Fwd: Debian GNU/Linux 4.0 updated

Romana Challans timelady at gmail.com
Fri Oct 24 10:52:57 CST 2008


---------- Forwarded message ----------
From: Alexander Reichle-Schmehl <tolimar at debian.org>
Date: Fri, Oct 24, 2008 at 8:31 AM
Subject: Debian GNU/Linux 4.0 updated
To: debian-announce at lists.debian.org


------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press at debian.org
October 23rd, 2008              http://www.debian.org/News/2008/20081023
------------------------------------------------------------------------

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the fifth update of its stable
distribution Debian GNU/Linux 4.0 (codename "etch").  This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update via an
up-to-date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

   <http://www.debian.org/distrib/ftplist>


Miscellaneous Bugfixes
----------------------

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

   Package                     Reason

   apache2                     Fix several vulnerabilities
   apache2-mpm-itk             Rebuild against apache2 and fix hanging
processes on restart/shutdown
   blosxom                     Fix XSS
   dist                        Fix insecure temp file usage
   fai-kernels                 Fix xfs corruption / Xen crash
   feta                        Fix insecure temp file usage
   git-core                    Support download of packs v2 through
dumb transports
   goby                        Rebuild against net6
   irqbalance                  Fix segfault when /proc/interrupts
contains an interrupt with a number of 256 or larger
   jumpnbump                   Fix insecure handling of /tmp
   libpam-pwdfile              Use gcc instead of ld
   linux-2.6                   Fix xfs corruption / Xen crash
   myspell                     Fix insecure temp file usage
   net6                        Fix object access after deallocation
   obby                        Rebuild against new net6
   postgresql-8.1              Upstream bugfix release 8.1.13
   sobby                       Rebuild against new net6
   trac                        Fix multiple vulnerabilities
   tzdata                      Updates to several timezones and
daylight saving times settings
   user-mode-linux             Fix xfs corruption / Xen crash
   wdiff                       Fix race condition related to temporary files


Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

   Advisory ID         Package                 Correction(s)

   DSA 1597            mt-daapd                Fix several
vulnerabilities (fixes for regression)
   DSA 1614            iceweasel               Fix several vulnerabilities
   DSA 1615            xulrunner               Fix several vulnerabilities
   DSA 1616            clamav                  Fix denial of service
   DSA 1617            refpolicy               Fix incompatible policy
   DSA 1618            ruby1.9                 Fix several vulnerabilities
   DSA 1619            python-dns              Fix DNS response spoofing
   DSA 1620            python2.5               Fix several vulnerabilities
   DSA 1621            icedove                 Fix several vulnerabilities
   DSA 1622            newsx                   Fix arbitrary code execution
   DSA 1623            dnsmasq                 Fix cache poisoning
   DSA 1624            libxslt                 Fix arbitrary code execution
   DSA 1625            cupsys                  Fix arbitrary code execution
   DSA 1626            httrack                 Fix arbitrary code execution
   DSA 1627            opensc                  Fix smart card vulnerability
   DSA 1628            pdns                    Fix DNS response spoofing
   DSA 1629            postfix                 Fix programming error
   DSA 1630            linux-2.6               Fix several vulnerabilities
   DSA 1630            fai-kernels             Fix several vulnerabilities
   DSA 1630            user-mode-linux         Fix several vulnerabilities
   DSA 1631            libxml2                 Fix denial of service
   DSA 1632            tiff                    Fix arbitrary code execution
   DSA 1633            slash                   Fix multiple vulnerabilities
   DSA 1634            wordnet                 Fix arbitrary code execution
   DSA 1636            linux-2.6.24            Fix denial of service /
information leak
   DSA 1638            openssh                 Fix denial of service
   DSA 1639            twiki                   Fix arbitrary code execution
   DSA 1640            python-django           Fix several vulnerabilities
   DSA 1641            phpmyadmin              Fix several vulnerabilities
   DSA 1642            horde3                  Fix cross site scripting
   DSA 1643            feta                    Fix insecure temp file usage
   DSA 1644            mplayer                 Fix integer overflows
   DSA 1645            lighttpd                Fix various problems
   DSA 1646            squid                   Fix array bounds check
   DSA 1647            php5                    Fix several vulnerabilities
   DSA 1648            mon                     Fix insecure temporary files
   DSA 1649            iceweasel               Fix several vulnerabilities
   DSA 1650            openldap2.3             Fix denial of service
   DSA 1651            ruby1.8                 Fix several vulnerabilities
   DSA 1652            ruby1.9                 Fix several vulnerabilities
   DSA 1653            linux-2.6               Fix several vulnerabilities
   DSA 1653            fai-kernels             Fix several vulnerabilities
   DSA 1653            user-mode-linux         Fix several vulnerabilities
   DSA 1654            libxml2                 Fix execution of arbitrary code
   DSA 1655            linux-2.6.24            Fix several vulnerabilities

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

 <http://release.debian.org/stable/4.0/4.0r5/>


Removed packages
----------------

The following packages were removed due to circumstances beyond our control:

   Package                     Reason

   f-prot-installer            Obsolete

URLs
----

The complete lists of packages that have changed with this revision:

 <http://ftp.debian.org/debian/dists/etch/ChangeLog>

The current stable distribution:

 <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

 <http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

 <http://www.debian.org/releases/stable/>

Security announcements and information:

 <http://www.debian.org/security/>


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.


Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press at debian.org>, or
contact the stable release team at <debian-release at lists.debian.org>.


--
To UNSUBSCRIBE, email to debian-announce-REQUEST at lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org




-- 
  Romana Challans
   -o)   Nothing - well, thats something.
     /\ \  Home                 http://timelady.com/blog/
  _\_V  Social Networks http://timelady.com/blog/socnet/



More information about the linuxsa mailing list