[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian GNU/Linux 4.0 updated

The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press@debian.org
August 17th, 2007               http://www.debian.org/News/2007/20070817

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the first update of its stable
distribution Debian GNU/Linux 4.0 (codename etch).  This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems.  The first update also corrects a
few important issues that have been noticed too late in the release

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:


Debian-Installer Update

To propagate updated Linux kernel packages to the Debian installer it
has been updated.  The new binary interface causes the old netboot and
floppy images to stop working and thus will be rebuilt and distributed
from the regular locations soon.  Several USB CD drives that were
previously not detected are now supported.  Other changes include an
updated mirror list, a correction for gksu and improved translations.

Miscellaneous Bugfixes

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

   Package                 Reason

   apache2                 Expire disk cache, improved documentation
   apache2-mpm-itk         Rebuilt against current Apache2
   debian-archive-keyring  Key for volatile.debian.org added
   debootstrap             Add support for lenny
   desktop-base            Adjust path to default wallpaper for KDE
   epiphany-browser        Enable content negotiation for user's language setting
   fai-kernels             Include arcmsr SCSI driver
   file                    Prevent possible denial of service
   glibc                   Prevent mount hang, memory leak and printf failure
   gnome-mount             Rebuilt against current libeel2-2.14
   initramfs-tools         Added missing ESP module to SCSI modules list
   kernel-wedge            Reupload to match packages in r1
   libofa                  Rebuilt in a clean environment
   librsvg                 Corrected dependency
   lifelines               Prevent file conflict with older version
   linux-latest-2.6        Assist upgrade to new linux-2.6
   lsb                     Don't remove PID files of running daemons
   madwifi                 Correct two remote and one local denial of service
   mail-notification       Binary rebuilt on several architectures
   mixmaster               Correct buffer overflow
   mozilla-traybiff        Improved dependency
   mpop                    Prevent password stealing via man in the middle
   mutt                    Correct reconnecting to IMAP server
   nano                    Prevent segmentation faults
   neon26                  Correct Kerberos authentication
   nfs-utils               Prevent memory leaks
   openoffice.org          Prevent crashes when saving files
   orage                   Prevent memory leak
   orbit2                  Allow non-local IPv4 connections
   php5                    Correct regression in single quote escaping
   pppconfig               Correct upgrade problem
   rdesktop                Prevent segmentation fault upon successful login
   tetex-base              Ease transition to texlive
   trac                    Adjust CSS and prevent remote exploition
   user-setup              Properly set up gksu alternatives
   vice                    Correct regression after libx11-6 security fix
   xorg                    Provide easier upgrades and corrected dependencies

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

Advisory ID    Package(s)               Correction(s)

   DSA 1280    aircrack-ng              Arbitrary code execution
   DSA 1281    clamav                   Several vulnerabilities
   DSA 1282    php4                     Several vulnerabilities
   DSA 1283    php5                     Several vulnerabilities
   DSA 1284    qemu                     Several vulnerabilities
   DSA 1285    wordpress                Several vulnerabilities
   DSA 1286    linux-2.6                Several vulnerabilities
   DSA 1288    pptpd                    Denial of service
   DSA 1289    linux-2.6                Several vulnerabilities
   DSA 1290    squirrelmail             Cross-site scripting
   DSA 1291    samba                    Several vulnerabilities
   DSA 1292    qt4-x11                  Cross-site scripting
   DSA 1293    quagga                   Denial of service
   DSA 1295    php5                     Several vulnerabilities
   DSA 1296    php4                     Privilege escalation
   DSA 1297    gforge-plugin-scmcvs     Arbitrary shell command execution
   DSA 1298    otrs2                    Cross-site scripting
   DSA 1299    ipsec-tools              Denial of service
   DSA 1300    iceape                   Several vulnerabilities
   DSA 1301    gimp                     Arbitrary code execution
   DSA 1302    freetype                 Arbitrary code execution
   DSA 1303    lighttpd                 Denial of service
   DSA 1305    icedove                  Several vulnerabilities
   DSA 1306    xulrunner                Several vulnerabilities
   DSA 1307    openoffice.org           Arbitrary code execution
   DSA 1309    postgresql-8.1           Privilege escalation.
   DSA 1310    libexif                  Arbitrary code execution
   DSA 1311    postgresql-7.4           Privilege escalation.
   DSA 1312    libapache-mod-jk         Information disclosure
   DSA 1313    mplayer                  Arbitrary code execution
   DSA 1314    open-iscsi               Several vulnerabilities
   DSA 1315    libphp-phpmailer         Arbitrary shell command execution
   DSA 1316    emacs21                  Denial of service
   DSA 1318    ekg                      Denial of service

Removed Package

This package has been removed from the distribution:

   Package                Reason

   vdrift                 License violation

The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:



The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.

Unix is user friendly ...  It's just picky about its friends.

Reply to: