Debian GNU/Linux 4.0 updated
------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Debian GNU/Linux 4.0 updated press@debian.org
August 17th, 2007 http://www.debian.org/News/2007/20070817
------------------------------------------------------------------------
Debian GNU/Linux 4.0 updated
The Debian project is pleased to announce the first update of its stable
distribution Debian GNU/Linux 4.0 (codename etch). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems. The first update also corrects a
few important issues that have been noticed too late in the release
process.
Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included. There is
no need to throw away 4.0 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.
Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.
New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
<http://www.debian.org/distrib/ftplist>
Debian-Installer Update
-----------------------
To propagate updated Linux kernel packages to the Debian installer it
has been updated. The new binary interface causes the old netboot and
floppy images to stop working and thus will be rebuilt and distributed
from the regular locations soon. Several USB CD drives that were
previously not detected are now supported. Other changes include an
updated mirror list, a correction for gksu and improved translations.
Miscellaneous Bugfixes
----------------------
This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:
Package Reason
apache2 Expire disk cache, improved documentation
apache2-mpm-itk Rebuilt against current Apache2
debian-archive-keyring Key for volatile.debian.org added
debootstrap Add support for lenny
desktop-base Adjust path to default wallpaper for KDE
epiphany-browser Enable content negotiation for user's language setting
fai-kernels Include arcmsr SCSI driver
file Prevent possible denial of service
glibc Prevent mount hang, memory leak and printf failure
gnome-mount Rebuilt against current libeel2-2.14
initramfs-tools Added missing ESP module to SCSI modules list
kernel-wedge Reupload to match packages in r1
libofa Rebuilt in a clean environment
librsvg Corrected dependency
lifelines Prevent file conflict with older version
linux-latest-2.6 Assist upgrade to new linux-2.6
lsb Don't remove PID files of running daemons
madwifi Correct two remote and one local denial of service
mail-notification Binary rebuilt on several architectures
mixmaster Correct buffer overflow
mozilla-traybiff Improved dependency
mpop Prevent password stealing via man in the middle
mutt Correct reconnecting to IMAP server
nano Prevent segmentation faults
neon26 Correct Kerberos authentication
nfs-utils Prevent memory leaks
openoffice.org Prevent crashes when saving files
orage Prevent memory leak
orbit2 Allow non-local IPv4 connections
php5 Correct regression in single quote escaping
pppconfig Correct upgrade problem
rdesktop Prevent segmentation fault upon successful login
tetex-base Ease transition to texlive
trac Adjust CSS and prevent remote exploition
user-setup Properly set up gksu alternatives
vice Correct regression after libx11-6 security fix
xorg Provide easier upgrades and corrected dependencies
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates.
Advisory ID Package(s) Correction(s)
DSA 1280 aircrack-ng Arbitrary code execution
DSA 1281 clamav Several vulnerabilities
DSA 1282 php4 Several vulnerabilities
DSA 1283 php5 Several vulnerabilities
DSA 1284 qemu Several vulnerabilities
DSA 1285 wordpress Several vulnerabilities
DSA 1286 linux-2.6 Several vulnerabilities
DSA 1288 pptpd Denial of service
DSA 1289 linux-2.6 Several vulnerabilities
DSA 1290 squirrelmail Cross-site scripting
DSA 1291 samba Several vulnerabilities
DSA 1292 qt4-x11 Cross-site scripting
DSA 1293 quagga Denial of service
DSA 1295 php5 Several vulnerabilities
DSA 1296 php4 Privilege escalation
DSA 1297 gforge-plugin-scmcvs Arbitrary shell command execution
DSA 1298 otrs2 Cross-site scripting
DSA 1299 ipsec-tools Denial of service
DSA 1300 iceape Several vulnerabilities
DSA 1301 gimp Arbitrary code execution
DSA 1302 freetype Arbitrary code execution
DSA 1303 lighttpd Denial of service
DSA 1305 icedove Several vulnerabilities
DSA 1306 xulrunner Several vulnerabilities
DSA 1307 openoffice.org Arbitrary code execution
DSA 1309 postgresql-8.1 Privilege escalation.
DSA 1310 libexif Arbitrary code execution
DSA 1311 postgresql-7.4 Privilege escalation.
DSA 1312 libapache-mod-jk Information disclosure
DSA 1313 mplayer Arbitrary code execution
DSA 1314 open-iscsi Several vulnerabilities
DSA 1315 libphp-phpmailer Arbitrary shell command execution
DSA 1316 emacs21 Denial of service
DSA 1318 ekg Denial of service
Removed Package
---------------
This package has been removed from the distribution:
Package Reason
vdrift License violation
The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:
<http://release.debian.org/stable/4.0/4.0r1/>
URLs
----
The complete lists of packages that have changed with this revision:
<http://ftp.debian.org/debian/dists/etch/ChangeLog>
The current stable distribution:
<http://ftp.debian.org/debian/dists/stable>
Proposed updates to the stable distribution:
<http://ftp.debian.org/debian/dists/proposed-updates>
Stable distribution information (release notes, errata etc.):
<http://www.debian.org/releases/stable/>
Security announcements and information:
<http://www.debian.org/security/>
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.
Contact Information
-------------------
For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.
--
Unix is user friendly ... It's just picky about its friends.
Reply to: