[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian GNU/Linux 3.1 updated



------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian GNU/Linux 3.1 updated                            press@debian.org
February 18th, 2007             http://www.debian.org/News/2007/20070218
------------------------------------------------------------------------

Debian GNU/Linux 3.1 updated

The Debian project has updated the stable distribution Debian GNU/Linux
3.1 (codename `sarge').  This update mainly adds security updates to the
stable release, along with a few corrections to serious problems.  Those
who frequently update from security.debian.org won't have to update many
packages and most updates from security.debian.org are included in this
update.

Please note that this update does not constitute a new version of Debian
GNU/Linux 3.1 but only updates some of the packages included.  There is
no need to throw away 3.1 CDs.  Instead you only need to update against
ftp.debian.org or a mirror after an installation, in order to incorporate
those changes.  New CD and DVD images are being built right now and will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
`apt' package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors.  A comprehensive list of mirrors is
available at:

    <http://www.debian.org/distrib/ftplist>


Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages.


   Package                Reason

   exim                   Update description to reflect upgrade problems
   glibc                  Update timezone data
   openvpn                Fix restart of openvpn in init script
   pinball                Get architectures back in sync


Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.

Advisory ID    Package(s)               Correktion(s)

   DSA  996    libcrypt-cbc-perl        Cryptographic weakness
   DSA 1193    XFree86                  Several vulnerabilities
   DSA 1196    clamav                   Arbitrary code execution
   DSA 1197    python2.4                Arbitrary code execution
   DSA 1198    python-2.3               Arbitrary code execution
   DSA 1199    webmin                   Input validation problems
   DSA 1200    qt-x11-free              Denial of service
   DSA 1201    ethereal                 Denial of service
   DSA 1202    screen                   Arbitrary code execution
   DSA 1203    libpam-ldap              Access control bypass
   DSA 1204    ingo1                    Arbitrary shell command execution
   DSA 1205    thttpd                   Insecure temporary file creation
   DSA 1206    php4                     Several vulnerabilities
   DSA 1207    phpmyadmin               Several vulnerabilities
   DSA 1208    bugzilla                 Several vulnerabilities
   DSA 1209    trac                     Cross-site request forgery
   DSA 1210    mozilla-firefox          Several vulnerabilities
   DSA 1211    pdns                     Arbitrary code execution
   DSA 1212    openssh                  Denial of service
   DSA 1213    imagemagick              Several vulnerabilities
   DSA 1214    gv                       Arbitrary code execution
   DSA 1215    xine-lib                 Execution of arbitrary code
   DSA 1216    flexbackup               Denial of service
   DSA 1217    linux-ftpd               Access control bypass
   DSA 1218    proftpd                  Denial of service
   DSA 1219    texinfo                  Multiple vulnerabilities
   DSA 1220    pstotext                 Arbitrary shell command execution
   DSA 1221    libgsf                   Arbitrary code execution
   DSA 1222    proftpd                  Several vulnerabilities
   DSA 1223    tar                      Arbitrary file overwrite
   DSA 1224    mozilla                  Several vulnerabilities
   DSA 1225    mozilla-firefox          Several vulnerabilities
   DSA 1226    links                    Arbitrary shell command execution
   DSA 1227    mozilla-thunderbird      Several vulnerabilities
   DSA 1228    elinks                   Arbitrary shell command execution
   DSA 1229    asterisk                 Arbitrary code execution
   DSA 1230    l2tpns                   Buffer overflow
   DSA 1231    gnupg                    Arbitrary code execution
   DSA 1232    clamav                   Denial of service
   DSA 1233    kernel-source-2.6.8      Several vulnerabilities
   DSA 1234    ruby1.6                  Denial of service
   DSA 1235    ruby1.8                  Denial of service
   DSA 1236    enemies-of-carlotta      Missing sanity checks
   DSA 1237    kernel-source-2.4.27     Several vulnerabilities
   DSA 1238    clamav                   Several vulnerabilities
   DSA 1239    sql-ledger               Arbitrary code execution
   DSA 1241    squirrelmail             Cross-site scripting
   DSA 1242    elog                     Arbitrary code execution
   DSA 1243    evince                   Arbitrary code execution
   DSA 1244    xine-lib                 Arbitrary code execution
   DSA 1245    proftpd                  Denial of service
   DSA 1246    openoffice.org           Arbitrary code execution
   DSA 1247    libapache-mod-auth-kerb  Remote denial of service
   DSA 1248    libsoup                  Denial of service
   DSA 1249    xfree86                  Privilege escalation
   DSA 1250    cacti                    Arbitrary code execution
   DSA 1251    netrik                   Arbitary shell command execution
   DSA 1252    vlc                      Arbitrary code execution
   DSA 1253    mozilla-firefox          Several vulnerabilities
   DSA 1254    bind9                    Denial of service
   DSA 1255    libgtop2                 Arbitrary code execution
   DSA 1256    gtk+2.0                  Denial of service
   DSA 1257    samba                    Several vulnerabilities
   DSA 1258    mozilla-thunderbird      Several vulnerabilities
   DSA 1259    fetchmail                Information disclosure
   DSA 1260    imagemagick              Arbitrary code execution
   DSA 1261    postgresql               Several vulnerabilities

The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

  <http://release.debian.org/stable/3.1/3.1r5/>


URLs
----

The complete lists of packages that have changed with this revision:

  <http://ftp.debian.org/debian/dists/sarge/ChangeLog>

The current stable distribution:

  <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

  <http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

  <http://www.debian.org/releases/stable/>

Security announcements and information:

  <http://www.debian.org/security/>


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.



Reply to: