Saludos a todos. En esta ocasión, debo disculparme por la gran ausencia, la cual me mantuvo alejado por un buen tiempo del blog y de la comunidad. Por fortuna, estoy aquí para darles dos buenas noticias: la primera, que salió la quinta actualización de Debian Wheezy; y la segunda, que Debian Squeeze será la primera versión de Debian que tendrá soporte LTS.
Debian Wheezy 7.5
A la fecha en la cual estoy redactando este post, he actualizado felizmente mis dos PC’s con Debian Wheezy a la versión 7.5, las cuales vienen con los siguientes bugfixes (o hotfixes):
| Package | Reason |
|---|---|
| advi | Explicitly pass latexdir to make, avoiding files ending up in non-FHS directories |
| base-files | Update for the point release |
| calendarserver | Update zoneinfo to tzdata 2014a |
| catfish | Fix untrusted search path vulnerability [CVE-2014-2093, CVE-2014-2094, CVE-2014-2095, CVE-2014-2096] |
| certificatepatrol | Declare compatibility with Iceweasel 24 |
| clamav | New upstream release |
| conkeror | Add patches for compatibility with Iceweasel 24 |
| debian-installer | Add support for QNAP HS-210 |
| debian-installer-netboot-images | Rebuild against the latest debian-installer |
| docx2txt | Add missing dependency on unzip |
| erlang | Fix command injection via CR or LF in user, file or directory names in the FTP module [CVE-2014-1693] |
| evolution-ews | Fix free/busy indicators with Exchange 2013 servers |
| firebug | New upstream release; compatible with Iceweasel 24 |
| flashblock | New upstream release; compatible with Iceweasel 24 |
| freeciv | Fix denial of service [CVE-2012-5645, CVE-2012-6083] |
| freerdp | Fix libfreerdp-dev so that it can be compiled against |
| glark | Force use of Ruby 1.8, as glark doesn’t work with newer versions |
| gorm.app | Fix build failure |
| greasemonkey | New upstream release; compatible with Iceweasel 24 |
| gst-plugins-bad0.10 | Fix build failure due to the libmodplug upgrade in DSA 2751 |
| intel-microcode | Include updated microcode |
| ktp-filetransfer-handler | Fix broken kde-telepathy-filetransfer-handler-dbg on mips |
| lcms2 | Security fixes |
| libdatetime-timezone-perl | Update to tzdata 2014a |
| libfinance-quote-perl | Update URLs of Yahoo! Finance services |
| libpdf-api2-perl | Fix build failure |
| libquvi-scripts | New upstream release |
| libsoup2.4 | Fix issues with NTLM authentication against Windows 2012 |
| libxml2 | Fix memory corruption when re-using the library from threaded applications |
| linux | Update to stable 3.2.57, 3.2.55-rt81, drm/agp 3.4.86; several security fixes; e1000e, igb: backport changes up to Linux 3.13 |
| ltsp | Fix remote audio on thin clients |
| meep | Stop building with -march=native |
| meep-openmpi | Stop building with -march=native |
| mozilla-noscript | New upstream release; compatible with Icweasel 24 |
| mp3gain | Fix denial of service and buffer overflow issues [CVE-2003-0577, CVE-2004-0805, CVE-2004-0991, CVE-2006-1655] |
| net-snmp | Fix agentx subagent issues with multiple-object requests and increasing object length [CVE-2014-2310] |
| newsbeuter | Fix build failure due to json’s switch from boolean to json_bool |
| nvidia-graphics-drivers | New upstream release |
| nvidia-graphics-modules | Build against nvidia-kernel-source 304.117 |
| openblas | Fix hang when called from an OpenMP-using program |
| php-getid3 | Fix potential XXE security issue [CVE-2014-2053] |
| php5 | Many fixes backported from upstream |
| polarssl | Fix build failure due to expired certificates |
| postgresql-8.4 | New upstream micro-release |
| postgresql-9.1 | New upstream micro-release |
| qemu | Fix entry pointer for ELF kernels loaded with -kernel option; only allow real mode to access 32-bit addresses unless in long mode |
| qemu-kvm | Fix entry pointer for ELF kernels loaded with -kernel option; only allow real mode to access 32-bit addresses unless in long mode |
| quassel | Restrict clients from accessing backlogs belonging to other users [CVE-2013-6404] |
| resource-agents | Fix HTTPS service checking by IP address |
| ruby-passenger | Fix insecure use of /tmp [CVE-2014-1831, CVE-2014-1832] |
| sage-extension | New upstream release; compatible with Icewasel 24 |
| samba | Fix authentication bypass and insufficient protection against brute-force password guessing [CVE-2012-6150, CVE-2013-4496] |
| samba4 | Remove insecure and broken samba4 and winbind4 binary packages |
| spamassassin | Remove xxxfrom the list of common fake TLDs, since it is not fake any more; remove rules referring to rfc-ignorant.org and NJABL, which have been shut down |
| spip | Fix missing escaping; update security screen |
| subversion | Fix mod_dav_svn crash when handling certain requests [CVE-2014-0032] and removal of libsvnjavahl-1.a/.la/.so from libsvn-dev |
| sympa | Fix CAS authentication issues; fix SQLite upgrade patch to avoid errors with perl <= 5.14; raise a warning instead of an error when the CA bundle file is not readable; provide the missing template help_suspend.tt2 |
| tweepy | Use Twitter API 1.1 and SSL |
| tzdata | New upstream release |
| wml | Remove temporary directories (ipp.*) |
| xine-lib | Fix build failure due to the libmodplug upgrade in DSA 2751 |
| xine-lib-1.2 | Fix build failure due to the libmodplug upgrade in DSA 2751 |
De igual manera, hay actualizaciones de seguridad, las cuales son las siguientes:
| Advisory ID | Package |
|---|---|
| DSA-2848 | mysql-5.5 |
| DSA-2850 | libyaml |
| DSA-2852 | libgadu |
| DSA-2854 | mumble |
| DSA-2855 | libav |
| DSA-2856 | libcommons-fileupload-java |
| DSA-2857 | libspring-java |
| DSA-2858 | iceweasel |
| DSA-2859 | pidgin |
| DSA-2860 | parcimonie |
| DSA-2861 | file |
| DSA-2862 | chromium-browser |
| DSA-2863 | libtar |
| DSA-2865 | postgresql-9.1 |
| DSA-2866 | gnutls26 |
| DSA-2867 | otrs2 |
| DSA-2868 | php5 |
| DSA-2869 | gnutls26 |
| DSA-2870 | libyaml-libyaml-perl |
| DSA-2871 | wireshark |
| DSA-2872 | udisks |
| DSA-2873 | file |
| DSA-2874 | mutt |
| DSA-2875 | cups-filters |
| DSA-2877 | lighttpd |
| DSA-2878 | virtualbox |
| DSA-2879 | libssh |
| DSA-2880 | python2.7 |
| DSA-2881 | iceweasel |
| DSA-2882 | extplorer |
| DSA-2883 | chromium-browser |
| DSA-2884 | libyaml |
| DSA-2885 | libyaml-libyaml-perl |
| DSA-2886 | libxalan2-java |
| DSA-2887 | ruby-actionmailer-3.2 |
| DSA-2888 | ruby-activesupport-3.2 |
| DSA-2888 | ruby-actionpack-3.2 |
| DSA-2889 | postfixadmin |
| DSA-2890 | libspring-java |
| DSA-2891 | mediawiki-extensions |
| DSA-2891 | mediawiki |
| DSA-2892 | a2ps |
| DSA-2894 | openssh |
| DSA-2895 | prosody |
| DSA-2895 | lua-expat |
| DSA-2896 | openssl |
| DSA-2897 | tomcat7 |
| DSA-2898 | imagemagick |
| DSA-2899 | openafs |
| DSA-2900 | jbigkit |
| DSA-2901 | wordpress |
| DSA-2902 | curl |
| DSA-2903 | strongswan |
| DSA-2904 | virtualbox |
| DSA-2905 | chromium-browser |
| DSA-2908 | openssl |
| DSA-2909 | qemu |
| DSA-2910 | qemu-kvm |
Y los paquetes que debemos decirle adiós, son:
| Package | Reason |
|---|---|
| hlbr | Broken |
| hlbrw | Depends on to-be-removed hlbr |
En fin. Sólo queda recordarles que, si tienen su PC con Dual-boot, pueda ser que no le aparezca el arranque de Windows, por lo que tienen que ejecutar lo siguiente en su terminal:
sudo update-grub
Debian Squeeze LTS
Para aquellas personas que tienen sus servidores con Debian Squeeze, éste es su día de suerte. Primero, esta noticia apareció en las listas de correo de Debian, y luego, pasó a ser oficial.
Debian Wheezy es la primera edición de Debian que recibe soporte extendido (LTS), el cual está diseñado para que el tiempo de vida sea prácticamente de 5 años, partiendo de la fecha de lanzamiento de la primera versión.
Por el momento, se sabe que Debian Squeeze tendrá este soporte ni bien llegue el 31 de mayo de este año, y el fin de este soporte extendido será el febrero del 2016. Además, cabe resaltar que el soporte extendido incluirá a las plataformas X86 de 32 bits (i386) y 64 bits (amd64). No obstante, no se descarta la posibilidad de que tanto Debian Wheezy como Jessie (la que próximamente será la sucesora de la actual versión estable) estén en la categoría LTS.
Para los que desean saber quiénes van a mantener Debian 6.X, los mismos desarrolladores de Debian manifestaron que los encargados del LTS serán terceras partes que unieron esfuerzos con el equipo de desarrolladores de Debian para solucionar bugs y fallos críticos de seguridad.
Como dato adicional: Debian Squeeze no se vio afectada por el bug de OpenSSL Heartbleed.
