Debian GNU/Linux 4.0 updated
contributed by aba, published on Thu Aug 16 00:21:36 2007 in news, release
Debian GNU/Linux 4.0 updated
The Debian project has updated the stable distribution Debian GNU/Linux 4.0 (codename Etch). This update adds security updates to the stable release, together with a few corrections to serious problems. As always, the first point release also corrects a few issues that have been noticed too late in the release process to stop the release, but still should be fixed.
This point release for Etch also includes an updated release of the installer, which includes the following changes:
- kernels used in the installer have been updated to ABI 2.6.18-5; as a result, some "small" images (for example netboot and floppy images) included with the original Etch release will no longer work (but the new images included with the point release will work, as well as the full CD/DVD images from both the original release as well as from this point release)
- updated mirror list
- support added for certain USB CD drives that were not being detected
- incorrect setup of gksu fixed when user chooses to install with the root account disabled; this prevented the execution of administrative tasks in GNOME
- important translation fixes in partman for Catalan and Romanian
Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 DVDs/CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images will be available within the next week at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
http://www.debian.org/distrib/ftplistMiscellaneous Bugfixes
This stable update adds a few important corrections to the following packages.
Package Reason apache2 Fix #423653 and #419552; better documentation apache2-mpm-itk Rebuild against apache2 2.2.3-4+etch1. apt-setup Default suite to code name. cdrom-detect Scan also for things that look like USB floppies. choose-mirror Update mirrors list. debian-archive-keyring Adding debian volatile keyring debian-installer-utils Support scanning for USB sticks and discs that are misdetected as floppies. debian-installer Updates for the 2.6.18-5-kernels and misc fixes debootstrap Add support for lenny. desktop-base Fix kde default wallpaper appearance between kdm to ksplash switch. epiphany-browser Add language to gconf defaults fai-kernels Include arcmsr scsi-driver which is included in the etch kernels file Fix possible denial of service glibc Fix CPU hog on 64 bits machines, dependencies of nscd, wrong assertion and unaligned memory access gnome-mount Rebuild against libeel2-2.14 initramfs-tools Added missing esp module to scsi modules list so it gets installed in the initrd kernel-wedge Reupload to match packages in r1 libofa Rebuild in a clean environment. librsvg Fix dependency (#403977) lifelines Fix file conflict by versioning a dependency. lilo-installer Support multiple disks when devfs device names are used linux-latest-2.6 Assist upgrade to new linux-2.6 ABI lsb Don't remove PID files of daemons that aren't actually killed madwifi Fix two remote and one local DoS mail-notification Fix uninstallability on sparc mixmaster Fix buffer overflow in mixmaster (#418662) mozilla-traybiff less restrict depends on icedove-dev mpop fix CVE-2007-1558 mutt Add imap_close_connection to fully reset IMAP state nano Fix segfaults. neon26 Fix kerberos authentication. nfs-utils Fix memory leaks. openoffice.org Fix crashes when saving files. orage Memory leak orbit2 Allow non-local IPv4. partman-auto d-i translation update partman-partitioning d-i translation update php5 Fix regression in single quote escaping. pppconfig Fix upgrade issue from sarge, #418350 rdesktop Segfault regression caused by libx11-6 security fix prior Etch release tetex-base Ease transition to texlive, #420390 trac Fix CSS and remote exploitable issues. user-setup Fix chroot calls to properly setup gksu alternatives. vice Regression caused by libx11-6 security fix prior Etch release xorg Updated conflicts for easier upgrades and corrected dependencies for x11-common.
Removed Package
This package has been removed due to non-fixable issues:
vdrift: license issues, #420965
Missing Builds
One or more missing or out-of-date architectures have been added to these packages in this point release:
asterisk-chan-capi banshee codespeak-lib democracyplayer dfsbuild dwm dwm-tools hpodder ivtv mercurial metar ocp pekwm rlwrap setpwc slcfitsio stalin twinkle xfce4-session xserver-xorg-input-acecad xserver-xorg-input-evdev xserver-xorg-input-joystick xserver-xorg-input-keyboard xserver-xorg-input-mouse xserver-xorg-input-summa xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-i128 xserver-xorg-video-nsc xserver-xorg-video-nv xserver-xorg-video-rendition xserver-xorg-video-s3 xserver-xorg-video-savage xserver-xorg-video-sis xserver-xorg-video-tseng xserver-xorg-video-via xserver-xorg-video-voodoo
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates.
Advisory ID Package(s) Correction(s) DSA 1280 aircrack-ng Fix remote exploitable buffer overflow DSA 1281 clamav Fix several remote vulnerabilities DSA 1282 php4 Fix several remote vulnerabilities DSA 1283 php5 Fix several vulnerabilities DSA 1284 qemu Fix several vulnerabilities DSA 1285 wordpress Fix multiple vulnerabilities DSA 1286 linux-2.6 Fix several vulnerabilities (superseded by DSA 1289) DSA 1288 pptpd Fix denial of service vulnerability DSA 1289 linux-2.6 Fix several vulnerabilities DSA 1290 squirrelmail Fix cross-site scripting DSA 1291 samba Fix multiple vulnerabilities DSA 1292 qt4-x11 Fix missing input validation DSA 1293 quagga Fix denial of service vulnerability DSA 1295 php5 Fix several vulnerabilities DSA 1296 php4 Fix privilige escalation DSA 1297 gforge-plugin-scmcvs Fix arbitrary shell command execution DSA 1298 otrs2 Fix cross-site scripting DSA 1299 ipsec-tools Fix denial of service vulnerability DSA 1300 iceape Fix several vulnerabilities DSA 1301 gimp Fix arbitrary code execution DSA 1302 freetype Fix integer overflow DSA 1303 lighttpd Fix denial of service vulnerability DSA 1305 icedove Fix several vulnerabilities DSA 1306 xulrunner Fix several vulnerabilities DSA 1307 openoffice.org Fix arbitrary code execution DSA 1309 postgresql-8.1 Fix privilage escalation. DSA 1310 libexif Fix integer overflow DSA 1311 postgresql-7.4 Fix privilige escalation. DSA 1312 libapache-mod-jk Fix information disclosure DSA 1313 mplayer Fix arbitrary code execution DSA 1314 open-iscsi Fix several vulnerabilities DSA 1315 libphp-phpmailer Fix arbitrary shell command execution DSA 1316 emacs21 Fix denial of service vulnerability DSA 1318 ekg Fix denial of service vulnerability
The complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
http://release.debian.org/stable/4.0/4.0r1/URLs
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/etch/ChangeLogThe current stable distribution:
http://ftp.debian.org/debian/dists/etchProposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updatesStable distribution information (release notes, errata etc.):
http://www.debian.org/releases/etch/Security announcements and information:
http://www.debian.org/security/