Inicio > Debian, Linux > Ya está disponible la actualización 5.0.8 para Debian GNU/Linux Lenny

Ya está disponible la actualización 5.0.8 para Debian GNU/Linux Lenny

Lunes, 24 enero 2011


este fin de semana me llegó el aviso de la lista de correo de Debian de que ya tenemos disponible la actualización 5.0.8 para Debian Lenny.


The Debian Project                       
pdated Debian GNU/Linux: 5.0.8 released        
January 22nd, 2011     

Updated Debian GNU/Linux: 5.0.8 released

The Debian project is pleased to announce the eighth update of its stable distribution Debian GNU/Linux 5.0 (codename “lenny”).  This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included.  There is
no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from won’t have to update many packages and most updates from are included in this update.

New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors.  A comprehensive list of mirrors is available at:


Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package                          Reason

awstats                          Fix directory traversal via crafted LoadPlugin directory
base-files                       Update debian_version for the point release
boxbackup                        Reduce root CA expiration date to avoid overflow in 2038
git-core                         Fix cross-site scripting vulnerability
gquilt                           Insecure setting of PYTHONPATH
hamlib                           Use system libltdl rather than an internal copy vulnerable to CVE-2009-3736
ia32-libs                        Refresh with new packages from lenny and lenny-security
ia32-libs-gtk                    Refresh with new packages from lenny and lenny-security
ldap-account-manager             Fix upgrades from lenny by dropping master password debconf question
libcgi-pm-perl                   Fix header-parsing related security issues
libcgi-simple-perl               Fix header-parsing related security issues
libgadu                          Fix memory corruption when removing dcc7 sessions
man-db                           Suppress locale warnings when being run from a dpkg maintainer script
mediawiki                        Deny framing on most pages to minimise risk of clickjacking
movabletype-opensource           Fix various XSS and SQL security issues
mumble                           Don’t make configuration file world-readable; delete /var/lib/mumble-server on purge
opensc                           Protect against buffer overflow from rogue cards
perl                             Fix header-parsing related security bugs; update to Safe-2.25
postgresql-8.3                   New upstream bugfix release
spamassassin                     Update list of ARIN netblock delegations to avoid false positives in RelayEval
splashy                          Modify to avoid issues if splashy is removed but not purged
surfraw                          Update Debian security-tracker URL
user-mode-linux                  Rebuild against linux-source-2.6.26 (2.6.26-26lenny1)
xdigger                          Fix buffer overflow errors

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these updates:

Advisory ID        Package                 Correction(s)

DSA-2110           linux-2.6               Several issues
DSA-2122           glibc                   Privilege escalation
DSA-2126           linux-2.6               Several issues
DSA-2127           wireshark               Denial of service
DSA-2128           libxml2                 Potential code execution
DSA-2129           krb5                    Checksum verification weakness
DSA-2130           bind9                   Denial of service
DSA-2131           exim4                   Remote code execution
DSA-2132           xulrunner               Several vulnerabilities
DSA-2133           collectd                Denial of service
DSA-2135           xpdf                    Several vulnerabilities
DSA-2136           tor                     Potential code execution
DSA-2137           libxml2                 Several vulnerabilities
DSA-2138           wordpress               SQL injection
DSA-2139           phpmyadmin              Several
DSA-2140           libapache2-mod-fcgid    Stack overflow
DSA-2141           apache2                 Add backward compatibility options when used with new openssl
DSA-2141           nss                     Protocol design flaw
DSA-2141           apache2-mpm-itk         Rebuild with apache2-src 2.2.9-10+lenny9
DSA-2141           openssl                 Protocol design flaw
DSA-2141           lighttpd                Compatibility problem with updated openssl
DSA-2142           dpkg                    Directory traversal
DSA-2143           mysql-dfsg-5.0          Several vulnerabilities
DSA-2144           wireshark               Buffer overflow
DSA-2145           libsmi                  Buffer overflow
DSA-2146           mydms                   Directory traversal problem
DSA-2147           pimd                    Insecure temporary files
DSA-2148           tor                     Several

Removed packages

The following packages were removed due to circumstances beyond our control:

Package                   Reason

pytris                    security issues; abandoned upstream
python-gendoc             broken with python >= 2.5
clive                     completely broken
gmailfs                   broken due to gmail changes; abandoned upstream
python-libgmail           broken due to gmail changes; abandoned upstream

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at <>, send mail to <>, or contact the stable release team at <>

Categorías:Debian, Linux Etiquetas: , ,
A %d blogueros les gusta esto: