|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Debian GNU/Linux 4.0 updated
Date: Thu Dec 27 2007 - 07:03:42 EST
The Debian Project http://www.debian.org/ Debian GNU/Linux 4.0 updated press@debian.org December 27th, 2007 http://www.debian.org/News/2007/20071227 ------------------------------------------------------------------------
Debian GNU/Linux 4.0 updated
The Debian project is pleased to announce the second update of its stable distribution Debian GNU/Linux 4.0 (codename etch). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
<http://www.debian.org/distrib/ftplist>
Debian-Installer Update
The installer has been updated to use and support the updated kernels included in this release. This change causes old netboot and floppy images to stop working; updated versions are available from the regular locations.
Other changes include stability improvements in specific situations, improved serial console support when configuring grub, and added support for SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs (mips).
Miscellaneous Bugfixes
This stable update adds several binary updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages:
Package Reason apache2 Fix of several CVEs apache2-mpm-itk Rebuild for apache2 rebuilds bonson Rebuild against lib3ds-dev cdebconf Fix of several memory leaks debconf Fix possible hangs during netboot installs dosemu-freedos Remove unused non-free code enigmail Fix regression introduced by icedove 1.5.0.10 fai-kernels Recompile for Linux Kernel rebuilds findutils Fix locate heap buffer overflow (CVE-2007-2452) flashplugin-nonfree New upstream release fixes security problems glibc Fix nscd crash gnome-hearts Added missing dependency gnome-panel Fix authentication bypass iceweasel-l10n Remove roa-es-val translation and updated ca package description joystick Bring architectures back in sync kernel-patch-openvz Rebuild for Debian Kernel rebuild klibc Fixes nfsroot on mips(el) lib3ds Fix strict-aliasing errors libdbi-perl Fix potential dataloss libmarc-charset-perl Bring architectures back in sync libnarray-ruby Rebuild against current ruby1.8 to fix a wrong library install directory linux-latest-2.6 Rebuild for Linux Kernel rebuild lvm2 Fix to work correctly with striped lvm1 metadata mpop Rebuild against etch (i386 only) multipath-tools Move priority of initscript opal Fix CVE-2007-4924 openscenegraph Bring architectures back in sync openvpn Rebuild against liblzo2 to fix general protection errors. pam Fix CVE-2005-2977 po4a Fix CVE-2007-4462 postgresql-8.1 Fix regression introduced in 8.1.9 pwlib Fix CVE-2007-4897 pygresql Fix package on libpq sear Rebuild against lib3ds-dev tzdata Recent timezone updates unace Make program 64bit clean user-mode-linux Rebuild for Debian Kernel rebuild uswsusp Fix regression view3ds Rebuild against lib3ds-dev viewcvs Fix interoperability with etch CVS wesnoth Fix CVE-2007-6201
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.
Advisory ID Package(s) Correction(s)
DSA 1288 pptpd Denial of service DSA 1317 tinymux Buffer overflow DSA 1319 maradns Denial of service DSA 1320 clamav Several vulnerabilities DSA 1321 evolution-data-server Arbitrary code execution DSA 1322 wireshark Denial of service DSA 1323 krb5 Several vulnerabilities DSA 1324 hiki Missing input sanitising DSA 1325 evolution Arbitrary code execution DSA 1326 fireflier Unsafe temporary files DSA 1327 gsambad Unsafe temporary files DSA 1328 unicon Buffer overflow DSA 1330 php5 Arbitrary code execution DSA 1331 php4 Arbitrary code execution DSA 1332 vlc Arbitrary code execution DSA 1333 curl Certificate handling DSA 1335 gimp Arbitrary code execution DSA 1337 xulrunner Several vulnerabilities DSA 1338 iceweasel Several vulnerabilities DSA 1339 iceape Several vulnerabilities DSA 1340 clamav Denial of service DSA 1341 bind9 DNS cache poisoning DSA 1342 xfs Privilege escalation DSA 1343 file Arbitrary code execution DSA 1344 iceweasel Several vulnerabilities DSA 1345 xulrunner Several vulnerabilities DSA 1346 iceape Several vulnerabilities DSA 1347 xpdf Arbitrary code execution DSA 1348 poppler Arbitrary code execution DSA 1351 bochs Privilege escalation DSA 1353 tcpdump Arbitrary code execution DSA 1355 kdegraphics Arbitrary code execution DSA 1356 Linux 2.6.18 Several vulnerabilities DSA 1357 koffice Arbitrary code execution DSA 1358 asterisk Several vulnerabilities DSA 1359 dovecot Directory traversal DSA 1360 rsync Arbitrary code execution DSA 1361 postfix-policyd Arbitrary code execution DSA 1362 lighttpd Several vulnerabilities DSA 1363 Linux 2.6.18 Several vulnerabilities DSA 1364 vim Several vulnerabilities DSA 1365 id3lib3.8.3 Denial of service DSA 1366 clamav Several vulnerabilities DSA 1367 krb5 Arbitrary code execution DSA 1368 librpcsecgss Arbitrary code execution DSA 1369 gforge SQL injection DSA 1370 phpmyadmin Several vulnerabilities DSA 1371 phpwiki Several vulnerabilities DSA 1372 ktorrent Directory traversal DSA 1372 xorg-server Privilege escalation DSA 1374 jffnms Several vulnerabilities DSA 1375 OpenOffice.org Arbitrary code execution DSA 1376 kdebase Authentication bypass DSA 1377 fetchmail Denial of service DSA 1378 Linux 2.6.18 Several vulnerabilities DSA 1379 openssl Arbitrary code execution DSA 1380 elinks Information disclosure DSA 1381 Linux 2.6.18 Several vulnerabilities DSA 1382 quagga Denial of service DSA 1383 gforge Cross-site scripting DSA 1384 xen-utils Several vulnerabilities DSA 1385 xfs Arbitrary code execution DSA 1386 wesnoth Denial of service DSA 1387 librpcsecgss Arbitrary code execution DSA 1388 dhcp Arbitrary code execution DSA 1389 zoph SQL injection DSA 1390 t1lib Arbitrary code execution DSA 1391 icedove Several vulnerabilities DSA 1392 xulrunner Several vulnerabilities DSA 1393 xfce4-terminal Arbitrary command execution DSA 1394 reprepro Authentication bypass DSA 1395 xen-utils File truncation DSA 1396 iceweasel Several vulnerabilities DSA 1397 mono Integer overflow DSA 1398 perdition Arbitrary code execution DSA 1400 perl Arbitrary code execution DSA 1401 iceape Several vulnerabilities DSA 1402 gforge Several vulnerabilities DSA 1403 phpmyadmin Cross-site scripting DSA 1404 gallery2 Privilege escalation DSA 1405 zope-cmfplone Arbitrary code execution DSA 1406 horde3 Several vulnerabilities DSA 1407 cupsys Arbitrary code execution DSA 1408 kdegraphics Arbitrary code execution DSA 1409 samba Several vulnerabilities DSA 1410 ruby1.8 Insecure SSL certificate validation DSA 1412 ruby1.9 Insecure SSL certificate validation DSA 1413 mysql Several vulnerabilities DSA 1414 wireshark Several vulnerabilities DSA 1415 tk8.4 Arbitrary code execution DSA 1416 tk8.3 Arbitrary code execution DSA 1417 asterisk SQL injection DSA 1418 cacti SQL injection DSA 1419 OpenOffice.org Arbitrary Java code execution DSA 1420 zabbix Privilege escalation DSA 1421 wesnoth Arbitrary file disclosure DSA 1422 e2fsprogs Arbitrary code execution DSA 1423 sitebar Several vulnerabilities DSA 1424 iceweasel Several vulnerabilities DSA 1425 xulrunner Several vulnerabilities DSA 1426 qt-x11-free Several vulnerabilities DSA 1427 samba Arbitrary code execution DSA 1428 Linux 2.6.18 Several vulnerabilities DSA 1429 htdig Cross-site scripting DSA 1430 libnss-ldap Denial of service DSA 1431 ruby-gnome2 Arbitrary code execution DSA 1432 link-grammar Arbitrary code execution DSA 1433 centericq Arbitrary code execution DSA 1434 mydns Denial of service DSA 1435 clamav Several vulnerabilities DSA 1436 Linux 2.6.18 Several vulnerabilities
The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
<http://release.debian.org/stable/4.0/4.0r2/>
URLs
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/etch/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at <http://www.debian.org/>, send mail to <press(at)debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
-- To UNSUBSCRIBE, email to debian-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Thu Dec 27 07:09:13 2007
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 07:02:01 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |