Operating System:

[Debian]

Published:

28 May 2014

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2014.0830 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0830
           Availability of LTS support for Debian 6.0 / squeeze
                                28 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Debian 6.0
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2938

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2938-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 27, 2014                           http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

The initial organisation and setup of Squeeze LTS has now happened and 
it is ready for taking over security support once the standard security 
support ends at the end of the month:


Information for users
=====================

Support for Squeeze LTS will end five years after the release of Squeeze, 
i.e. until the 6th of February 2016.

You need to enable the apt sources for squeeze-lts manually. 
Information on how to do this can be found at
https://wiki.debian.org/LTS/Development#Add_squeeze-lts_to_your_sources.list

You should also subscribe to the new annoucement mailing list for 
security updates for squeeze-lts:
https://lists.debian.org/debian-lts-announce/

A few packages are not covered by the Squeeze LTS support. These can be
detected with the new tool debian-security-support. Information on how
to run it can be found here:
https://wiki.debian.org/LTS/Development#Check_for_unsupported_packages

If debian-security-support detects an unsupported package which is 
critical to you, please get in touch with debian-lts@lists.debian.org
(see below).

squeeze-backports will continue to be supported for the lifetime of 
Squeeze LTS.



Information for Debian maintainers
==================================

First of all, Debian package maintainers are not expected to work on 
updates of their packages for squeeze-lts. Package updates for 
squeeze-lts will be handled by the Debian LTS team.

However, if you _are_ interested in doing so (and the maintainer always
knows best on a package), you're certainly welcome to do so; everyone
in the Debian.org and Debian maintainers key ring can upload to the 
squeeze-lts suite. Information on how to upload a fixed package can 
be found at https://wiki.debian.org/LTS/Development#Upload_Packages



Mailing lists
=============

The whole coordination of the Debian LTS effort is handled through the
debian-lts mailing list: https://lists.debian.org/debian-lts/

Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts)

Aside from the debian-lts-announce list, there's also a list for 
following all uploads in debian-lts: 
https://lists.debian.org/debian-lts-changes/



Security Tracker
================

All information on the status of vulnerabilities (e.g. if the version in 
squeeze-lts happens to be unaffected while wheezy is affected) will be 
tracked in the Debian Security Tracker:  

http://security-tracker.debian.org

If you happen to spot an error in the data, please see 
https://security-tracker.debian.org/tracker/data/report


Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJThKRGAAoJEBDCk7bDfE42iCIQALY7814rCMM4ctvKLFbrFQy6
eYUBXob1PHKaYwf3ISZOAIVwqsFszvDfeLjI7gt0PN0HC6jpc5ephxbZDvk3jdVU
+VNEnrTd8StHE/M+Cj2lC6Mh27h8jn1FeS1rVMbG1CYNa9wo6BiR5pENKPeuLG3M
M54rrOCwtNQHFhbNrQ4m+RiOrQI62fTqGg1e0RXvBqXAdj4kc0dL9B9W4WUwhhtq
yaxjJVtk5847fSn3DuQbi/SbumTuiOb7BUMWixfUAM9IMODVn/I8TNKTcsAZAmY7
3Vz8LXjYV43/zkw69t8G8lEjkXovv+H4mrvShbtEAojCjL9WS5DCZViyiFNrDxu9
KK9EkbYEuTHv8Evgd42RPHwjt5Kw8KXwOr4LRX856Ti0gQj4rDQrDAM4L3hyXXFc
Gdhqa7VXSXX4TIS0zrrXkSZhG77zDvmQJibAtivMUafvU9BKx8Cc7tmJ5lxje6Sn
TbGrM62Pgou7F7AlLGl96cOijT8afEm+U2YUdtNgnqR3Z7kUWOhVDi217nwZk61z
Au7NwGmALtzbqlKArsWKK4JNKgUE1HrdgPGvKcsCFN5PlXK45u5HiQxH8jVjURIc
QV/VjqXE3OK3wOkx5XKeUNxKO9RlHxqKbI12PxhsR6yiBbZjMwN+PV2XlvOZ6in3
n0jz78yJ4H8u+R7milPO
=EG+m
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU4Vk8RLndAQH1ShLAQIR8hAAiM+iimU1lNcWqpvv5jB4+rm+MgCRlMBL
eYppR/0hZ22K177yqktJU+mU7xfCzGC1DIewUhuoiH0E92fT9LKtKUCnQzQUYdCu
U02//lmWc+8CF7Q3p7WU+WSjJjsX9n1EA0x4NHn5cBlxsNuFppDvph0Ia5eXwO32
aQlBi4cA3d1AOqCaOL1v6JXqLybvLKnzaPeUVmIqljn8ZxaUDZSvGJewriyQBXRU
mpMQUm1Fe1A9UDiZSfqZVSiLaGqVoef+rbhGZQa4uocKQ3QnnoEOtQM8CoIyqYse
Z32CQyeHOXoe2lSSNBvOTyotqns8KxpLvqcOxkE2rIL6QF2OW1IGa5ParGzaKDIc
zSn607msi4zlKQfkxMqFNBKUe4cfUn+avkLDNON8QFtJph76H8mDrMaJO+ZcWLCx
8UDoQ1AkunLgPU6RwmLQ9RApMpwETl8vNVMf5s1pyC2mhz+92ZGc8RIy+idTFRI5
cZqLBJI16QbLOSNrtf/b+RBeMJymas+hkP4KH70GQ4USEhu1Yn3zuN79Y53BULVs
p4aolMqUsNa2ctq3HmiDmxLn4vayXqfIOlBX/zB63CQPA5uXtHPN+0lvFNBFcNOc
kg78IGzg7yNF4og4+BExiLT+ftoa56hQcueJB1T9ZBRtK9A92WjCH/8qcoDcW20R
JzFFcFAcFsU=
=Gg6J
-----END PGP SIGNATURE-----