Download Debian GNU/Linux 5.0.10
Version 5.0 of the Debian GNU/Linux operating system includes a new release, which has been given 5.0.10 as the version designation. The changes are mainly security updates and bug fixes in the included packages. As usual, the update is available for various hardware platforms such as Alpha, ARM, i386, x86-64, ia64, MIPS, PowerPC, and Sparc. The announcement looks like this:
Updated Debian 5.0: 5.0.10 released
The Debian project is pleased to announce the tenth and final update of its oldstable distribution Debian 5.0 (codename “lenny”). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.
The alpha and ia64 packages from DSA 1769 are not included in this point release for technical reasons. All other security updates released during the lifetime of “lenny” that have not previously been part of a point release are included in this update.
Please note that the security support for the oldstable distribution ended in February 2012 and no updates have been released since that point.
Those who frequently install updates from security.debian.org won’t have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: http://www.debian.org/mirror/list
Please note that the oldstable distribution will be moved from the main archive to the archive.debian.org repository after March 24th 2012. After this move, it will no longer be available from the main mirror network. More information about the distribution archive and a list of mirrors is available at: archive
Miscellaneous Bug Fixes
This oldstable update adds a few important corrections to the following packages:
| April | Disable robust pthread mutexes on alpha, arm, and armel |
| base files | Update /etc/debian_version for the point release |
| ia32-libs | Refresh packages to include recent security updates |
| libdigest-perl | Fix unsafe use of eval in Digest->new() |
| linux-2.6 | Various security fixes |
| phppgadmin | Fix XSS |
| postgresql-8.3 | New upstream micro release |
| typo3-src | Fix cache flooding via improper error handling |
| xapian-omega | Fix escaping issues in templates |
| xpdf | Insecure tempfile usage in zxpdf |
| user-mode-linux | Rebuild against linux-source-2.6.26 (2.6.26-29) |
Security Updates
This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:
| DSA-1769 | openjdk-6 | Arbitrary code execution |
| DSA-2161 | openjdk-6 | Multiple issues |
| DSA-2224 | openjdk-6 | Multiple issues |
| DSA-2237 | April | Denial of service |
| DSA-2251 | subversion | Multiple issues |
| DSA-2258 | kolab-cyrus-imapd | Implementation error |
| DSA-2263 | movabletype-opensource | Multiple issues |
| DSA-2265 | perl | Missing taint check |
| DSA-2267 | perl | restriction bypass |
| DSA-2271 | curl | Improper delegation of client credentials |
| DSA-2281 | opie | Multiple issues |
| DSA-2284 | opensaml2 | Implementation error |
| DSA-2285 | map server | Multiple issues |
| DSA-2287 | libpng | Multiple issues |
| DSA-2301 | rails | Multiple issues |
| DSA-2305 | vsftpd | Denial of service |
| DSA-2313 | xulrunner | Multiple issues |
| DSA-2315 | openoffice.org | Multiple issues |
| DSA-2316 | quagga | Multiple issues |
| DSA-2318 | cyrus-imapd-2.2 | Multiple issues |
| DSA-2320 | dokuwiki | Regression fix |
| DSA-2321 | moin | Cross site scripting |
| DSA-2323 | radvd | Multiple issues |
| DSA-2324 | wireshark | programming error |
| DSA-2328 | freetype | Missing input sanitation |
| DSA-2332 | python-django | Multiple issues |
| DSA-2333 | phpldapadmin | Multiple issues |
| DSA-2334 | mahara | Multiple issues |
| DSA-2335 | man2html | Missing input sanitization |
| DSA-2339 | nss | Multiple issues |
| DSA-2340 | postgresql-8.3 | weak password hashing |
| DSA-2341 | xulrunner | Multiple issues |
| DSA-2343 | openssl | CA trust revocation |
| DSA-2346 | proftpd-dfsg | Multiple issues |
| DSA-2347 | bind9 | Improperly assert |
| DSA-2350 | freetype | Missing input sanitation |
| DSA-2351 | wireshark | Buffer overflow |
| DSA-2352 | puppet | programming error |
| DSA-2354 | cups | Multiple issues |
| DSA-2355 | clear silver | Format string vulnerability |
| DSA-2357 | evince | Multiple issues |
| DSA-2358 | openjdk-6 | Multiple issues |
| DSA-2361 | chasen | Buffer overflow |
| DSA-2362 | acpid | Multiple issues |
| DSA-2363 | tor | Buffer overflow |
| DSA-2365 | dtc | Multiple issues |
| DSA-2366 | media wiki | Multiple issues |
| DSA-2367 | asterisk | Multiple issues |
| DSA-2368 | lighttpd | Multiple issues |
| DSA-2369 | libsoup2.4 | Directory traversal |
| DSA-2370 | unbound | Multiple issues |
| DSA-2371 | Jasper | Buffer overflows |
| DSA-2372 | heimdal | Buffer overflow |
| DSA-2373 | inetutils | Buffer overflow |
| DSA-2374 | openswan | Implementation error |
| DSA-2375 | krb5 | Buffer overflow |
| DSA-2376 | ipmitool | Insecure pid file |
| DSA-2377 | cyrus-imapd-2.2 | Denial of service |
| DSA-2380 | foomatic filters | Shell command injection |
| DSA-2382 | ecryptfs-utils | Multiple issues |
| DSA-2383 | super | Buffer overflow |
| DSA-2384 | cactus | Multiple issues |
| DSA-2385 | pdns | packet loop |
| DSA-2386 | opentd | Multiple issues |
| DSA-2388 | t1lib | Multiple issues |
| DSA-2390 | openssl | Multiple issues |
| DSA-2392 | openssl | Out of bounds read |
| DSA-2394 | libxml2 | Multiple issues |
| DSA-2397 | icu | Buffer underflow |
| DSA-2398 | curl | Multiple issues |
| DSA-2399 | php5 | Multiple issues |
| DSA-2400 | xulrunner | Multiple issues |
| DSA-2403 | php5 | code injection |
| DSA-2405 | apache2 | Multiple issues |
| DSA-2405 | apache2-mpm-itk | Multiple issues |
Debian Installer / Kernel
The kernel included in this point release has been updated to incorporate fixes for a number of security issues. The installer has been rebuilt to use the new kernel.
Removed packages
The following packages were removed due to circumstances beyond our control:
| qcad | Non-distributable |
| part library | Non-distributable |
| Version number | 5.0.10 |
| Release status | Final |
| Operating systems | Linux |
| Website | Debian |
| Download | |
| License type | Conditions (GNU/BSD/etc.) |