[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian GNU/Linux 4.0 updated

The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press@debian.org
February 10th, 2009             http://www.debian.org/News/2000/20090210

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the seventh update of its
stable distribution Debian GNU/Linux 4.0 (codename "etch").  This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:


Miscellaneous Bugfixes

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

	Package				Reason

	crip                   Fix possible symlink vulnerability (CVE-2008-5376)
	devscripts             Fix insecure creation of temporary directories
	fai-kernels            Rebuilt against linux-2.6 update
	glibc                  Change currency for Slovakia and Slovenia to Euro
	glpi                   Replace domxml-php5-php5.php by a LGPL version
	gnumeric               Fix untrusted search path vulnerability (CVE-2009-0318)
	linux-2.6.24           Fix several issues
	linux-ftpd-ssl         Fix cross-site request forgery (CVE-2008-4247)
	muttprint              Fix possible symlink vulnerability (CVE-2008-5368)
	tagcoll                Fix packaging bug
	tkman                  fix temporary file race (CVE-2008-5137)

Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

    Advisory ID       Package                 Correction(s)

    DSA 1622          newsx                   Arbitrary code execution
    DSA 1678          perl                    Privilege escalation
    DSA 1685          uw-imap                 Multiple vulnerabilities
    DSA 1686          no-ip                   Arbitrary code execution
    DSA 1688          courier-authlib         SQL injection
    DSA 1689          proftpd-dfsg            Cross-Site Request Forgery
    DSA 1690          avahi                   Denial of service
    DSA 1691          moodle                  Several vulnerabilities
    DSA 1692          php-xajax               Cross-site scripting
    DSA 1693          phppgadmin              Several vulnerabilities
    DSA 1694          xterm                   Remote code execution
    DSA 1695          ruby1.8, ruby1.9        Denial of service
    DSA 1696          icedove                 Several vulnerabilities
    DSA 1697          iceape                  Several vulnerabilities
    DSA 1698          gforge                  SQL injection
    DSA 1699          zaptel                  Privilege escalation
    DSA 1700          lasso                   Validation bypass
    DSA 1701          openssl, openssl097     Cryptographic weakness
    DSA 1702          ntp                     Cryptographic weakness
    DSA 1703          bind9                   Cryptographic weakness
    DSA 1704          xulrunner               Several vulnerabilities
    DSA 1705          netatalk                Arbitrary code execution
    DSA 1706          amarok                  Arbitrary code execution
    DSA 1707          iceweasel               Several vulnerabilities
    DSA 1708          git-core                Remote code execution
    DSA 1709          shadow                  Possible privilege escalation
    DSA 1710          ganglia-monitor-core    Remote code execution
    DSA 1715          moin                    Insufficient input sanitising

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:


Removed packages

The following packages were removed due to circumstances beyond our control:

    Package                    Reason

    tmsnc                      Security problems, protocol outdated


The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press@debian.org>, or
contact the stable release team at <debian-release@lists.debian.org>.

Reply to: