Debian GNU/Linux 3.1 updated

November 6th, 2006

The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included in the stable release. There is no need to throw away 3.1 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.

Upgrade CD and DVD images will be created soon. No new installation images will be created. Users are advised to update their system against an official Debian mirror after a new installation and update the kernel instead. For the next update new images are anticipated.

Upgrading to this revision online is usually done by pointing the apt package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

http://www.debian.org/mirror/list

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
deal Fixes segfault on 64bit platforms
devmapper Creates LVM devices with appropriate permissions

This update also fixes an error in Debian-Installer for Sparc32 that was introduced with the last stable update (r3).

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package(s) Correction(s)
DSA-1152 python-docutilsInformation disclosure
DSA-1152 tracInformation disclosure
DSA-1156 kdebaseInformation disclosure
DSA-1157 ruby1.8Several vulnerabilities
DSA-1158 streamripperArbitrary code execution
DSA-1159 mozilla-thunderbirdSeveral vulnerabilities
DSA-1160 mozillaSeveral vulnerabilities
DSA-1161 mozilla-firefoxSeveral vulnerabilities
DSA-1162 libmusicbrainzArbitrary code execution
DSA-1163 gtetrinetArbitrary code execution
DSA-1164 sendmailDenial of service
DSA-1165 capi4hylafaxArbitrary command execution
DSA-1166 cheesetrackerArbitrary code execution
DSA-1167 apacheSeveral vulnerabilities
DSA-1168 imagemagickArbitrary code execution
DSA-1169 mysql-dfsg-4.1Several vulnerabilities
DSA-1170 gcc-3.4Directory traversal in fastjar
DSA-1171 etherealArbitrary code execution
DSA-1172 bind9Denial of service
DSA-1173 opensslRSA signature forgery cryptographic weakness
DSA-1174 openssl096RSA signature forgery cryptographic weakness
DSA-1175 isakmpdReplay protection bypass
DSA-1176 zope2.7Information disclosure
DSA-1177 userminDenial of service
DSA-1178 freetypeArbitrary code execution
DSA-1179 alsaplayerDenial of service
DSA-1180 bombercloneSeveral vulnerabilities
DSA-1181 gzipArbitrary code execution
DSA-1182 gnutls11RSA signature forgery cryptographic weakness
DSA-1183 Kernel2.4.27
DSA-1184 Kernel2.6.8
DSA-1185 opensslArbitrary code execution
DSA-1186 cscopeArbitrary code execution
DSA-1187 migrationtoolsDenial of service
DSA-1188 mailmanSeveral vulnerabilities
DSA-1189 openssh-krb5Potential arbitrary code execution
DSA-1190 maxdb-7.5.00Arbitrary code execution
DSA-1191 mozilla-thunderbirdSeveral vulnerabilities
DSA-1192 mozillaSeveral vulnerabilities
DSA-1194 libwmfArbitrary code execution
DSA-1195 openssl096Denial of service

A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

http://release.debian.org/stable/3.1/3.1r4/

URLs

The complete lists of packages that have changed with this release:

http://ftp.debian.org/debian/dists/sarge/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates/

Stable distribution information (release notes, errata, etc.):

http://www.debian.org/releases/stable/

Security announcements and information:

http://security.debian.org/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.