PHP 5.3.3 Released!

PHP 5.3.3 Released! El equipo de desarrollo de PHP se complace en anunciar la inmediata disponibilidad de PHP 5.3.3 . Este lanzamiento se centra en la mejora de la estabilidad y la seguridad de la rama 5.3.x de PHP con más de 100 correcciones de errores, algunos de los cuales están relacionados con la seguridad . Todos los usuarios son alentados a actualizar a esta versión.

Desarrollador:php.net

Descargar:PHP 5.3.3 (tar.bz2)

Cambios y modificaciones en esta versión PHP 5.3.3

Security Enhancements and Fixes in PHP 5.3.3:

  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.

Key enhancements in PHP 5.3.3 include:

  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

MySQL 5.1.43

MySQL 5.1.43 es un sistema de gestión de base de datos relacional, multihilo y multiusuario.

MySQL is the world’s most popular open source database software, with over 100 million copies of its software downloaded or distributed throughout its history. With superior speed, reliability, and ease of use, MySQL has become the preferred choice of corporate IT Managers because it eliminates the major problems associated with downtime, maintenance, administration and support.

MySQL es muy utilizado en aplicaciones web como MediaWiki o Drupal, en plataformas (Linux/Windows-Apache-MySQL-PHP/Perl/Python), y por herramientas de seguimiento de errores como Bugzilla.

MySQL es una base de datos muy rápida en la lectura cuando utiliza el motor no transaccional MyISAM, pero puede provocar problemas de integridad en entornos de alta concurrencia en la modificación.

Desarrollador:mysql.com

Descargar:MySQL 5.1.43 Windows

Descargar:MySQL 5.1.43  Windows x64

Cambios y modificaciones en esta versión MySQL 5.1.43

  • This release includes InnoDB Plugin 1.0.6. This version is considered of Release Candidate (RC) quality.

Functionality added or changed:

  • Partitioning: The UNIX_TIMESTAMP() function is now supported in partitioning expressions using TIMESTAMP columns. For example, it now possible to create a partitioned table such as this one:
    CREATE TABLE t (c TIMESTAMP) 
    PARTITION BY RANGE ( UNIX_TIMESTAMP(c) ) (
        PARTITION p0 VALUES LESS THAN (631148400),
        PARTITION p1 VALUES LESS THAN (946681200),
        PARTITION p2 VALUES LESS THAN (MAXVALUE)
    );
    

    All other expressions involving TIMESTAMP values are now rejected with an error when attempting to create a new partitioned table or to alter an existing partitioned table.

    When accessing an existing partitioned table having a timezone-dependent partitioning function (where the table was using a previous version of MySQL), a warning rather than an error is issued. In such cases, you should fix the table. One way of doing this is to alter the table’s partitioning expression so that it uses UNIX_TIMESTAMP(). (Bug#42849)

Bugs fixed:

  • Security Fix: For servers built with yaSSL, a preauthorization buffer overflow could cause memory corruption or a server crash. We thank Evgeny Legerov from Intevydis for providing us with a proof-of-concept script that allowed us to reproduce this bug. (Bug#50227, CVE-2009-4484)
  • Important Change: Replication: The RAND() function is now marked as unsafe for statement-based replication. Using this function now generates a warning when binlog_format=STATEMENT and causes the the format to switch to row-based logging when binlog_format=MIXED.

    This change is being introduced because, when RAND() was logged in statement mode, the seed was also written to the binary log, so the replication slave generated the same sequence of random numbers as was generated on the master. While this could make replication work in some cases, the order of affected rows was still not guaranteed when this function was used in statements that could update multiple rows, such as UPDATE or INSERT ... SELECT; if the master and the slave retrieved rows in different order, they began to diverge. (Bug#49222)

  • Partitioning: When used on partitioned tables, the records_in_range handler call checked all partitions, rather than the unpruned partitions only. (Bug#48846)

    See also Bug#37252, Bug#47261.

  • Partitioning: A query that searched on a ucs2 column failed if the table was partitioned. (Bug#48737)
  • Replication: A LOAD DATA INFILE statement that loaded data into a table having a column name that must be escaped (such as `key` INT), caused replication to fail when logging in mixed or statement mode. In such cases, the master wrote the LOAD DATA event to the binary log without escaping the field names. (Bug#49473)

    See also Bug#47927.

  • Replication: Spatial data types cause row-based replication to crash. (Bug#48776)
  • Replication: A flaw in the implementation of the purging of binary logs could result in orphaned files being left behind in the following circumstances:
    • If the server failed or was killed while purging binary logs.

      If the server failed or was killed after creating of a new binary log when the new log file was opened for the first time.

    In addition, if the slave was not connected during the purge operation, it was possible for a log file that was in use to be removed; this could lead data loss and possible inconsistencies between the master and slave. (Bug#45292)

  • Replication: When using the STATEMENT or MIXED logging format, the statements LOAD DATA CONCURRENT LOCAL INFILE and LOAD DATA CONCURRENT INFILE were logged as LOAD DATA LOCAL INFILE and LOAD DATA LOCAL INFILE, respectively (in other words, the CONCURRENT keyword was omitted). As a result, when using replication with either of these logging modes, queries on the slaves were blocked by the replication SQL thread while trying to execute the affected statements. (Bug#34628)
  • Replication: Manually removing entries from the binary log index file on a replication master could cause the server to repeatedly send the same binary log file to slaves. (Bug#28421)
  • Cluster Replication: When expire_logs_days was set, the thread performing the purge of the log files could deadlock, causing all binary log operations to stop. (Bug#49536)
  • Within a stored routine, selecting the result of CONCAT_WS() with a routine parameter argument into a user variable could return incorrect results. (Bug#50096)
  • The IBMDB2I storage engine was missing from the i5os 64-bit distribution of MySQL 5.1.42. It is now included again. (Bug#50059)
  • EXPLAIN EXTENDED UNION ... ORDER BY caused a crash when the ORDER BY referred to a nonconstant or full-text function or a subquery. (Bug#49734)
  • The push_warning_printf() function was being called with an invalid error level MYSQL_ERROR::WARN_LEVEL_ERROR, causing an assertion failure. To fix the problem, MYSQL_ERROR::WARN_LEVEL_ERROR has been replaced by MYSQL_ERROR::WARN_LEVEL_WARN. (Bug#49638)
  • Some prepared statements could raise an assertion when re-executed. (Bug#49570)
  • A Valgrind error in make_cond_for_table_from_pred() was corrected. Thanks to Sergey Petrunya for the patch to fix this bug. (Bug#49506)
  • When compiling on Windows, an error in the CMake definitions for InnoDB would cause the engine to be built incorrectly. (Bug#49502)
  • Valgrind warnings for CHECKSUM TABLE were corrected. (Bug#49465)
  • Specifying an index algorithm (such as BTREE) for SPATIAL or FULLTEXT indexes caused a server crash. These index types do not support algorithm specification, and it is now disallowed to do so. (Bug#49250)
  • The optimizer sometimes incorrectly handled conditions of the form WHERE col_name='const1' AND col_name='const2'. (Bug#49199)
  • Execution of DECODE() and ENCODE() could be inefficient because multiple executions within a single statement reinitialized the random generator multiple times even with constant parameters. (Bug#49141)
  • MySQL 5.1 does not support 2-byte collation numbers, but did not check the number and crashed for out-of-range values. (Bug#49134)
  • With binary logging enabled, REVOKE ... ON {PROCEDURE|FUNCTION} FROM ... could cause a crash. (Bug#49119)
  • The LIKE operator did not work correctly when using an index for a ucs2 column. (Bug#49028)
  • check_key_in_view() was missing a DBUG_RETURN in one code branch, causing a crash in debug builds. (Bug#48995)
  • Several strmake() calls had an incorrect length argument (too large by one). (Bug#48983)
  • On Fedora 12, strmov() did not guarantee correct operation for overlapping source and destination buffer. Calls were fixed to use an overlap-safe version instead. (Bug#48866)
  • Incomplete reset of internal TABLE structures could cause a crash with eq_ref table access in subqueries. (Bug#48709)
  • Re-execution of a prepared statement could cause a server crash. (Bug#48508)
  • The error message for ER_UPDATE_INFO was subject to buffer overflow or truncation. (Bug#48500)
  • SHOW BINLOG EVENTS could fail with a error: Wrong offset or I/O error. (Bug#48357)
  • Valgrind warnings related to binary logging of LOAD DATA INFILE statements were corrected. (Bug#48340)
  • An aliasing violation in the C API could lead to a crash. (Bug#48284)
  • With one thread waiting for a lock on a table, if another thread dropped the table and created a new table with the same name and structure, the first thread would not notice that the table had been re-created and would try to used cached metadata that belonged to the old table but had been freed. (Bug#48157)
  • The InnoDB Monitor could fail to print diagnostic information after a long lock wait. (Bug#47814)
  • Queries containing GROUP BY ... WITH ROLLUP that did not use indexes could return incorrect results. (Bug#47650)
  • If an invocation of a stored procedure failed in the table-open stage, subsequent invocations that did not fail in that stage could cause a crash. (Bug#47649)
  • On Solaris, no stack trace was printed to the error log after a crash. (Bug#47391)
  • The first execution of STOP SLAVE UNTIL stopped too early. (Bug#47210)
  • When the mysql client was invoked with the --vertical option, it ignored the --skip-column-names option. (Bug#47147)
  • It was possible for init_available_charsets() not to initialize correctly. (Bug#45058)
  • Comparison with NULL values sometimes did not produce a correct result. (Bug#42760)
  • Crash recovery did not work for InnoDB temporary tables. (Bug#41609)
  • The mysql_upgrade command would create three additional fields to the mysql.proc table (character_set_client, collation_connection, and db_collation), but did not populate the fields with correct values. This would lead to error messages reported during stored procedure execution. (Bug#41569)
  • When compressed MyISAM files were opened, they were always memory mapped, sometimes causing memory-swapping problems. To deal with this, a new system variable, myisam_mmap_size, was added to limit the amount of memory used for memory mapping of MyISAM files. (Bug#37408)
  • A race condition on the privilege hash tables allowed one thread to try to delete elements that had already been deleted by another thread. A consequence was that SET PASSWORD or FLUSH PRIVILEGES could cause a crash. (Bug#35589, Bug#35591)
  • ALTER TABLE with both DROP COLUMN and ADD COLUMN clauses could crash or lock up the server. (Bug#31145)

Miranda IM 0.8.9 Final

Miranda IM 0.8.9 Final es un cliente de chat y mensajería multiprotocolo para el sistema operativo Windows.
Siguiendo las metas de “Más pequeño, rápido y fácil”, Miranda IM es un muy ligero y útil software. Hace lo que tiene que hacer de manera eficiente e inmediata.

mirandaim-gratis.gif

El multiprotocolo de Miranda IM te habilita para comunicarte con muchas redes al mismo tiempo a través de una sola interfaz gráfica. Esto hace que todo sea estándar y sencillo.

Actualmente los protocolos soportados incluyen ICQ, MSN, Jabber, Tlen, IRC, Yahoo!, AIM, Gadu-Gadu, Netsend y E-Mage. Todos ellos estan implementados como plugins opcionales.

Desarrollador:mi-miranda.org

Descargar:Miranda IM 0.8.9 Final

Descargar:Miranda IM Portable 0.8.9 Final

Cambios y modificaciones en esta versión Miranda IM 0.8.9 Final

  • Fix for entering cyrillic chars into the profile manager
  • Translation fixes
  • Fixed SSL connection failure handling
  • Fixed potential buffer overflow issue
  • ICQ: Fixed keep-alive option default value
  • Jabber: Fixed certificate validation for TLS connection
  • MSN: Fixed issue in MSN chats with unicode characters
  • Yahoo: Fix for Yahoo search

Debian GNU Linux 5.0.3

Debian GNU Linux 5.0.3. Esta nueva versión trae de nuevo muchos más programas que su predecesor etch; la distribución incluye más de 7700 paquetes nuevos, para un total de más de 23200 paquetes. La mayor parte de los programas que se distribuyen se han actualizado: más de 13400 paquetes de programas(corresponde a un 72% de los paquetes en etch). También se han eliminado por varios motivos un número significante de paquetes (más de 3100, 17% de los paquetes en etch). No verá ninguna actualización para estos paquetes y se marcarán como «obsoletos» en los programas de gestión de paquetes.

 
lennybanner_indexed

Desarrollador:debian.org

Descargar:Debian GNU Linux 5.0.3

Cambios y modificaciones en esta versión Debian GNU Linux 5.0.3

Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:

Package Reason
avelsieve Allow last filter to be deleted and fix interoperability with dovecot
base-files Update /etc/debian_version to reflect the point release
burn Properly escape filenames and more securely handle subprocess arguments
ffmpeg-debian Support reading large metadata in flac decoder
firmware-nonfree Add firmware-bnx2x package
freedoom Remove copyright-violating material
ganeti Fix hvmloader path to match Lenny’s xen-utils-3.2-1
geoip Add versioned Replaces to avoid issues with upgrades from etch
gthumb Fix treating symlinked directories contents as duplicated
heartbeat Fix syntax error, IPv6 /64 prefixes and etch to lenny upgrades
irssi Fix out of bounds access
kernel-wedge Include bnx2x driver if available
libcompress-raw-bzip2-perl CVE-2009-1884: fix off-by-one error in bzinflate()
libcompress-raw-zlib-perl CVE-2009-1391: Fix a buffer overflow in inflate()
libio-socket-ssl-perl Fix security vulnerability in partial hostname matching
libpam-ssh Fix user enumeration issue
linux-2.6 Several fixes and increased hardware support
linux-kernel-di-alpha-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-arm-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-hppa-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 kernel 2.6.26-19
mod-wsgi Incorporate upstream bug-fix releases (including several potential crash or memory leak bugs)
multipath-tools Fix crash on shutdown
nexuiz-data Disable message about new upstream versions
openafs Don’t create invalid pointers to kernel memory when handling errors
openssl Fix several vulnerabilities
perl Fix a memory leak, buffer overflow (CVE-2009-1391) and replaces/conflicts package name typo
pidgin Properly enforce the ‘require SSL/TLS’ option on older XMPP servers
postgrey Update whitelist; include wider Google entry
python-django Fix aribtrary filesystem access via crafted URLs
python-numpy Fix incorrect symlink to include file
python-support Ignore lines starting ‘import’ when parsing .pth files
request-tracker3.6 Only allow SuperUsers to edit global RT at a Glance
spamassassin Stop using cybersquatted open-whois.org RBL
stardict Disable network dictionary plugin (CVE-2009-2260)
subversion Fix mail header formatting in commit-email.pl hook
texlive-base Don’t fail when LaTeX is five years old; blacklist lamsarrow.sty and include fixed font metrics
texlive-bin Fix error with configuring when included files are five years old
texlive-extra Don’t fail when LaTeX is five years old
texlive-lang Don’t fail when LaTeX is five years old
tor Fix DoS and another potential security issue
transmission Fix segfault and generation of invalid filenames
tzdata Update Cairo DST for Ramadan
udev Update several rules and add backported fixes
user-mode-linux Rebuild against linux-source-2.6.26 (2.6.26-19)
wordpress Fix password reset procedure
xcftools Fix crash with files containing negative co-ordinates
xfce4-dict Don’t create zombie processes
xfce4-weather-plugin Use weather.com API key so that results are returned again
xorg Fix grave bug in postinst maintainer script which could lead to empty xorg configuration files
znc Fix crash if a user is deleted whilst connecting to a server

New version of debian-installer
The installer has been updated to incorporate the new kernels released with this point release, adding support for new network hardware, and to fix a segfault early in the boot process of installations for the S/390 architecture.

Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package Correction(s)
DSA-1813 evolution-data-server Regressions in previous security update
DSA-1816 apache2 Privilege escalation
DSA-1816 apache2-mpm-itk Privilege escalation
DSA-1826 eggdrop Several vulnerabilities
DSA-1827 ipplan Cross-site scripting
DSA-1828 ocsinventory-agent Arbitrary code execution
DSA-1829 sork-passwd-h3 Cross-site scripting
DSA-1830 icedove Several vulnerabilities
DSA-1831 djbdns Privilege escalation
DSA-1832 camlimages Arbitrary code execution
DSA-1833 dhcp3 Arbitrary code execution
DSA-1834 apache2 Denial of service
DSA-1834 apache2-mpm-itk Denial of service
DSA-1838 pulseaudio Privilege escalation
DSA-1840 xulrunner Several vulnerabilities
DSA-1842 openexr Several vulnerabilities
DSA-1843 squid3 Denial of service
DSA-1845 user-mode-linux Several vulnerabilities
DSA-1846 kvm Denial of service
DSA-1847 bind9 Denial of service
DSA-1848 znc Remote code execution
DSA-1851 gst-plugins-bad0.10 Arbitrary code execution
DSA-1852 fetchmail SSL certificate verification weakness
DSA-1853 memcached Arbitrary code execution
DSA-1854 apr Arbitrary code execution
DSA-1854 apr-util Arbitrary code execution
DSA-1855 subversion Arbitrary code execution
DSA-1856 mantis Information leak
DSA-1857 camlimages Arbitrary code execution
DSA-1858 imagemagick Several vulnerabilities
DSA-1859 libxml2 Several issues
DSA-1860 ruby1.8 Several issues
DSA-1865 user-mode-linux Several vulnerabilities
DSA-1867 kdelibs Several vulnerabilities
DSA-1869 curl SSL certificate verification weakness
DSA-1870 pidgin Insufficient input sanitization
DSA-1871 wordpress Several vulnerabilities
DSA-1873 xulrunner Spoofing vulnerabilities
DSA-1874 nss Several vulnerabilities
DSA-1875 ikiwiki Information disclosure
DSA-1876 dnsmasq Remote code execution
DSA-1877 mysql-dfsg-5.0 Arbitrary code execution

Removed packages
The following packages were removed due to circumstances beyond our control:

Package Reason
sabayon very buggy; unsuitable for a stable release