Versie 5.0 van het besturingssysteem Debian GNU/Linux is voorzien van een nieuwe release, die 5.0.4 als versieaanduiding heeft meegekregen. De veranderingen zijn voornamelijk beveiligingsupdates en bugfixes in de meegeleverde packages. Zoals gewoonlijk is de update beschikbaar voor verschillende hardwareplatformen, zoals Alpha, ARM, i386, x86-64, ia64, MIPS, PowerPC en Sparc. De aankondiging ziet er als volgt uit:
Debian GNU/Linux 5.0 updated
The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 5.0 (codename "lenny"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/mirror/list
This stable update adds a few important corrections to the following packages:
A number of packages were rebuilt on the alpha, amd64 and ia64 architectures to incorporate the fix from the updated ghc6 package:
New version of the debian-installer
The Debian Installer has been updated in this point release to offer better support for installation of the "oldstable" distribution and from archive.debian.org. The new installer also allows the system date to be updated using NTP if it is before January 1st, 1970 at boot time.
The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware.
An update to the udev package in the previous point release unfortunately led to the LEDs and on-board buzzer of arm/armel-based QNAP NAS devices not operating during installs. This is rectified in the new installer release.
Finally, it is once again possible to use the installer on the S/390 architecture by booting from CD.
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID Package Correction(s) DSA-1796 libwmf Denial of service DSA-1825 nagios3 Arbitrary code execution DSA-1835 tiff Several vulnerabilities DSA-1836 fckeditor Arbitrary code execution DSA-1837 dbus Denial of service DSA-1839 gst-plugins-good0.10 Arbitrary code execution DSA-1849 xml-security-c Signature forgery DSA-1850 libmodplug Arbitrary code execution DSA-1860 ruby1.9 Several issues DSA-1863 zope2.10 Arbitrary code execution DSA-1866 kdegraphics Several vulnerabilities DSA-1868 kde4libs Several vulnerabilities DSA-1878 devscripts Remote code execution DSA-1879 silc-client Arbitrary code execution DSA-1879 silc-toolkit Arbitrary code execution DSA-1880 openoffice.org Arbitrary code execution DSA-1882 xapian-omega Cross-site scripting DSA-1884 nginx Arbitrary code execution DSA-1885 xulrunner Several vulnerabilities DSA-1886 iceweasel Several vulnerabilities DSA-1887 rails Cross-site scripting DSA-1888 openssl Deprecate MD2 hash signatures DSA-1889 icu Security bypass due to multibyte sequence parsing DSA-1890 wxwidgets2.6 Arbitrary code execution DSA-1890 wxwidgets2.8 Arbitrary code execution DSA-1891 changetrack Arbitrary code execution DSA-1892 dovecot Arbitrary code execution DSA-1893 cyrus-imapd-2.2 Arbitrary code execution DSA-1893 kolab-cyrus-imapd Arbitrary code execution DSA-1894 newt Arbitrary code execution DSA-1895 opensaml2 Interpretation conflict DSA-1895 shibboleth-sp2 Interpretation conflict DSA-1895 xmltooling Potential code execution DSA-1896 opensaml Potential code execution DSA-1896 shibboleth-sp Potential code execution DSA-1897 horde3 Arbitrary code execution DSA-1898 openswan Denial of service DSA-1899 strongswan Denial of service DSA-1900 postgresql-8.3 Various problems DSA-1903 graphicsmagick Several vulnerabilities DSA-1904 wget SSL certificate verification weakness DSA-1905 python-django Denial of service DSA-1907 kvm Several vulnerabilities DSA-1908 samba Several vulnerabilities DSA-1909 postgresql-ocaml Missing escape function DSA-1910 mysql-ocaml Missing escape function DSA-1911 pygresql Missing escape function DSA-1912 advi Arbitrary code execution DSA-1912 camlimages Arbitrary code execution DSA-1913 bugzilla SQL injection DSA-1914 mapserver Serveral vulnerabilities DSA-1915 linux-2.6 Several vulnerabilities DSA-1915 user-mode-linux Several vulnerabilities DSA-1916 kdelibs SSL certificate verification weakness DSA-1917 mimetex Several vulnerabilities DSA-1918 phpmyadmin Several vulnerabilities DSA-1919 smarty Several vulnerabilities DSA-1920 nginx Denial of service DSA-1921 expat Denial of service DSA-1922 xulrunner Several vulnerabilities DSA-1923 libhtml-parser-perl Denial of service DSA-1924 mahara Several vulnerabilities DSA-1925 proftpd-dfsg SSL certificate verification weakness DSA-1926 typo3-src Several vulnerabilities DSA-1930 drupal6 Several vulnerabilities DSA-1931 nspr Several vulnerabilities DSA-1932 pidgin Arbitrary code execution DSA-1933 cups Cross-site scripting DSA-1934 apache2 Several issues DSA-1934 apache2-mpm-itk Several issues DSA-1935 gnutls26 SSL certificate NUL byte vulnerability DSA-1936 libgd2 Several vulnerabilities DSA-1937 gforge Cross-site scripting DSA-1938 php-mail Insufficient input sanitising DSA-1939 libvorbis Several vulnerabilities DSA-1940 php5 Multiple issues DSA-1941 poppler Several vulnerabilities DSA-1942 wireshark Several vulnerabilities DSA-1944 request-tracker3.6 Session hijack vulnerability DSA-1945 gforge Denial of service DSA-1947 opensaml2 Cross-site scripting DSA-1947 shibboleth-sp Cross-site scripting DSA-1947 shibboleth-sp2 Cross-site scripting DSA-1948 ntp Denial of service DSA-1949 php-net-ping Arbitrary code execution DSA-1950 webkit Several vulnerabilities DSA-1951 firefox-sage Insufficient input sanitizing DSA-1952 asterisk Several vulnerabilities DSA-1953 expat Denial of service DSA-1954 cacti Insufficient input sanitising DSA-1956 xulrunner Several vulnerabilities DSA-1957 aria2 Arbitrary code execution DSA-1958 libtool Privilege escalation DSA-1959 ganeti Arbitrary command execution DSA-1960 acpid Weak file permissions DSA-1961 bind9 Cache poisoning DSA-1962 kvm Several vulnerabilities DSA-1963 unbound DNSSEC validation DSA-1964 postgresql-8.3 Several vulnerabilities DSA-1965 phpldapadmin Remote file inclusion DSA-1966 horde3 Cross-site scripting DSA-1967 transmission Directory traversal DSA-1968 pdns-recursor Potential code execution DSA-1969 krb5 Denial of service DSA-1970 openssl Denial of service DSA-1971 libthai Arbitrary code execution DSA-1972 audiofile Buffer overflow DSA-1974 gzip Arbitrary code execution DSA-1976 dokuwiki Several vulnerabilities DSA-1978 phpgroupware Several vulnerabilities DSA-1979 lintian Multiple vulnerabilities DSA-1980 ircd-hybrid Arbitrary code execution
The following packages were removed due to circumstances beyond our control:
Package Reason destar Security issues; unmaintained; abandoned upstream electricsheep No longer functional gnudip Security issues; unmaintained; abandoned upstream kcheckgmail No longer functional libgnucrypto-java Security issues; obsolete
Additionally those parts of the libwww-search-perl and libperl4caml-ocaml-dev packages which rely on the Google SOAP search API (provided by libnet-google-perl) are no longer functional as the API has been retired by Google. The remaining portions of the packages will continue to function as before.