetop LVDS output

Note that due to problems with the package build process, updated sun-java5
and sun-java6 packages for the ia64 architecture are not included in this
point release.  These packages will be provided in proposed-updates as soon
as they are available and included in a future point release.

Kernel Updates
————–

The kernel images included in this point release incorporate a number of
important and security-related fixes together with support for additional
hardware.

On the amd64 and i386 architectures, support has been re-introduced for
automatically running the lilo bootloader when a kernel image is added,
updated or removed in order to ensure that this is correctly registered
with the bootloader.

Debian Installer
—————-

The Debian Installer has been updated in this point release to correct
an issue with the display of the “BIOS boot area” partitioner option
when using GPT partitions and to update the list of available mirror
servers for package installation.

The kernel image used by the installer has been updated to incorporate a
number of important and security-related fixes together with support for
additional hardware.

Security Updates
—————-

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID    Package                 Correction(s)

DSA 1841       git-core                Denial of service
DSA 1955       network-manager-applet  Information disclosure
DSA 1973       glibc                   Information disclosure
DSA 1977       python2.4               Several vulnerabilities
DSA 1977       python2.5               Several vulnerabilities
DSA 1980       ircd-ratbox             Arbitrary code execution
DSA 1981       maildrop                Privilege escalation
DSA 1982       hybserv                 Denial of service
DSA 1983       wireshark               Several vulnerabilities
DSA 1984       libxerces2-java         Denial of service
DSA 1985       sendmail                Insufficient input validation
DSA 1986       moodle                  Several vulnerabilities
DSA 1987       lighttpd                Denial of service
DSA 1988       qt4-x11                 Several vulnerabilities
DSA 1989       fuse                    Denial of service
DSA 1990       trac-git                Code execution
DSA 1991       squid3                  Denial of service
DSA 1992       chrony                  Denial of service
DSA 1993       otrs2                   SQL injection
DSA 1994       ajaxterm                Session hijacking
DSA 1995       openoffice.org Several vulnerabilities
DSA 1996       linux-2.6               Several vulnerabilities
DSA 1997       mysql-dfsg-5.0          Several vulnerabilities
DSA 1998       kdelibs                 Arbitrary code execution
DSA 1999       xulrunner               Several vulnerabilities
DSA 2000       ffmpeg-debian           Several vulnerabilities
DSA 2001       php5                    Multiple vulnerabilities
DSA 2002       polipo                  Denial of service
DSA 2004       samba                   Several vulnerabilities
DSA 2006       sudo                    Several vulnerabilities
DSA 2007       cups                    Arbitrary code execution
DSA 2008       typo3-src               Several vulnerabilities
DSA 2009       tdiary                  Cross-site scripting
DSA 2010       kvm                     Several vulnerabilities
DSA 2011       dpkg                    Path traversal
DSA 2012       user-mode-linux         Several vulnerabilities
DSA 2012       linux-2.6               Several vulnerabilities
DSA 2013       egroupware              Several vulnerabilities
DSA 2014       moin                    Several vulnerabilities
DSA 2015       drbd8                   Privilege escalation
DSA 2015       linux-modules-extra-2.6 Privilege escalation
DSA 2016       drupal6                 Several vulnerabilities
DSA 2017       pulseaudio              Insecure temporary directory
DSA 2018       php5                    Null pointer dereference
DSA 2019       pango1.0                Denial of service
DSA 2020       ikiwiki                 Cross-site scripting
DSA 2021       spamass-milter          Missing input sanitization
DSA 2022       mediawiki               Several vulnerabilities
DSA 2023       curl                    Arbitrary code execution
DSA 2024       moin                    Cross-site scripting
DSA 2025       icedove                 Several vulnerabilities
DSA 2026       netpbm-free             Denial of service
DSA 2027       xulrunner               Several vulnerabilities
DSA 2028       xpdf                    Several vulnerabilities
DSA 2029       imlib2                  Arbitrary code execution
DSA 2030       mahara                  SQL injection
DSA 2031       krb5                    Denial of service
DSA 2032       libpng                  Several vulnerabilities
DSA 2033       ejabberd                Denial of service
DSA 2034       phpmyadmin              Several vulnerabilities
DSA 2035       apache2                 Several vulnerabilities
DSA 2036       jasper                  Denial of service
DSA 2037       kdebase                 Privilege escalation
DSA 2038       pidgin                  Denial of service
DSA 2039       cacti                   Missing input sanitising
DSA 2040       squidguard              Several vulnerabilities
DSA 2041       mediawiki               Cross-site request forgery
DSA 2042       iscsitarget             Arbitrary code execution
DSA 2044       mplayer                 Arbitrary code execution
DSA 2045       libtheora               Arbitrary code execution
DSA 2046       phpgroupware            Several vulnerabilities
DSA 2047       aria2                   Directory traversal
DSA 2048       dvipng                  Arbitrary code execution
DSA 2049       barnowl                 Arbitrary code execution
DSA 2050       postgresql-8.3          Several vulnerabilities
DSA 2052       krb5                    Denial of service
DSA 2053       linux-2.6               Several issues
DSA 2054       bind9                   Cache poisoning
DSA 2055       openoffice.org Arbitrary code execution
DSA 2056       zonecheck               Cross-site scripting
DSA 2057       mysql-dfsg-5.0          Several vulnerabilities
DSA 2058       pcsc-lite               Privilege escalation
DSA 2058       glibc                   Several vulnerabilities
DSA 2060       cacti                   SQL injection
DSA 2062       sudo                    Missing input sanitization
DSA 2063       pmount                  Denial of service

Removed packages
—————-

The following packages were removed due to circumstances beyond our
control:

Package             Reason

eclipse             incompatible with stable’s xulrunner; not easily fixable
eclipse-cdt         depends on removed eclipse
eclipse-nls-sdk     depends on removed eclipse

URLs
—-

The complete list of packages that have changed with this revision:

<http://ftp.debian.org/debian/dists/lenny/ChangeLog>

The current stable distribution:

<http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

<http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

<http://www.debian.org/releases/stable/>

Security announcements and information:

<http://www.debian.org/security/>

About Debian
————

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating systems Debian GNU/Linux.

Contact Information
——————-

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>

Anuncios
Categorías:Debian, Linux Etiquetas: , ,
A %d blogueros les gusta esto: