SF-LUG Re:Debian UPDATES
Bobbie Sellers
bliss-sf4ever at dslextreme.com
Mon Oct 20 10:13:33 PDT 2014
I thought some of the users might be interested in this announcement.
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 7: 7.7 released press at debian.org
October 18th, 2014 https://www.debian.org/News/2014/20141018
------------------------------------------------------------------------
The Debian project is pleased to announce the seventh update of its
stable distribution Debian 7 (codename "wheezy"). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustments for serious problems. Security advisories were already
published separately and are referenced where available.
Please note that this update does not constitute a new version of Debian
7 but only updates some of the packages included. There is no need to
throw away old "wheezy" CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New installation media and CD and DVD images containing updated packages
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| at | Only retain variables whose name |
| | consists of alphanumerics and |
| | underscores, preventing jobs from |
| | failing in case bash exports functions |
| | to the environment with the changes from |
| | DSA-3035 |
| axis | Fix MITM attack on SSL caused by |
| | incomplete fix for CVE-2012-5784 |
| | [CVE-2014-3596] |
| base-files | Update for the point release |
| blender | Fix illegal hardware instruction |
| ca-certificates | Update Mozilla certificate bundle; fix |
| | certdata2pem.py for multiple CAs using |
| | the same CKA_LABEL |
| debian-archive- | Add jessie stable release key |
| keyring | |
| debian-installer | Rebuild for the point release |
| debian-installer- | Update to 20130613+deb7u2+b3 images |
| netboot-images | |
| debsums | Suppress reporting conffiles which were |
| | moved to a new package as modified in |
| | the old package |
| dwm | Fix broken patch headers |
| eglibc | Fix invalid file descriptor reuse while |
| | sending DNS query; fix stack overflow |
| | issues [CVE-2013-4357]; fix a localplt |
| | regression introduced in version 2.13- |
| | 38+deb7u3 [CVE-2014-0475]; fix a memory |
| | leak with dlopen() and thread-local |
| | storage variables; re-include all |
| | documentation, accidentally broken in |
| | earlier uploads |
| exim4 | Stop unwanted double expansion of |
| | arguments to mathematical comparison |
| | operations [CVE-2014-2972] |
| flashplugin-nonfree | Fix downgrade vulnerability, update |
| | dependencies |
| foremost | Fix invalid patch header |
| getfem++ | Fix broken patch headers |
| gnubg | Fix crash on "end game" when gnubg is |
| | run with the -t option |
| hawtjni | Fix /tmp race condition with arbitrary |
| | code execution [CVE-2013-2035] |
| ipython | Fix remote execution via cross origin |
| | websocket [CVE-2014-3429] |
| iso-scan | Do not error out when searching in |
| | folders with shell-special characters in |
| | their name |
| keyutils | Use the default compression level for xz |
| | for binary packages |
| kvpm | Fix invalid patch header |
| libdatetime-timezone- | New upstream release |
| perl | |
| libplack-perl | Avoid unintended file access due to |
| | incorrect stripping of trailing slashes |
| | from provided paths [CVE-2014-5269] |
| libsnmp-session- | Fix perl warnings with libsocket6-perl |
| perl | installed |
| linux | Update to upstream stable 3.2.63; update |
| | drm and agp to 3.4.103; udf: avoid |
| | infinite loop when processing indirect |
| | ICBs [CVE-2014-6410]; libceph: do not |
| | hard code max auth ticket len [CVE-2014- |
| | 6416 CVE-2014-6417 CVE-2014-6418]; add |
| | pata_rdc to pata-modules udeb and |
| | virtio_scsi to virtio-modules udeb; |
| | sp5100_tco: reject SB8x0 chips |
| live-config | Disable SSH login at boot |
| nana | Rebuild with debhelper from wheezy to |
| | get rid of install-info calls in |
| | maintainer scripts; add dummy empty |
| | prerm script to allow upgrading the |
| | package after is not available |
| net-snmp | Fix "snmpd: produces error if the |
| | Executables/scripts entries in |
| | snmpd.conf is over 50" ; security fixes |
| | [CVE-2014-2285 CVE-2014-3565 CVE-2012- |
| | 6151] |
| netcfg | Fix support for entering an ESSID |
| | manually |
| oss-compat | Use softdep directives in the modprobe |
| | configuration; remove oss-compat.conf |
| | when removing the package |
| perl | Don't recurse infinitely in Data::Dumper |
| | [CVE-2014-4330] |
| php-getid3 | Improve fix for XXE security issue |
| | [CVE-2014-2053] |
| postgresql-8.4 | New upstream release |
| postgresql-9.1 | New upstream release |
| proftpd-dfsg | Fix overlapping buffer leading to SFTP |
| | crashes and stalls |
| qlandkartegt | Update user agent string |
| scotch | Rebuild on amd64 to correct openmpi |
| | dependency |
| supervisor | Fix restart and formatting problems with |
| | the init script |
| tor | Use correct byte order when sending the |
| | address of the chosen rendezvous point |
| | to a hidden service; update IP address |
| | for the gabelmoo v3 directory authority |
| tzdata | New upstream release |
| unattended-upgrades | Add "oldstable" to the list of |
| | accepted origins for security packages |
| virtinst | Unbreak virtinst with newer python- |
| | libvirt |
| wireless-regdb | New upstream release |
| witty | Fix symlink to jPlayer skin Blue Monday |
| xdg-utils | Use /bin/echo rather than echo -e in |
| | xdg-mail |
+--------------------------+------------------------------------------+
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-2765 | davfs2 |
| DSA-2926 | linux |
| DSA-2940 | libstruts1.2-java |
| DSA-2949 | linux |
| DSA-2972 | linux |
| DSA-2973 | vlc |
| DSA-2974 | php5 |
| DSA-2975 | phpmyadmin |
| DSA-2976 | eglibc |
| DSA-2977 | libav |
| DSA-2978 | libxml2 |
| DSA-2979 | fail2ban |
| DSA-2981 | polarssl |
| DSA-2982 | ruby-activerecord-3.2 |
| DSA-2983 | drupal7 |
| DSA-2984 | acpi-support |
| DSA-2985 | mysql-5.5 |
| DSA-2988 | transmission |
| DSA-2989 | apache2 |
| DSA-2990 | cups |
| DSA-2991 | modsecurity-apache |
| DSA-2992 | linux |
| DSA-2993 | tor |
| DSA-2994 | nss |
| DSA-2995 | lzo2 |
| DSA-2997 | reportbug |
| DSA-2998 | openssl |
| DSA-2999 | drupal7 |
| DSA-3000 | krb5 |
| DSA-3001 | wordpress |
| DSA-3002 | wireshark |
| DSA-3003 | libav |
| DSA-3004 | kde4libs |
| DSA-3005 | gpgme1.0 |
| DSA-3006 | xen |
| DSA-3007 | cacti |
| DSA-3008 | php5 |
| DSA-3009 | python-imaging |
| DSA-3010 | python-django |
| DSA-3011 | mediawiki |
| DSA-3012 | eglibc |
| DSA-3013 | s3ql |
| DSA-3014 | squid3 |
| DSA-3015 | lua5.1 |
| DSA-3016 | lua5.2 |
| DSA-3017 | php-cas |
| DSA-3019 | procmail |
| DSA-3020 | acpi-support |
| DSA-3021 | file |
| DSA-3022 | curl |
| DSA-3023 | bind9 |
| DSA-3024 | gnupg |
| DSA-3025 | apt |
| DSA-3026 | dbus |
| DSA-3027 | libav |
| DSA-3029 | nginx |
| DSA-3030 | mantis |
| DSA-3031 | apt |
| DSA-3032 | bash |
| DSA-3033 | nss |
| DSA-3035 | bash |
| DSA-3036 | mediawiki |
| DSA-3038 | libvirt |
| DSA-3039 | chromium-browser |
| DSA-3040 | rsyslog |
| DSA-3041 | xen |
| DSA-3042 | exuberant-ctags |
| DSA-3043 | tryton-server |
| DSA-3044 | qemu-kvm |
| DSA-3045 | qemu |
| DSA-3046 | mediawiki |
| DSA-3047 | rsyslog |
| DSA-3048 | apt |
+----------------+----------------------------+
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+------------------+------------------------------+
| Package | Reason |
+------------------+------------------------------+
| ctn | Undistributable |
| ssdeep | Undistributable |
| dicomnifti | Depends on to-be-removed ctn |
| ctsim | Depends on to-be-removed ctn |
+------------------+------------------------------+
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/wheezy/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://security.debian.org/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press at debian.org>, or contact the
stable release team at <debian-release at lists.debian.org>.
More information about the sf-lug
mailing list