1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
<define-tag pagetitle>Debian GNU/Linux 4.0 updated</define-tag>
<define-tag release_date>2008-02-17</define-tag>
#use wml::debian::news
# $Id$
<define-tag release>4.0</define-tag>
<define-tag codename>etch</define-tag>
<define-tag revision>4.0r3</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td><td align="left">%3</td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
<p>The Debian project is pleased to announce the third update of its
stable distribution Debian GNU/Linux 4.0 (codename <codename>). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.</p>
<p>Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included. There is
no need to throw away 4.0 CDs or DVDs but only to update against
ftp.debian.org after an installation, in order to incorporate those late
changes.</p>
<p>Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.</p>
<p>New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.</p>
<p>Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:</p>
<div class="center">
<a href="$(HOME)/mirror/list">http://www.debian.org/mirror/list</a>
</div>
<h2>Debian-Installer Update</h2>
<p>The installer has been updated to use and support the updated kernels
included in this release. This change causes old netboot and floppy images
to stop working; updated versions are available from the regular locations.</p>
<p>This update also includes stability improvements and added support for
SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs that were announced with
the second update, but were not actually included.</p>
<h2>Important changes</h2>
<p>Updated versions of the bcm43xx-fwcutter package will be distributed via
volatile.debian.org. The package itself will be removed from etch with the
next update.</p>
<p>Flashplugin-nonfree has been removed (see below), as this is closed source
and we don't get security support for it. For security reasons, we
recommend to immediately remove any version of flashplugin-nonfree and any
remaining files of the Adobe Flash Player. Tested updates will be made
available via backports.org.</p>
<h2>Miscellaneous Bugfixes</h2>
<p>This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:</p>
<table border=0>
<tr><th>Package</th> <th>Reason</th></tr>
<correction apache "Fix of several vulnerabilities">
<correction apache2 "Fix of several vulnerabilities">
<correction apache2-mpm-itk "Rebuild for apache2 rebuilds">
<correction bos "Remove non-free content">
<correction clamav "Remove non-free (and undistributable) unrar-code">
<correction cpio "Fix malformed creation of ustar archives">
<correction denyhosts "Fix improper parsing of ssh logfiles">
<correction ircproxy "Fix denial of service">
<correction glibc "Fix sunrpc memory leak">
<correction gpsd "Fix problem with leap years">
<correction ipmitool "Bring architectures back in sync">
<correction kdebase "Add support for latest flash plugin">
<correction kdelibs "Add support for latest flash plugin">
<correction kdeutils "Prevent unauthorised access when hibernated">
<correction libchipcard2 "Add missing dependency">
<correction linux-2.6 "Fix several bugs">
<correction loop-aes "Updated linux-2.6 kernel">
<correction madwifi "Fix possible denial of service">
<correction net-snmp "Fix broken snmpbulkwalk">
<correction ngircd "Fix possible denial of service">
<correction sing "Fix privilege escalation">
<correction sun-java5 "Fix remote program execution">
<correction unrar-nonfree "Fix arbitrary code execution">
<correction viewcvs "Fix cvs parsing">
<correction xorg-server "Fix inline assembler for processors without cpuid">
</table>
<p>These packages are updated to support the newer kernels:</p>
<ul>
<li><srcpkg linux-modules-contrib-2.6></li>
<li><srcpkg linux-modules-extra-2.6></li>
<li><srcpkg linux-modules-nonfree-2.6></li>
<li><srcpkg nvidia-graphics-legacy-modules-amd64></li>
<li><srcpkg nvidia-graphics-legacy-modules-i386></li>
<li><srcpkg nvidia-graphics-modules-amd64></li>
<li><srcpkg nvidia-graphics-modules-i386></li>
</ul>
<h2>Security Updates</h2>
<p>This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:</p>
<table border=0>
<tr><th>Advisory ID</th> <th>Package</th> <th>Correction(s)</th></tr>
<dsa 2007 1405 zope-cmfplone "Arbitrary code execution">
<dsa 2007 1437 cupsys "Several vulnerabilities">
<dsa 2007 1438 tar "Several vulnerabilities">
<dsa 2007 1439 typo3-src "SQL injection">
<dsa 2007 1440 inotify-tools "Arbitrary code execution">
<dsa 2007 1441 peercast "Arbitrary code execution">
<dsa 2007 1442 libsndfile "Arbitrary code execution">
<dsa 2008 1443 tcpreen "Denial of service">
<dsa 2008 1444 php5 "Several vulnerabilities">
<dsa 2008 1445 maradns "Denial of service">
<dsa 2008 1446 wireshark "Denial of service">
<dsa 2008 1447 tomcat5.5 "Several vulnerabilities">
<dsa 2008 1448 eggdrop "Arbitrary code execution">
<dsa 2008 1449 loop-aes-utils "Programming error">
<dsa 2008 1450 util-linux "Programming error">
<dsa 2008 1451 mysql-dfsg-5.0 "Several vulnerabilities">
<dsa 2008 1452 wzdftpd "Denial of service">
<dsa 2008 1453 tomcat5 "Several vulnerabilities">
<dsa 2008 1454 freetype "Arbitrary code execution">
<dsa 2008 1455 libarchive "Several problems">
<dsa 2008 1456 fail2ban "Denial of service">
<dsa 2008 1457 dovecot "Information disclosure">
<dsa 2008 1458 openafs "Denial of service">
<dsa 2008 1459 gforge "SQL injection">
<dsa 2008 1460 postgresql-8.1 "Several vulnerabilities">
<dsa 2008 1461 libxml2 "Denial of service">
<dsa 2008 1462 hplip "Privilege escalation">
<dsa 2008 1463 postgresql-7.4 "Several vulnerabilities">
<dsa 2008 1464 syslog-ng "Denial of service">
<dsa 2008 1465 apt-listchanges "Arbitrary code execution">
<dsa 2008 1466 xorg "Several vulnerabilities">
<dsa 2008 1468 tomcat5.5 "Several vulnerabilities">
<dsa 2008 1469 flac "Arbitrary code execution">
<dsa 2008 1470 horde3 "Denial of service">
<dsa 2008 1471 libvorbis "Several vulnerabilities">
<dsa 2008 1472 xine-lib "Arbitrary code execution">
<dsa 2008 1473 scponly "Arbitrary code execution">
<dsa 2008 1474 exiv2 "Arbitrary code execution">
<dsa 2008 1475 gforge "Cross site scripting">
<dsa 2008 1476 pulseaudio "Privilege escalation">
<dsa 2008 1477 yarssr "Arbitrary shell command execution">
<dsa 2008 1478 mysql-dfsg-5.0 "Several vulnerabilities">
<dsa 2008 1479 fai-kernels "Several vulnerabilities">
<dsa 2008 1479 linux-2.6 "Several vulnerabilities">
<dsa 2008 1483 net-snmp "Denial of service">
<dsa 2008 1484 xulrunner "Several vulnerabilities">
</table>
<p>A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:</p>
<div class="center">
<url "https://release.debian.org/stable/<release>/<revision>/">
</div>
<h2>URLs</h2>
<p>The complete lists of packages that have changed with this
release:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>The current stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/stable/">
</div>
<p>Proposed updates to the stable distribution:</p>
<div class="center">
<url "http://ftp.debian.org/debian/dists/proposed-updates/">
</div>
<p>Stable distribution information (release notes, errata, etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">http://www.debian.org/releases/stable/</a>
</div>
<p>Security announcements and information:</p>
<div class="center">
<a href="$(HOME)/security/">http://security.debian.org/</a>
</div>
<h2>About Debian</h2>
<p>The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating system Debian GNU/Linux.</p>
<h2>Contact Information</h2>
<p>For further information, please visit the Debian web pages at
<a href="$(HOME)/">http://www.debian.org/</a>, send mail to
<press@debian.org>, or contact the stable release team at
<debian-release@lists.debian.org>.</p>
|