Greetings to all. Today I took a look at the Debian page to see what's new, and the great news is this: Debian Squeeze has received your eighth update.
The updates that have come to Debian Squeeze mainly focus on server applications, especially web servers. Among them are:
| Package | Reason |
|---|---|
| base files | Update version for point release |
| clamav | New upstream release; security fixes |
| dpkg-ruby | Close files once they're parsed, preventing trouble on dist-upgrades |
| gdm3 | Fix potential security issue with partial upgrades to wheezy |
| graph viz | use system ltdl |
| grep | Fix CVE-2012-5667 |
| ia32-libs | Update included packages from oldstable / security.do |
| ia32-libs-gtk | Update included packages from oldstable / security.do |
| inform | Remove broken calls to update-alternatives |
| ldap2dns | Do not unnecessarily include / usr / share / debconf / confmodule in postinst |
| libapache-mod-security | Fix NULL pointer reference. CVE-2013-2765 |
| libmodule-signature-perl | CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE |
| libopenid-ruby | Fix CVE-2013-1812 |
| libspf2 | IPv6 fixes |
| lm-sensors-3 | Skip probing for EDID or graphics cards, as it might cause hardware issues |
| moin | Do not create empty pagedir (with empty edit-log) |
| net-snmp | Fix CVE-2012-2141 |
| openssh | Fix potential int overflow when using gssapi-with-mac authentication (CVE-2011-5000) |
| openvpn | Fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061 |
| pcp | Fix insecure tempfile handling |
| pigz | Use more restrictive permissions for in-progress files |
| policyd-weight | Remove shutdown njabl DNSBL |
| pyopencl | Remove non-free file from examples |
| pyramid | Use a better random number generator to prevent predictable password hashing and packet IDs (CVE-2013-0294) |
| python-qt4 | Fix crash in uic file with radio buttons |
| request-tracker3.8 | Move non-cache data to / var / lib |
| samba | Fix CVE-2013-4124: Denial of service - CPU loop and memory allocation |
| smarty | Fix CVE-2012-4437 |
| spamassassin | Remove shutdown njabl DNSBL; fix RCVD_ILLEGAL_IP to not consider 5.0.0.0/8 as invalid |
| nice | Fix endless loop in wwsympa while loading session data including metacharacters |
| texlive-extra | Fix predictable temp file names in latex2man |
| tntnet | Fix insecure default tntnet.conf |
| tzdata | New upstream version |
| wv2 | Really remove src / generator / generator_wword {6,8} .htm |
| xorg server | Link against -lbsd on kfreebsd to make MIT-SHM work with non-world-accessible segments |
| xview | Fix alternative handling |
| zabbix | Fix SQL injection, zabbix_agentd DoS, possible path disclosure, field name parameter checking bypass, ability to override LDAP configuration when calling user.login via API |
Regarding security recommendations, applications for web servers stand out. They are between them:
| Recommendation ID | Package | Fixes) |
|---|---|---|
| DSA-2628 | nss-pam-ldapd | buffer overflow |
| DSA-2629 | openjpeg | multiple issues |
| DSA-2630 | postgresql-8.4 | programming error |
| DSA-2631 | squid3 | Denial of service |
| DSA-2632 | user-mode-linux | multiple issues |
| DSA-2632 | linux-2.6 | multiple issues |
| DSA-2633 | fusionforge | privilege escalation |
| DSA-2634 | python-django | multiple issues |
| DSA-2635 | cfingerd | buffer overflow |
| DSA-2636 | xen | multiple issues |
| DSA-2637 | apache2 | multiple issues |
| DSA-2638 | openafs | buffer overflow |
| DSA-2639 | php5 | multiple issues |
| DSA-2640 | zoneminder | multiple issues |
| DSA-2641 | perl | Rehashing flaw |
| DSA-2641 | libapache2-mod-perl2 | FTBFS with updated perl |
| DSA-2642 | sudo | multiple issues |
| DSA-2643 | puppet | multiple issues |
| DSA-2644 | wireshark | multiple issues |
| DSA-2645 | inetutils | Denial of service |
| DSA-2646 | typo3-src | multiple issues |
| DSA-2647 | firebird2.1 | buffer overflow |
| DSA-2648 | firebird2.5 | multiple issues |
| DSA-2649 | lighttpd | Fixed socket name in world-writable directory |
| DSA-2650 | libvirt | Files and device nodes ownership change to kvm group |
| DSA-2651 | smoking | Cross-site scripting vulnerability |
| DSA-2652 | libxml2 | External entity expansion |
| DSA-2653 | searching | buffer overflow |
| DSA-2654 | libxslt | Denial of service |
| DSA-2655 | rails | multiple issues |
| DSA-2656 | bind9 | Denial of service |
| DSA-2657 | postgresql-8.4 | Guessable random numbers |
| DSA-2659 | libapache-mod-security | XML external entity processing vulnerability |
| DSA-2660 | curl | Cookie leak vulnerability |
| DSA-2661 | xorg server | Information disclosure |
| DSA-2662 | xen | multiple issues |
| DSA-2663 | tinc | Stack-based buffer overflow |
| DSA-2664 | stunnel4 | buffer overflow |
| DSA-2665 | strongswan | Authentication bypass |
| DSA-2666 | xen | multiple issues |
| DSA-2668 | linux-2.6 | multiple issues |
| DSA-2668 | user-mode-linux | multiple issues |
| DSA-2670 | request-tracker3.8 | multiple issues |
| DSA-2673 | libdmx | multiple issues |
| DSA-2674 | libxv | multiple issues |
| DSA-2675 | libxvmc | multiple issues |
| DSA-2676 | libxfixes | multiple issues |
| DSA-2677 | libxrender | multiple issues |
| DSA-2678 | table | multiple issues |
| DSA-2679 | xserver-xorg-video-openchrome | multiple issues |
| DSA-2680 | libxt | multiple issues |
| DSA-2681 | libxcursor | multiple issues |
| DSA-2682 | libxext | multiple issues |
| DSA-2683 | libxi | multiple issues |
| DSA-2684 | libxrandr | multiple issues |
| DSA-2685 | libxp | multiple issues |
| DSA-2686 | libxcb | multiple issues |
| DSA-2687 | libfs | multiple issues |
| DSA-2688 | libxres | multiple issues |
| DSA-2689 | libxtst | multiple issues |
| DSA-2690 | libxxf86dga | multiple issues |
| DSA-2691 | libxinerama | multiple issues |
| DSA-2692 | libxxf86vm | multiple issues |
| DSA-2693 | libx11 | multiple issues |
| DSA-2694 | spip | privilege escalation |
| DSA-2698 | tiff | buffer overflow |
| DSA-2701 | krb5 | Denial of service |
| DSA-2702 | telepathy-gabble | TLS verification bypass |
| DSA-2703 | subversion | multiple issues |
| DSA-2708 | fail2ban | Denial of service |
| DSA-2710 | xml-security-c | multiple issues |
| DSA-2711 | haproxy | multiple issues |
| DSA-2713 | curl | heap overflow |
| DSA-2715 | puppet | code execution |
| DSA-2717 | xml-security-c | heap overflow |
| DSA-2718 | wordpress | multiple issues |
| DSA-2719 | poppler | multiple issues |
| DSA-2723 | php5 | Heap corruption |
| DSA-2725 | tomcat6 | multiple issues |
| DSA-2726 | php-radius | buffer overflow |
| DSA-2727 | openjdk-6 | multiple issues |
| DSA-2728 | bind9 | Denial of service |
| DSA-2729 | openafs | multiple issues |
| DSA-2730 | gnupg | Information leak |
| DSA-2731 | libgcrypt11 | Information leak |
| DSA-2733 | others2 | SQL injection |
| DSA-2734 | wireshark | multiple issues |
| DSA-2736 | putty | multiple issues |
| DSA-2739 | cacti | multiple issues |
| DSA-2740 | python-django | Cross-site scripting vulnerability |
| DSA-2742 | php5 | interpretation conflict |
| DSA-2744 | tiff | multiple issues |
| DSA-2747 | cacti | multiple issues |
| DSA-2748 | exact image | Denial of service |
| DSA-2749 | asterisk | multiple issues |
| DSA-2751 | libmodplug | multiple issues |
| DSA-2752 | phpbb3 | Too wide permissions |
| DSA-2753 | mediawiki | Cross-site request forgery token disclosure |
| DSA-2754 | exact image | Denial of service |
| DSA-2755 | python-django | directory traverse |
| DSA-2756 | wireshark | multiple issues |
| DSA-2758 | python-django | Denial of service |
| DSA-2760 | chrony | multiple issues |
| DSA-2763 | pyopenssl | Hostname check bypassing |
| DSA-2766 | user-mode-linux | multiple issues |
| DSA-2766 | linux-2.6 | multiple issues |
| DSA-2767 | proftpd-dfsg | Denial of service |
| DSA-2770 | torsion | Authentication bypass |
| DSA-2773 | gnupg | multiple issues |
| DSA-2775 | ejabberd | Insecure SSL usage |
| DSA-2776 | drupal6 | multiple issues |
| DSA-2778 | libapache2-mod-fcgid | Heap-based buffer overflow |
And as if that were not enough, the packages removed are:
| Package | Reason |
|---|---|
| irssi-plugin-otr | security issues |
| libpam-rsa | Broken, causes security problems |
Although it has been the good news for those users who use precisely that version of Debian both in data centers and for experiments in virtual machines, the other good news comes from the hand of W3Techs, which has shown the most recent survey on servers web that use Linux, highlighting Debian on the podium next to Ubuntu, contrasting the 2010 survey in which RHEL / CentOS were at the top of the web servers running under GNU / Linux around the globe. Also, it highlights the fact that queb servers running under Debian use the HTTP server NginX; while, in the case of Ubuntu, with Apache.
That is all for now. And remember, the GNUPanel Crowfunding campaign is still available for those who are interested in contributing to its version 2.0 release. For more information, read this post.
That is all for now. I hope you were happy with the news. I'll tell you more about my experience working with GNUPanel soon.
Until the next post.
because the title "..and still first ..." sounds like it is descending but is still first when in reality it is on a ceiling and with a projection that it is not going to decrease. that is if the projection of ubuntu suggests that in the next few years it will surpass debian.
Now the cases to be analyzed are those of Red hat and CentOS that their future projection is downward, but taking into account that Red Hat is a distro designed for servers with technical support.
Another interesting thing is that debian uses gnome3 and red hat uses gnome3 with the classic desktop
sorry debian version 6 uses gnome2 but to date it is the oldstable version. version 7 which to date is the stable version if you use gnome3
Unfortunately for many 🙁
So far the best version of GNOME. Too bad it has become so obsolete that even XFCE has outgrown it.
The reason why I put "And still first"It was because the graph shows that Ubuntu Server is shaping up to take the throne away from Debian, as RHEL / CentOS once did.
These debian folks can't get enough of updating squeeze xD.
I have come across servers that use up to Debian Etch xD (usually games).
I have two servers with Etch and VMware 1.08. I use them to virtualize. The servers are old. :-). Imagine that one is a Proliant G4 with a single mic, and the other has a Pentium IV processor. Each has only 2 Gigs of RAM. But buddy, they work wonders.
In that you are right, but I already suggest you change it to Wheezy with only TTY and / or LXDE. Anyway, I still have my old Lentium 4 with mainboard PC Chips and it is already much better than with Windows XP (I installed Windows Vista last year, but in the finals, it ended in a reserved forecast).
as always, they should have a big solid rock in this distro!
And the easiest to do when making an authentic dist-upgrade.
Users of older versions of Debian6, especially those with kernel 2.6.39, should update their systems as this has a known bug since January 2012 (well it had been reported but not corrected 7 years before) that allows any user to write to Arbitrary memory addresses and taking advantage of the fact that in Debian as in almost all distributions some console commands are not correctly compiled, it allows to achieve root privileges by just typing some commands ...
More information here http://blog.zx2c4.com/749
Incredible Who would say that the friend Dean years later, would be a user of the Operating System that he criticized so much? XDDD
Karma, karma everywhere.
Interesting, tell me more.
if memory serves me correctly, debian 6 starts with 2.6.32, and is kept separately, away from kernel.org (apart from they take out a lot of firmware and non-free blob). Official versions other than longterm (2.6.39 for example), are always prone to bugs, as they are for testing only.
I don't go straight to the internet. I have a protected ISP I think by three routers. Under your LAN, a private network that is the one that I connect to through a router with a firewall for hard plus my firewall for soft.
I am aware of the problems of old versions of Debian.
If it were facing the Internet ... Another rooster would crow. 🙂
And by the way ... I've seen that many hosts still use Debian Squeeze.