Debian GNU/Linux 3.1 updated

September 1st, 2006

The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename sarge). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the apt package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

http://www.debian.org/mirror/list

Debian-Installer Update

In order to make available updated Linux kernel packages in the Debian installer it had to be updated as well. To accomplish this the following packages also required an update: base-config, base-installer, debian-installer and preseed.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
evms Fixes system lockup on boot
evolution-webcal Getting architectures back in sync
glibc Fixes build failures
grub Preparations for etch kernels
kazehakase Corrects segmentation faults
octaviz Corrects library path
perl Corrects problems with UTF-8/taint fix and Tk
python-pgsql Corrects regression due to PostgreSQL update
vlan Corrects interface settings
wzdftpd Corrects wrong dependencies

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package(s) Correction(s)
DSA-725 ppxpLocal root exploit
DSA-986 gnutls11Arbitrary code execution
DSA-1017 kernel-source-2.6.8Several vulnerabilities
DSA-1018 kernel-source-2.4.27Several vulnerabilities
DSA-1027 mailmanDenial of service
DSA-1032 zope-cmfploneUnprivileged data manipulation
DSA-1035 fcheckInsecure temporary file creation
DSA-1036 bsdgamesLocal privilege escalation
DSA-1037 zgvArbitrary code execution
DSA-1038 xzgvArbitrary code execution
DSA-1039 blenderSeveral vulnerabilities
DSA-1040 gdmLocal root exploit
DSA-1041 abc2psArbitrary code execution
DSA-1042 cyrus-sasl2Denial of service
DSA-1043 abcmidiArbitrary code execution
DSA-1044 mozilla-firefoxSeveral vulnerabilities
DSA-1045 openvpnArbitrary code execution
DSA-1046 mozillaSeveral vulnerabilities
DSA-1047 resmgrUnauthorised access
DSA-1048 asteriskArbitrary code execution
DSA-1049 etherealSeveral vulnerabilities
DSA-1050 clamavArbitrary code execution
DSA-1051 mozilla-thunderbirdSeveral vulnerabilities
DSA-1052 cgiircArbitrary code execution
DSA-1053 mozillaArbitrary code execution
DSA-1054 tiffArbitrary code execution
DSA-1055 mozilla-firefoxArbitrary code execution
DSA-1056 webcalendarInformation leak
DSA-1057 phpldapadminCross-site scripting
DSA-1058 awstatsArbitrary command execution
DSA-1059 quaggaSeveral vulnerabilities
DSA-1060 kernel-patch-vserverPrivilege escalation
DSA-1061 popfileDenial of service
DSA-1062 kphoneInsecure file creation
DSA-1063 phpgroupwareCross-site scripting
DSA-1064 cscopeArbitrary code execution
DSA-1065 hostapdDenial of service
DSA-1066 phpbb2Cross-site scripting
DSA-1068 fbiDenial of service
DSA-1072 nagiosArbitrary code execution
DSA-1073 mysql-dfsg-4.1Several vulnerabilities
DSA-1074 mpg123Arbitrary code execution
DSA-1075 awstatsArbitrary command execution
DSA-1076 lynxDenial of service
DSA-1078 tiffDenial of service
DSA-1079 mysql-dfsgSeveral vulnerabilities
DSA-1080 dovecotDirectory traversal
DSA-1081 libextractorArbitrary code execution
DSA-1083 motorArbitrary code execution
DSA-1084 typespeedArbitrary code execution
DSA-1085 lynx-curSeveral vulnerabilities
DSA-1086 xmcdDenial of service
DSA-1087 postgresqlEncoding vulnerabilities
DSA-1088 centericqArbitrary code execution
DSA-1090 spamassassinArbitrary command execution
DSA-1091 tiffArbitrary code execution
DSA-1092 mysql-dfsg-4.1SQL injection
DSA-1093 xineArbitrary code execution
DSA-1094 gforgeCross-site scripting
DSA-1095 freetypeSeveral vulnerabilities
DSA-1096 webcalendarArbitrary code execution
DSA-1097 kernel-source-2.4.27Several vulnerabilities
DSA-1098 horde3Cross-site scripting
DSA-1099 horde2Cross-site scripting
DSA-1100 wv2Integer overflow
DSA-1101 courierDenial of service
DSA-1102 pinballPrivilege escalation
DSA-1103 kernel-source-2.6.8Several vulnerabilities
DSA-1104 openoffice.orgSeveral vulnerabilities
DSA-1105 xine-libDenial of service
DSA-1106 pppPrivilege escalation
DSA-1107 gnupgDenial of service
DSA-1108 muttArbitrary code execution
DSA-1109 rsshPrivilege escalation
DSA-1110 sambaDenial of service
DSA-1111 kernel-source-2.6.8Privilege escalation
DSA-1112 mysql-dfsg-4.1Several vulnerabilities
DSA-1113 zope2.7Information disclosure
DSA-1114 hashcashArbitrary code execution
DSA-1115 gnupg2Denial of service
DSA-1116 gimpArbitrary code execution
DSA-1117 libgd2Denial of service
DSA-1118 mozillaSeveral vulnerabilities
DSA-1119 hikiDenial of service
DSA-1120 mozilla-firefoxSeveral vulnerabilities
DSA-1121 postgreyDenial of service
DSA-1122 libnet-server-perlDenial of service
DSA-1123 libdumbArbitrary code execution
DSA-1124 fbiPotential deletion of user data
DSA-1125 drupalCross-site scripting
DSA-1126 asteriskDenial of service
DSA-1127 etherealSeveral vulnerabilities
DSA-1128 heartbeatLocal denial of service
DSA-1129 osirisArbitrary code execution
DSA-1130 sitebarCross-site scripting
DSA-1131 apacheArbitrary code execution
DSA-1132 apache2Arbitrary code execution
DSA-1133 mantisCross-site scripting
DSA-1134 mozilla-thunderbirdSeveral vulnerabilities
DSA-1135 libtunepimpArbitrary code execution
DSA-1136 gpdfDenial of service
DSA-1137 tiffSeveral vulnerabilities
DSA-1138 cfsDenial of service
DSA-1139 ruby1.6Privilege escalation
DSA-1140 gnupgDenial of service
DSA-1141 gnupg2Denial of service
DSA-1142 freecivArbitrary code execution
DSA-1143 dhcpDenial of service
DSA-1144 chmlibDenial of service
DSA-1145 freeradiusSeveral vulnerabilities
DSA-1146 krb5Privilege escalation
DSA-1147 drupalCross-site scripting
DSA-1148 gallerySeveral vulnerabilities
DSA-1149 ncompressPotential code execution
DSA-1150 shadowPrivilege escalation
DSA-1151 heartbeatDenial of service
DSA-1153 clamavArbitrary code execution
DSA-1154 squirrelmailInformation disclosure
DSA-1155 sendmailDenial of service
DSA-1159 mozilla-thunderbirdSeveral vulnerabilities

A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

http://release.debian.org/stable/3.1/3.1r3/

URLs

The complete lists of packages that have changed with this release:

http://ftp.debian.org/debian/dists/sarge/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates/

Stable distribution information (release notes, errata, etc.):

http://www.debian.org/releases/stable/

Security announcements and information:

http://security.debian.org/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.