[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian GNU/Linux 4.0 updated



------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press@debian.org
February 17th, 2008             http://www.debian.org/News/2008/20080217
------------------------------------------------------------------------

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the third update of its
stable distribution Debian GNU/Linux 4.0 (codename etch).  This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

    <http://www.debian.org/distrib/ftplist>


Debian-Installer Update
-----------------------

The installer has been updated to use and support the updated kernels
included in this release.  This change causes old netboot and floppy images
to stop working; updated versions are available from the regular locations.

This update also includes stability improvements and added support for 
SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs that were announced with
the second update, but were not actually included.


Important changes
-----------------

Updated versions of the bcm43xx-fwcutter package will be distributed via
volatile.debian.org.  The package itself will be removed from etch with the
next update.

Flashplugin-nonfree has been removed (see below), as this is closed source
and we don't get security support for it.  For security reasons, we
recommend to immediately remove any version of flashplugin-nonfree and any
remaining files of the Adobe Flash Player.  Tested updates will be made
available via backports.org.


Miscellaneous Bugfixes
----------------------

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

   Package                 Reason

   apache                  Fix of several vulnerabilities
   apache2                 Fix of several vulnerabilities
   apache2-mpm-itk         Rebuild for apache2 rebuilds
   bos                     Remove non-free content
   clamav                  Remove non-free (and undistributable) unrar-code
   cpio                    Fix malformed creation of ustar archives
   denyhosts               Fix improper parsing of ssh logfiles
   ircproxy                Fix denial of service
   glibc                   Fix sunrpc memory leak
   gpsd                    Fix problem with leap years
   ipmitool                Bring architectures back in sync
   kdebase                 Add support for latest flash plugin
   kdelibs                 Add support for latest flash plugin
   kdeutils                Prevent unauthorised access when hibernated
   libchipcard2            Add missing dependency
   linux-2.6               Fix several bugs
   loop-aes                Updated linux-2.6 kernel
   madwifi                 Fix possible denial of service
   net-snmp                Fix broken snmpbulkwalk
   ngircd                  Fix possible denial of service
   sing                    Fix privilege escalation
   sun-java5               Fix remote program execution
   unrar-nonfree           Fix arbitrary code execution
   viewcvs                 Fix cvs parsing
   xorg-server             Fix inline assembler for processors without cpuid

These packages are updated to support the newer kernels:

   linux-modules-contrib-2.6
   linux-modules-extra-2.6
   linux-modules-nonfree-2.6
   nvidia-graphics-legacy-modules-amd64
   nvidia-graphics-legacy-modules-i386
   nvidia-graphics-modules-amd64
   nvidia-graphics-modules-i386


Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.

Advisory ID    Package(s)               Correction(s)

   DSA 1405    zope-cmfplone            Arbitrary code execution
   DSA 1437    cupsys                   Several vulnerabilities
   DSA 1438    tar                      Several vulnerabilities
   DSA 1439    typo3-src                SQL injection.
   DSA 1440    inotify-tools            Arbitrary code execution
   DSA 1441    peercast                 Arbitrary code execution
   DSA 1442    libsndfile               Arbitrary code execution
   DSA 1443    tcpreen                  Denial of service
   DSA 1444    php5                     Several vulnerabilities
   DSA 1445    maradns                  Denial of service
   DSA 1446    wireshark                Denial of service
   DSA 1447    tomcat5.5                Several vulnerabilities
   DSA 1448    eggdrop                  Arbitrary code execution
   DSA 1449    loop-aes-utils           Programming error
   DSA 1450    util-linux               Programming error
   DSA 1451    mysql-dfsg-5.0           Several vulnerabilities
   DSA 1452    wzdftpd                  Denial of service
   DSA 1453    tomcat5                  Several vulnerabilities
   DSA 1454    freetype                 Arbitrary code execution
   DSA 1455    libarchive               Several problems
   DSA 1456    fail2ban                 Denial of service
   DSA 1457    dovecot                  Information disclosure
   DSA 1458    openafs                  Denial of service
   DSA 1459    gforge                   SQL injection
   DSA 1460    postgresql-8.1           Several vulnerabilities
   DSA 1461    libxml2                  Denial of service
   DSA 1462    hplip                    Privilege escalation
   DSA 1463    postgresql-7.4           Several vulnerabilities
   DSA 1464    syslog-ng                Denial of service
   DSA 1465    apt-listchanges          Arbitrary code execution
   DSA 1466    xorg                     Several vulnerabilities
   DSA 1468    tomcat5.5                Several vulnerabilities
   DSA 1469    flac                     Arbitrary code execution
   DSA 1470    horde3                   Denial of service
   DSA 1471    libvorbis                Several vulnerabilities
   DSA 1472    xine-lib                 Arbitrary code execution
   DSA 1473    scponly                  Arbitrary code execution
   DSA 1474    exiv2                    Arbitrary code execution
   DSA 1475    gforge                   Cross site scripting
   DSA 1476    pulseaudio               Privilege escalation
   DSA 1477    yarssr                   Arbitrary shell command execution
   DSA 1478    mysql-dfsg-5.0           Several vulnerabilities
   DSA 1479    fai-kernels              Several vulnerabilities
   DSA 1479    linux-2.6                Several vulnerabilities
   DSA 1483    net-snmp                 Denial of service
   DSA 1484    xulrunner                Several vulnerabilities


Removed Packages
----------------

These packages are removed from the distribution:

   Package                Reason

   bandersnatch           Too buggy
   flashplugin-nonfree    Closed source and no security support
   flyspray               Too buggy, no support from upstream
   ipxripd                Incompatibility with the Etch kernel
   jags                   Too buggy
   unace-nonfree          Broken on big-endian or 64bit-systems


The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

  <http://release.debian.org/stable/4.0/4.0r3/>


URLs
----

The complete lists of packages that have changed with this revision:

  <http://ftp.debian.org/debian/dists/etch/ChangeLog>

The current stable distribution:

  <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

  <http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

  <http://www.debian.org/releases/stable/>

Security announcements and information:

  <http://www.debian.org/security/>


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.


Reply to: