|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Debian GNU/Linux 4.0 updated
Date: Sun Feb 17 2008 - 03:21:15 EST
The Debian Project http://www.debian.org/ Debian GNU/Linux 4.0 updated press@debian.org February 17th, 2008 http://www.debian.org/News/2008/20080217 ------------------------------------------------------------------------
Debian GNU/Linux 4.0 updated
The Debian project is pleased to announce the third update of its stable distribution Debian GNU/Linux 4.0 (codename etch). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
<http://www.debian.org/distrib/ftplist>
Debian-Installer Update
The installer has been updated to use and support the updated kernels included in this release. This change causes old netboot and floppy images to stop working; updated versions are available from the regular locations.
This update also includes stability improvements and added support for SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs that were announced with the second update, but were not actually included.
Important changes
Updated versions of the bcm43xx-fwcutter package will be distributed via volatile.debian.org. The package itself will be removed from etch with the next update.
Flashplugin-nonfree has been removed (see below), as this is closed source and we don't get security support for it. For security reasons, we recommend to immediately remove any version of flashplugin-nonfree and any remaining files of the Adobe Flash Player. Tested updates will be made available via backports.org.
Miscellaneous Bugfixes
This stable update adds several binary updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages:
Package Reason apache Fix of several vulnerabilities apache2 Fix of several vulnerabilities apache2-mpm-itk Rebuild for apache2 rebuilds bos Remove non-free content clamav Remove non-free (and undistributable) unrar-code cpio Fix malformed creation of ustar archives denyhosts Fix improper parsing of ssh logfiles ircproxy Fix denial of service glibc Fix sunrpc memory leak gpsd Fix problem with leap years ipmitool Bring architectures back in sync kdebase Add support for latest flash plugin kdelibs Add support for latest flash plugin kdeutils Prevent unauthorised access when hibernated libchipcard2 Add missing dependency linux-2.6 Fix several bugs loop-aes Updated linux-2.6 kernel madwifi Fix possible denial of service net-snmp Fix broken snmpbulkwalk ngircd Fix possible denial of service sing Fix privilege escalation sun-java5 Fix remote program execution unrar-nonfree Fix arbitrary code execution viewcvs Fix cvs parsing xorg-server Fix inline assembler for processors without cpuid
These packages are updated to support the newer kernels:
linux-modules-contrib-2.6 linux-modules-extra-2.6 linux-modules-nonfree-2.6 nvidia-graphics-legacy-modules-amd64 nvidia-graphics-legacy-modules-i386
nvidia-graphics-modules-amd64
nvidia-graphics-modules-i386
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.
Advisory ID Package(s) Correction(s)
DSA 1405 zope-cmfplone Arbitrary code execution DSA 1437 cupsys Several vulnerabilities DSA 1438 tar Several vulnerabilities DSA 1439 typo3-src SQL injection. DSA 1440 inotify-tools Arbitrary code execution DSA 1441 peercast Arbitrary code execution DSA 1442 libsndfile Arbitrary code execution DSA 1443 tcpreen Denial of service DSA 1444 php5 Several vulnerabilities DSA 1445 maradns Denial of service DSA 1446 wireshark Denial of service DSA 1447 tomcat5.5 Several vulnerabilities DSA 1448 eggdrop Arbitrary code execution DSA 1449 loop-aes-utils Programming error DSA 1450 util-linux Programming error DSA 1451 mysql-dfsg-5.0 Several vulnerabilities DSA 1452 wzdftpd Denial of service DSA 1453 tomcat5 Several vulnerabilities DSA 1454 freetype Arbitrary code execution DSA 1455 libarchive Several problems DSA 1456 fail2ban Denial of service DSA 1457 dovecot Information disclosure DSA 1458 openafs Denial of service DSA 1459 gforge SQL injection DSA 1460 postgresql-8.1 Several vulnerabilities DSA 1461 libxml2 Denial of service DSA 1462 hplip Privilege escalation DSA 1463 postgresql-7.4 Several vulnerabilities DSA 1464 syslog-ng Denial of service DSA 1465 apt-listchanges Arbitrary code execution DSA 1466 xorg Several vulnerabilities DSA 1468 tomcat5.5 Several vulnerabilities DSA 1469 flac Arbitrary code execution DSA 1470 horde3 Denial of service DSA 1471 libvorbis Several vulnerabilities DSA 1472 xine-lib Arbitrary code execution DSA 1473 scponly Arbitrary code execution DSA 1474 exiv2 Arbitrary code execution DSA 1475 gforge Cross site scripting DSA 1476 pulseaudio Privilege escalation DSA 1477 yarssr Arbitrary shell command execution DSA 1478 mysql-dfsg-5.0 Several vulnerabilities DSA 1479 fai-kernels Several vulnerabilities DSA 1479 linux-2.6 Several vulnerabilities DSA 1483 net-snmp Denial of service DSA 1484 xulrunner Several vulnerabilities
Removed Packages
These packages are removed from the distribution:
Package Reason bandersnatch Too buggy flashplugin-nonfree Closed source and no security support flyspray Too buggy, no support from upstream ipxripd Incompatibility with the Etch kernel jags Too buggy unace-nonfree Broken on big-endian or 64bit-systems
The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
<http://release.debian.org/stable/4.0/4.0r3/>
URLs
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/etch/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at <http://www.debian.org/>, send mail to <press(at)debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
-- To UNSUBSCRIBE, email to debian-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Sun Feb 17 03:30:42 2008
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 07:02:01 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |