[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian GNU/Linux 4.0 updated

The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press@debian.org
December 27th, 2007             http://www.debian.org/News/2007/20071227

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the second update of its
stable distribution Debian GNU/Linux 4.0 (codename etch).  This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:


Debian-Installer Update

The installer has been updated to use and support the updated kernels
included in this release. This change causes old netboot and floppy images
to stop working; updated versions are available from the regular locations.

Other changes include stability improvements in specific situations,
improved serial console support when configuring grub, and added support
for SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs (mips).

Miscellaneous Bugfixes

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

   Package                 Reason

   apache2                 Fix of several CVEs
   apache2-mpm-itk         Rebuild for apache2 rebuilds
   bonson                  Rebuild against lib3ds-dev
   cdebconf                Fix of several memory leaks
   debconf                 Fix possible hangs during netboot installs
   dosemu-freedos          Remove unused non-free code
   enigmail                Fix regression introduced by icedove
   fai-kernels             Recompile for Linux Kernel rebuilds
   findutils               Fix locate heap buffer overflow (CVE-2007-2452)
   flashplugin-nonfree     New upstream release fixes security problems
   glibc                   Fix nscd crash
   gnome-hearts            Added missing dependency
   gnome-panel             Fix authentication bypass
   iceweasel-l10n          Remove roa-es-val translation and updated ca package description 
   joystick                Bring architectures back in sync
   kernel-patch-openvz     Rebuild for Debian Kernel rebuild
   klibc                   Fixes nfsroot on mips(el)
   lib3ds                  Fix strict-aliasing errors
   libdbi-perl             Fix potential dataloss
   libmarc-charset-perl    Bring architectures back in sync
   libnarray-ruby          Rebuild against current ruby1.8 to fix a wrong library install directory
   linux-latest-2.6        Rebuild for Linux Kernel rebuild
   lvm2                    Fix to work correctly with striped lvm1 metadata
   mpop                    Rebuild against etch (i386 only)
   multipath-tools         Move priority of initscript 
   opal                    Fix CVE-2007-4924
   openscenegraph          Bring architectures back in sync
   openvpn                 Rebuild against liblzo2 to fix general protection errors.
   pam                     Fix CVE-2005-2977
   po4a                    Fix CVE-2007-4462
   postgresql-8.1          Fix regression introduced in 8.1.9
   pwlib                   Fix CVE-2007-4897
   pygresql                Fix package on libpq
   sear                    Rebuild against lib3ds-dev
   tzdata                  Recent timezone updates
   unace                   Make program 64bit clean
   user-mode-linux         Rebuild for Debian Kernel rebuild
   uswsusp                 Fix regression
   view3ds                 Rebuild against lib3ds-dev
   viewcvs                 Fix interoperability with etch CVS
   wesnoth                 Fix CVE-2007-6201

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

Advisory ID    Package(s)               Correction(s)

   DSA 1288    pptpd                    Denial of service
   DSA 1317    tinymux                  Buffer overflow
   DSA 1319    maradns                  Denial of service
   DSA 1320    clamav                   Several vulnerabilities
   DSA 1321    evolution-data-server    Arbitrary code execution
   DSA 1322    wireshark                Denial of service
   DSA 1323    krb5                     Several vulnerabilities
   DSA 1324    hiki                     Missing input sanitising
   DSA 1325    evolution                Arbitrary code execution
   DSA 1326    fireflier                Unsafe temporary files
   DSA 1327    gsambad                  Unsafe temporary files
   DSA 1328    unicon                   Buffer overflow
   DSA 1330    php5                     Arbitrary code execution
   DSA 1331    php4                     Arbitrary code execution
   DSA 1332    vlc                      Arbitrary code execution
   DSA 1333    curl                     Certificate handling
   DSA 1335    gimp                     Arbitrary code execution
   DSA 1337    xulrunner                Several vulnerabilities
   DSA 1338    iceweasel                Several vulnerabilities
   DSA 1339    iceape                   Several vulnerabilities
   DSA 1340    clamav                   Denial of service
   DSA 1341    bind9                    DNS cache poisoning
   DSA 1342    xfs                      Privilege escalation
   DSA 1343    file                     Arbitrary code execution
   DSA 1344    iceweasel                Several vulnerabilities
   DSA 1345    xulrunner                Several vulnerabilities
   DSA 1346    iceape                   Several vulnerabilities
   DSA 1347    xpdf                     Arbitrary code execution
   DSA 1348    poppler                  Arbitrary code execution
   DSA 1351    bochs                    Privilege escalation
   DSA 1353    tcpdump                  Arbitrary code execution
   DSA 1355    kdegraphics              Arbitrary code execution
   DSA 1356    Linux 2.6.18             Several vulnerabilities
   DSA 1357    koffice                  Arbitrary code execution
   DSA 1358    asterisk                 Several vulnerabilities
   DSA 1359    dovecot                  Directory traversal
   DSA 1360    rsync                    Arbitrary code execution
   DSA 1361    postfix-policyd          Arbitrary code execution
   DSA 1362    lighttpd                 Several vulnerabilities
   DSA 1363    Linux 2.6.18             Several vulnerabilities
   DSA 1364    vim                      Several vulnerabilities
   DSA 1365    id3lib3.8.3              Denial of service
   DSA 1366    clamav                   Several vulnerabilities
   DSA 1367    krb5                     Arbitrary code execution
   DSA 1368    librpcsecgss             Arbitrary code execution
   DSA 1369    gforge                   SQL injection
   DSA 1370    phpmyadmin               Several vulnerabilities
   DSA 1371    phpwiki                  Several vulnerabilities
   DSA 1372    ktorrent                 Directory traversal
   DSA 1372    xorg-server              Privilege escalation
   DSA 1374    jffnms                   Several vulnerabilities
   DSA 1375    OpenOffice.org           Arbitrary code execution
   DSA 1376    kdebase                  Authentication bypass
   DSA 1377    fetchmail                Denial of service
   DSA 1378    Linux 2.6.18             Several vulnerabilities
   DSA 1379    openssl                  Arbitrary code execution    
   DSA 1380    elinks                   Information disclosure
   DSA 1381    Linux 2.6.18             Several vulnerabilities
   DSA 1382    quagga                   Denial of service
   DSA 1383    gforge                   Cross-site scripting
   DSA 1384    xen-utils                Several vulnerabilities
   DSA 1385    xfs                      Arbitrary code execution
   DSA 1386    wesnoth                  Denial of service
   DSA 1387    librpcsecgss             Arbitrary code execution
   DSA 1388    dhcp                     Arbitrary code execution
   DSA 1389    zoph                     SQL injection
   DSA 1390    t1lib                    Arbitrary code execution
   DSA 1391    icedove                  Several vulnerabilities
   DSA 1392    xulrunner                Several vulnerabilities 
   DSA 1393    xfce4-terminal           Arbitrary command execution
   DSA 1394    reprepro                 Authentication bypass
   DSA 1395    xen-utils                File truncation
   DSA 1396    iceweasel                Several vulnerabilities
   DSA 1397    mono                     Integer overflow
   DSA 1398    perdition                Arbitrary code execution
   DSA 1400    perl                     Arbitrary code execution
   DSA 1401    iceape                   Several vulnerabilities
   DSA 1402    gforge                   Several vulnerabilities
   DSA 1403    phpmyadmin               Cross-site scripting
   DSA 1404    gallery2                 Privilege escalation
   DSA 1405    zope-cmfplone            Arbitrary code execution
   DSA 1406    horde3                   Several vulnerabilities
   DSA 1407    cupsys                   Arbitrary code execution
   DSA 1408    kdegraphics              Arbitrary code execution
   DSA 1409    samba                    Several vulnerabilities
   DSA 1410    ruby1.8                  Insecure SSL certificate validation
   DSA 1412    ruby1.9                  Insecure SSL certificate validation
   DSA 1413    mysql                    Several vulnerabilities
   DSA 1414    wireshark                Several vulnerabilities
   DSA 1415    tk8.4                    Arbitrary code execution
   DSA 1416    tk8.3                    Arbitrary code execution
   DSA 1417    asterisk                 SQL injection
   DSA 1418    cacti                    SQL injection
   DSA 1419    OpenOffice.org           Arbitrary Java code execution  
   DSA 1420    zabbix                   Privilege escalation
   DSA 1421    wesnoth                  Arbitrary file disclosure
   DSA 1422    e2fsprogs                Arbitrary code execution
   DSA 1423    sitebar                  Several vulnerabilities
   DSA 1424    iceweasel                Several vulnerabilities
   DSA 1425    xulrunner                Several vulnerabilities
   DSA 1426    qt-x11-free              Several vulnerabilities
   DSA 1427    samba                    Arbitrary code execution
   DSA 1428    Linux 2.6.18             Several vulnerabilities
   DSA 1429    htdig                    Cross-site scripting
   DSA 1430    libnss-ldap              Denial of service
   DSA 1431    ruby-gnome2              Arbitrary code execution
   DSA 1432    link-grammar             Arbitrary code execution
   DSA 1433    centericq                Arbitrary code execution
   DSA 1434    mydns                    Denial of service
   DSA 1435    clamav                   Several vulnerabilities
   DSA 1436    Linux 2.6.18             Several vulnerabilities

The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:



The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.

Reply to: