LINUX.ORG.RU
ФорумTalks

[стабильность] Debian 5.0.7

 


0

1

для не Ъ: http://www.debian.org/News/2010/20101127

для Ъ:

This stable update adds a few important corrections to the following packages:
Package 	Reason
base-files 	Update /etc/debian_version
bogofilter 	Fix possible heap corruption decoding base64
dar 	Rebuild against libbz2-dev 1.0.5-1+lenny1 (DSA-2112-1/CVE-2010-0405)
dpkg 	Don't lose metadata if readdir() returns newly added files
imagemagick 	Don't read configuration files from the current directory
kvm 	Fix segfault in MMIO subpage handling code
lastfm 	Fix insecure setting of LD_LIBRARY_PATH
libapache-authenhook-perl 	Remove passwords from log messages
libgdiplus 	Fix integer overflows in BMP, JPEG and TIFF handling
libvirt 	Masquerade source ports for virtual network traffic (CVE-2010-2242)
linux-2.6 	Several fixes
mantis 	Fix cross-site scripting issues
mt-daapd 	Handle aeMK tag, required for iTunes 10
openscenegraph 	Fix DoS in embedded copy of lib3ds
perdition 	Fix 64-bit issues; fix SSL re-negotiation; don't call make from postrm
ser2net 	Fix NULL pointer dereference
sun-java6 	Various security fixes
tor 	Import new upstream version from volatile; add compatibility with openssl security update; add new directory authority
ttf-beteckna 	Update hints file to match the shipped fonts
ttf-okolaks 	Update hints file to match the shipped fonts
tzdata 	Updated timezone data and translations
user-mode-linux 	Rebuild against linux-2.6_2.6.26-26
xen-tools 	Don't create world-readable disk images
xorg-server 	Don't create log world-writable; (xfvb-run) don't pass magic xauth cookies on the command line

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID 	Package 	Correction(s)
DSA-1943 	openldap	SSL certificate NUL byte vulnerability
DSA-1991 	squid	Denial of service
DSA-2038 	pidgin	Re-enable SILC, SIMPLE et Yahoo! Messenger protocols
DSA-2050 	kdegraphics	Several vulnerabilities
DSA-2077 	openldap	Potential code execution
DSA-2097 	phpmyadmin	Several vulnerabilities
DSA-2098 	typo3-src	Regression
DSA-2102 	barnowl	Arbitrary code execution
DSA-2103 	smbind	SQL injection
DSA-2104 	quagga	Denial of service
DSA-2105 	freetype	Several vulnerabilities
DSA-2106 	xulrunner	Several vulnerabilities
DSA-2107 	couchdb	Arbitrary code execution
DSA-2108 	cvsnt	Arbitrary code execution
DSA-2109 	samba	Buffer overflow
DSA-2110 	user-mode-linux	Several issues
DSA-2111 	squid3	Denial of service
DSA-2112 	dpkg	Integer overflow
DSA-2112 	bzip2	Integer overflow
DSA-2113 	drupal6	Several vulnerabilities
DSA-2114 	git-core	Regression
DSA-2115 	moodle	Several vulnerabilities
DSA-2116 	freetype	Integer overflow
DSA-2117 	apr-util	Denial of service
DSA-2118 	subversion	Authentication bypass
DSA-2119 	poppler	Several vulnerabilities
DSA-2120 	postgresql-8.3	Privilege escalation
DSA-2121 	typo3-src	Several vulnerabilities
DSA-2122 	glibc	Local privilege escalation
DSA-2123 	nss	Cryptographic weaknesses
DSA-2124 	xulrunner	Several vulnerabilities
DSA-2125 	openssl	Buffer overflow
★★★★★

Ответ на: комментарий от coldy

>на debian.org мы и сами зайти можем

вот ты и иди. Я на 16 аршинах здесь сижу и буду сидеть!

RedPossum ★★★★★
()

Please note that due to an issue with the preparation of the package, the updated linux-2.6 packages included in this point release do not incorporate the security fixes released in DSA 2110-1. DSA 2126-1, which has just been released, includes the updates from both DSA 2110-1 and the linux-2.6 packages from this point release.

Так что советую подключить Debian Security, чтобы получить обновления безопасности для ядра.

ma1uta ★★★
()

good, но я уже перешел на Squeeze на сервере при смене архитектуры.

YAR ★★★★★
()
Ответ на: комментарий от Manhunt

Хотел согласится с тобой. Глянул на «главную» и слегка офигел ...
Так скоро и о ядре linux будет неприлично писать тут: один флуд и ничего нового.

elipse ★★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.