Debian 5.0.9发布

On 2011年10月4日, in soft, by netoearth

The Debian project is pleased to announce the ninth update of its oldstable distribution Debian GNU/Linux 5.0 (codename lenny). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustment to serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian GNU/Linux 5.0 but only updates some of the packages included. There is no need to throw away 5.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from won’t have to update many packages and most updates from are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following packages:

Package Reason
aptitude Fix symlink attack in hierarchy editor
atop Insecure use of temporary files
base-files Update /etc/debian_version for the point release
conky Fix file overwrite vulnerability
dokuwiki RSS XSS security fix
klibc Escape ipconfig’s DHCP options
linux-2.6 Several security updates and select fixes from upstream
magpierss Fix cross-site scripting vulnerability (CVE-2011-0740)
mediawiki Protect against CSS injection vulnerability
openldap Security fixes
openssl Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
pmake Fix symlink attack via temporary files
sun-java6 New upstream security update
tesseract Disable xterm-based debug windows to avoid file overwrite vulnerability
tzdata New upstream version
user-mode-linux Rebuild against linux-2.6 2.6.26-27
v86d Fix CVE-2011-1070: failure to validate netlink message sender; do not include random kernel headers in CFLAGS
vftool Fix a buffer overflow in linetoken() in parseAFM.c
xorg-server GLX: don’t crash in SwapBuffers if we don’t have a context

Due to the timing of this point release relative to the next update for the stable release (Debian 6.0 squeeze), the versions of atop and tzdata included in this point release are higher than the corresponding packages currently in stable. The next stable point release is planned for one week’s time, after which the package versions in stable will once again be higher, as expected.

We do not expect that this situation will cause any issues with upgrades from oldstable to the stable release during this short period of time, but please report any such issues which do arise. (See the Contact Information section below).

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s)
DSA-2043 vlc Arbitrary code execution
DSA-2149 dbus Denial of service
DSA-2150 request-tracker3.6 Salt password hashing
DSA-2151 Multiple issues
DSA-2152 hplip Buffer overflow
DSA-2153 user-mode-linux Multiple issues
DSA-2153 linux-2.6 Multiple issues
DSA-2154 exim4 Privilege escalation
DSA-2155 freetype Multiple issues
DSA-2156 pcsc-lite Buffer overflow
DSA-2157 postgresql-8.3 Buffer overflow
DSA-2158 cgiirc Cross-site scripting flaw
DSA-2165 ffmpeg-debian Buffer overflow
DSA-2167 phpmyadmin SQL injection
DSA-2168 openafs Multiple issues
DSA-2169 telepathy-gabble Missing input validation
DSA-2170 mailman Multiple issues
DSA-2171 asterisk Buffer overflow
DSA-2172 moodle Multiple issues
DSA-2173 pam-pgsql Buffer overflow
DSA-2174 avahi Denial of service
DSA-2175 samba Missing input sanitising
DSA-2176 cups Multiple issues
DSA-2179 dtc SQL injection
DSA-2181 subversion Denial of service
DSA-2182 logwatch Remote code execution
DSA-2183 nbd Arbitrary code execution
DSA-2186 xulrunner Multiple issues
DSA-2191 proftpd-dfsg Multiple issues
DSA-2195 php5 Multiple issues
DSA-2196 maradns Buffer overflow
DSA-2197 quagga Denial of service
DSA-2200 xulrunner Update HTTPS certificate blacklist
DSA-2200 nss Compromised certificate authority
DSA-2201 wireshark Multiple issues
DSA-2203 nss Update HTTPS certificate blacklist
DSA-2204 imp4 Insufficient input sanitising
DSA-2206 mahara Multiple issues
DSA-2207 tomcat5.5 Multiple issues
DSA-2208 bind9 Issue with processing of new DNSSEC DS records
DSA-2210 tiff Multiple issues
DSA-2211 vlc Missing input sanitising
DSA-2213 x11-xserver-utils Missing input sanitizing
DSA-2214 ikiwiki Missing input validation
DSA-2217 dhcp3 Missing input sanitizing
DSA-2219 xmlsec1 File overwrite
DSA-2220 request-tracker3.6 Multiple issues
DSA-2225 asterisk Multiple issues
DSA-2226 libmodplug Buffer overflow
DSA-2228 xulrunner Multiple issues
DSA-2233 postfix Multiple issues
DSA-2234 zodb Multiple issues
DSA-2242 cyrus-imapd-2.2 Implementation error
DSA-2243 unbound Design flaw
DSA-2244 bind9 Wrong boundary condition
DSA-2246 mahara Multiple issues
DSA-2247 rails Multiple issues
DSA-2248 ejabberd Denial of service
DSA-2250 citadel Denial of service
DSA-2253 fontforge Buffer overflow
DSA-2254 oprofile Command injection
DSA-2255 libxml2 Buffer overflow
DSA-2260 rails Multiple issues
DSA-2264 user-mode-linux Multiple issues
DSA-2264 linux-2.6 Multiple issues
DSA-2266 php5 Multiple issues
DSA-2268 xulrunner Multiple issues
DSA-2272 bind9 Denial of service
DSA-2274 wireshark Multiple issues
DSA-2276 asterisk Multiple issues
DSA-2277 xml-security-c Buffer overflow
DSA-2278 horde3 Multiple issues
DSA-2280 libvirt Multiple issues
DSA-2286 phpmyadmin Multiple issues
DSA-2288 libsndfile Integer overflow
DSA-2289 typo3-src Multiple issues
DSA-2290 samba Cross-side scripting
DSA-2291 squirrelmail Multiple issues
DSA-2292 dhcp3 Denial of service
DSA-2293 libxfont Buffer overflow
DSA-2294 freetype Missing input sanitization
DSA-2296 xulrunner Multiple issues
DSA-2298 apache2 Denial of service
DSA-2298 apache2-mpm-itk Denial of service
DSA-2300 nss Compromised certificate authority
DSA-2301 rails Multiple issues
DSA-2302 bcfg2 Arbitrary code execution
DSA-2304 squid3 Buffer overflow
DSA-2308 mantis Multiple issues
DSA-2309 openssl Compromised certificate authority
DSA-2310 linux-2.6 Multiple issues

Debian Installer

The Debian Installer has been updated to incorporate a new kernel containing a number of important and security-related fixes.

Removed package

The following package was removed due to circumstances beyond our control:

Package Reason
pixelpost unmaintained, multiple security issues


The complete lists of packages that have changed with this revision:

The current oldstable distribution:

Proposed updates to the oldstable distribution:

oldstable distribution information (release notes, errata etc.):

Security announcements and information:

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at, send mail to <>, or contact the stable release team at <>.

Tagged with:  

Comments are closed.