Updated Debian 5.0: 5.0.10 released

IntnsRed's picture


The Debian Project http://www.debian.org/
Updated Debian 5.0: 5.0.10 released press@debian.org
March 10th, 2012 http://www.debian.org/News/2012/20120310

The Debian project is pleased to announce the tenth and final update of its oldstable distribution Debian 5.0 (codename `lenny'). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

The alpha and ia64 packages from DSA 1769 are not included in this point release for technical reasons. All other security updates released during the lifetime of `lenny' that have not previously been part of a point release are included in this update.

Please note that the security support for the oldstable distribution ended in February 2012 and no updates have been released since that point.


Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:


Please note that the oldstable distribution will be moved from the main archive to the archive.debian.org repository after March 24th 2012. After this move, it will no longer be available from the main mirror network. More information about the distribution archive and a list of mirrors is available at:


Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following packages:

Package Reason

apr Disable robust pthread mutexes on alpha, arm, and armel
base-files Update /etc/debian_version for the point release
ia32-libs Refresh packages to include recent security updates
libdigest-perl Fix unsafe use of eval in Digest->new()
linux-2.6 Various security fixes
phppgadmin Fix XSS
postgresql-8.3 New upstream micro-release
typo3-src Fix cache flooding via improper error handling
xapian-omega Fix escaping issues in templates
xpdf Insecure tempfile usage in zxpdf
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-29)

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s)

DSA-1769 openjdk-6 Arbitrary code execution
DSA-2161 openjdk-6 Multiple issues
DSA-2224 openjdk-6 Multiple issues
DSA-2237 apr Denial of service
DSA-2251 subversion Multiple issues
DSA-2258 kolab-cyrus-imapd Implementation error
DSA-2263 movabletype-opensource Multiple issues
DSA-2265 perl Missing taint check
DSA-2267 perl Restriction bypass
DSA-2271 curl Improper delegation of client
DSA-2281 opie Multiple issues
DSA-2284 opensaml2 Implementation error
DSA-2285 mapserver Multiple issues
DSA-2287 libpng Multiple issues
DSA-2301 rails Multiple issues
DSA-2305 vsftpd Denial of service
DSA-2313 xulrunner Multiple issues
DSA-2315 openoffice.org Multiple issues
DSA-2316 quagga Multiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2320 dokuwiki Regression fix
DSA-2321 moin Cross-site scripting
DSA-2323 radvd Multiple issues
DSA-2324 wireshark Programming error
DSA-2328 freetype Missing input sanitising
DSA-2332 python-django Multiple issues
DSA-2333 phpldapadmin Multiple issues
DSA-2334 mahara Multiple issues
DSA-2335 man2html Missing input sanitization
DSA-2339 nss Multiple issues
DSA-2340 postgresql-8.3 Weak password hashing
DSA-2341 xulrunner Multiple issues
DSA-2343 openssl CA trust revocation
DSA-2346 proftpd-dfsg Multiple issues
DSA-2347 bind9 Improper assert
DSA-2350 freetype Missing input sanitising
DSA-2351 wireshark Buffer overflow
DSA-2352 puppet Programming error
DSA-2354 cups Multiple issues
DSA-2355 clearsilver Format string vulnerability
DSA-2357 evince Multiple issues
DSA-2358 openjdk-6 Multiple issues
DSA-2361 chasen Buffer overflow
DSA-2362 acpid Multiple issues
DSA-2363 tor Buffer overflow
DSA-2365 dtc Multiple issues
DSA-2366 mediawiki Multiple issues
DSA-2367 asterisk Multiple issues
DSA-2368 lighttpd Multiple issues
DSA-2369 libsoup2.4 Directory traversal
DSA-2370 unbound Multiple issues
DSA-2371 jasper Buffer overflows
DSA-2372 heimdal Buffer overflow
DSA-2373 inetutils Buffer overflow
DSA-2374 openswan Implementation error
DSA-2375 krb5 Buffer overflow
DSA-2376 ipmitool Insecure pid file
DSA-2377 cyrus-imapd-2.2 Denial of service
DSA-2380 foomatic-filters Shell command injection
DSA-2382 ecryptfs-utils Multiple issues
DSA-2383 super Buffer overflow
DSA-2384 cacti Multiple issues
DSA-2385 pdns Packet loop
DSA-2386 openttd Multiple issues
DSA-2388 t1lib Multiple issues
DSA-2390 openssl Multiple issues
DSA-2392 openssl Out-of-bounds read
DSA-2394 libxml2 Multiple issues
DSA-2397 icu Buffer underflow
DSA-2398 curl Multiple issues
DSA-2399 php5 Multiple issues
DSA-2400 xulrunner Multiple issues
DSA-2403 php5 Code injection
DSA-2405 apache2 Multiple issues
DSA-2405 apache2-mpm-itk Multiple issues

Debian Installer / kernel

The kernel included in this point release has been updated to incorporate fixes for a number of security issues. The installer has been rebuilt to use the new kernel.

Removed packages

The following packages were removed due to circumstances beyond our control:

Package Reason
qcad Non-distributable
partlibary Non-distributable


The complete lists of packages that have changed with this revision:


The current oldstable distribution:


Proposed updates to the oldstable distribution:


Oldstable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at http://www.debian.org/, send mail to press@debian.org, or contact the stable release team at debian-release@lists.debian.org.