Debian GNU/Linux 4.0 updated
December 27th, 2007
The Debian project is pleased to announce the second update of its stable distribution Debian GNU/Linux 4.0 (codename etch). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems.
Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Debian-Installer Update
The installer has been updated to use and support the updated kernels included in this release. This change causes old netboot and floppy images to stop working; updated versions are available from the regular locations.
Other changes include stability improvements in specific situations, improved serial console support when configuring grub, and added support for SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs (mips).
Miscellaneous Bugfixes
This stable update adds several binary updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages:
Package | Reason |
---|---|
apache2 | Fix of several CVEs |
apache2-mpm-itk | Rebuild for apache2 rebuilds |
boson | Rebuild against lib3ds-dev |
cdebconf | Fix of several memory leaks |
debconf | Fix possible hangs during netboot installs |
dosemu-freedos | Remove unused non-free code |
enigmail | Fix regression introduced by icedove 1.5.0.10 |
fai-kernels | Recompile for Linux Kernel rebuilds |
findutils | Fix locate heap buffer overflow (CVE-2007-2452) |
flashplugin-nonfree | New upstream release fixes security problems |
glibc | Fix nscd crash |
gnome-hearts | Added missing dependency |
gnome-panel | Fix authentication bypass |
iceweasel-l10n | Remove roa-es-val translation and updated ca package description |
joystick | Bring architectures back in sync |
kernel-patch-openvz | Rebuild for Debian Kernel rebuild |
klibc | Fixes nfsroot on mips(el) |
lib3ds | Fix strict-aliasing errors |
libdbi-perl | Fix potential dataloss |
libmarc-charset-perl | Bring architectures back in sync |
libnarray-ruby | Rebuild against current ruby1.8 to fix a wrong library install directory |
linux-latest-2.6 | Rebuild for Linux Kernel rebuild |
lvm2 | Fix to work correctly with striped lvm1 metadata |
mpop | Rebuild against etch (i386 only) |
multipath-tools | Changed priority of initscript |
opal | Fix CVE-2007-4924 |
openscenegraph | Bring architectures back in sync |
openvpn | Rebuild against liblzo2 to fix general protection errors |
pam | Fix CVE-2005-2977 |
po4a | Fix CVE-2007-4462 |
postgresql-8.1 | Fix regression introduced in 8.1.9 |
pwlib | Fix CVE-2007-4897 |
pygresql | Fix package dependency on libpq |
sear | Rebuild against lib3ds-dev |
tzdata | Recent timezone updates |
unace | Make program 64bit clean |
user-mode-linux | Rebuild for Debian Kernel rebuild |
uswsusp | Fix regression |
view3ds | Rebuild against lib3ds-dev |
viewcvs | Fix interoperability with etch CVS |
wesnoth | Fix CVE-2007-6201 |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-1288 | pptpd | Denial of service |
DSA-1317 | tinymux | Buffer overflow |
DSA-1319 | maradns | Denial of service |
DSA-1320 | clamav | Several vulnerabilities |
DSA-1321 | evolution-data-server | Arbitrary code execution |
DSA-1322 | wireshark | Denial of service |
DSA-1323 | krb5 | Several vulnerabilities |
DSA-1324 | hiki | Missing input sanitising |
DSA-1325 | evolution | Arbitrary code execution |
DSA-1326 | fireflier | Unsafe temporary files |
DSA-1327 | gsambad | Unsafe temporary files |
DSA-1328 | unicon | Buffer overflow |
DSA-1330 | php5 | Arbitrary code execution |
DSA-1331 | php4 | Arbitrary code execution |
DSA-1332 | vlc | Arbitrary code execution |
DSA-1333 | curl | Certificate handling |
DSA-1335 | gimp | Arbitrary code execution |
DSA-1337 | xulrunner | Several vulnerabilities |
DSA-1338 | iceweasel | Several vulnerabilities |
DSA-1339 | iceape | Several vulnerabilities |
DSA-1340 | clamav | Denial of service |
DSA-1341 | bind9 | DNS cache poisoning |
DSA-1342 | xfs | Privilege escalation |
DSA-1343 | file | Arbitrary code execution |
DSA-1344 | iceweasel | Several vulnerabilities |
DSA-1345 | xulrunner | Several vulnerabilities |
DSA-1346 | iceape | Several vulnerabilities |
DSA-1347 | xpdf | Arbitrary code execution |
DSA-1348 | poppler | Arbitrary code execution |
DSA-1351 | bochs | Privilege escalation |
DSA-1353 | tcpdump | Arbitrary code execution |
DSA-1355 | kdegraphics | Arbitrary code execution |
DSA-1356 | linux-2.6 | Several vulnerabilities |
DSA-1357 | koffice | Arbitrary code execution |
DSA-1358 | asterisk | Several vulnerabilities |
DSA-1359 | dovecot | Directory traversal |
DSA-1360 | rsync | Arbitrary code execution |
DSA-1361 | postfix-policyd | Arbitrary code execution |
DSA-1362 | lighttpd | Several vulnerabilities |
DSA-1363 | linux-2.6 | Several vulnerabilities |
DSA-1364 | vim | Several vulnerabilities |
DSA-1365 | id3lib3.8.3 | Denial of service |
DSA-1366 | clamav | Several vulnerabilities |
DSA-1367 | krb5 | Arbitrary code execution |
DSA-1368 | librpcsecgss | Arbitrary code execution |
DSA-1369 | gforge | SQL injection |
DSA-1370 | phpmyadmin | Several vulnerabilities |
DSA-1371 | phpwiki | Several vulnerabilities |
DSA-1372 | xorg-server | Privilege escalation |
DSA-1373 | ktorrent | Directory traversal |
DSA-1374 | jffnms | Several vulnerabilities |
DSA-1375 | OpenOffice.org | Arbitrary code execution |
DSA-1376 | kdebase | Authentication bypass |
DSA-1377 | fetchmail | Denial of service |
DSA-1378 | linux-2.6 | Several vulnerabilities |
DSA-1379 | openssl | Arbitrary code execution |
DSA-1380 | elinks | Information disclosure |
DSA-1381 | linux-2.6 | Several vulnerabilities |
DSA-1382 | quagga | Denial of service |
DSA-1383 | gforge | Cross-site scripting |
DSA-1384 | xen-utils | Several vulnerabilities |
DSA-1385 | xfs | Arbitrary code execution |
DSA-1386 | wesnoth | Denial of service |
DSA-1387 | librpcsecgss | Arbitrary code execution |
DSA-1388 | dhcp | Arbitrary code execution |
DSA-1389 | zoph | SQL injection |
DSA-1390 | t1lib | Arbitrary code execution |
DSA-1391 | icedove | Several vulnerabilities |
DSA-1392 | xulrunner | Several vulnerabilities |
DSA-1393 | xfce4-terminal | Arbitrary command execution |
DSA-1394 | reprepro | Authentication bypass |
DSA-1395 | xen-utils | File truncation |
DSA-1396 | iceweasel | Several vulnerabilities |
DSA-1397 | mono | Integer overflow |
DSA-1398 | perdition | Arbitrary code execution |
DSA-1400 | perl | Arbitrary code execution |
DSA-1401 | iceape | Several vulnerabilities |
DSA-1402 | gforge | Several vulnerabilities |
DSA-1403 | phpmyadmin | Cross-site scripting |
DSA-1404 | gallery2 | Privilege escalation |
DSA-1405 | zope-cmfplone | Arbitrary code execution |
DSA-1406 | horde3 | Several vulnerabilities |
DSA-1407 | cupsys | Arbitrary code execution |
DSA-1408 | kdegraphics | Arbitrary code execution |
DSA-1409 | samba | Several vulnerabilities |
DSA-1410 | ruby1.8 | Insecure SSL certificate validation |
DSA-1412 | ruby1.9 | Insecure SSL certificate validation |
DSA-1413 | mysql | Several vulnerabilities |
DSA-1414 | wireshark | Several vulnerabilities |
DSA-1415 | tk8.4 | Arbitrary code execution |
DSA-1416 | tk8.3 | Arbitrary code execution |
DSA-1417 | asterisk | SQL injection |
DSA-1418 | cacti | SQL injection |
DSA-1419 | OpenOffice.org | Arbitrary Java code execution |
DSA-1420 | zabbix | Privilege escalation |
DSA-1421 | wesnoth | Arbitrary file disclosure |
DSA-1422 | e2fsprogs | Arbitrary code execution |
DSA-1423 | sitebar | Several vulnerabilities |
DSA-1424 | iceweasel | Several vulnerabilities |
DSA-1425 | xulrunner | Several vulnerabilities |
DSA-1426 | qt-x11-free | Several vulnerabilities |
DSA-1427 | samba | Arbitrary code execution |
DSA-1428 | linux-2.6 | Several vulnerabilities |
DSA-1429 | htdig | Cross-site scripting |
DSA-1430 | libnss-ldap | Denial of service |
DSA-1431 | ruby-gnome2 | Arbitrary code execution |
DSA-1432 | link-grammar | Arbitrary code execution |
DSA-1433 | centericq | Arbitrary code execution |
DSA-1434 | mydns | Denial of service |
DSA-1435 | clamav | Several vulnerabilities |
DSA-1436 | linux-2.6 | Several vulnerabilities |
A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
URLs
The complete lists of packages that have changed with this release:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.