Debian GNU/Linux 4.0 updated and support for newer hardware added
July 26th, 2008
The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 4.0 (codename etch). In addition to correcting several security problems and a few serious defects in the stable release, for the first time in Debian's history an update for a stable distribution also adds support for newer hardware by giving users the option to install newer drivers.
Existing Debian GNU/Linux 4.0 installation CDs and DVDs can continue to be used to install this update. After installation, upgrading via an up-to-date Debian mirror will cause any out of date packages to be updated. However, users of the network-console installation method are strongly encouraged to update their media, see the "Debian Installer" portion of this announcement for more information.
Those who install updates frequently from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations.
Upgrading to this revision online should be done by directing the aptitude (or apt) package tool (see the sources.list(5) manual page) at one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
About etch-and-a-half
Etch and a half
is Debian's desire to support hardware that requires
updated drivers. This marks the first time the Debian project updates
several core packages in its stable distribution without security
implications and demonstrates its huge dedication for their users.
Components newer than the first release of Debian GNU/Linux 4.0 (etch
)
that were not supported yet will be detected by an updated installation
routine which is able to install a newer Linux kernel (2.6.24) on the
freshly installed system. This revision includes packages that are based
upon the Linux 2.6.24 kernel as well. Installation of these additional
packages is not required and will not occur by default. The existing
2.6.18-based kernel will continue to be the default kernel for the etch
release.
A more recent version of X.org, the X window system, also contains new drivers that add support to e.g. Geforce 8 series GPUs, intel 965GM, 965GME, G33, Q35, Q33 cards. Dual-head setups are also supported rudimentary.
These packages have been updated or newly introduced through etch-and-a-half
:
Package | Reason |
---|---|
linux-2.6.24 | Updated for new kernel for etchnhalf |
linux-kbuild-2.6.24 | Updated for new kernel for etchnhalf |
linux-latest-2.6-etchnhalf | New kernel for etchnhalf |
xserver-xorg-video-nv | Supporting more hardware |
xserver-xorg-video-intel | Supporting more hardware |
aboot | Fix alpha build, add support for kernels newer than 2.6.23 |
b43-fwcutter | Fix wrongly encoded es.po |
debconf | Make debconf-apt-progress compatible with the Lenny installer |
sysvinit | Update shutdown to work with libata in linux newer than 2.6.23 |
wireless-tools | Update to claim support for WE API in etchnhalf kernel |
Release notes
covering the special features of etch-and-a-half
have been written as well as
a short
update for the installation instructions.
Debian-Installer Update
The Debian-Installer was updated to repair an issue with the network-console installation option. Due to a lack of entropy in how the host key is generated, earlier Debian GNU/Linux 4.0 installers are vulnerable to a man-in-the-middle attack. Two other issues regarding installation on already existing RAID setups and recognizing PowerPC64 system have been fixed as well.
Miscellaneous Bugfixes
This stable update adds several binary updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages:
Package | Reason |
---|---|
apache2 | Fix possible segfault introduced by patch for CVE-2007-6421 |
balsa | Fix for stack-based buffer overflow |
base-installer | Correctly recognize powerpc64 systems |
cbrpager | Backported security fixes from upstream 0.9.18 for CVE-2008-2575 |
chkrootkit | 'Enye' check was killing random applications |
debian-installer | Rebuilt images containing network-console |
dns-flood-detector | Actually write a pid file for start-stop-daemon |
exiv2 | Fix regression in security update |
fai-kernels | Rebuilt against linux-2.6_2.6.18.dfsg.1-21 |
firmware-nonfree | Build-depend on new kernel ABI 2.6-6 |
glibc | Fix nscd host caching and linker script for libraries using TLS |
grub | Fix 1 TiB disk addressing limit |
hal | Allow mounting ntfs volumes from within KDE |
initramfs-tools | Fix MBR checking on md devices and booting with Xen |
kiosktool | Correct the path to the KDE menu file |
licq | Fixing 'ICQ version too old' connection failure |
linux-2.6 | Fix several issues |
partman-lvm | Fix installation with already existing RAID |
pdftohtml | Transition users to poppler-utils |
python-django | Fix cross-site scripting vulnerability |
qsynth | Fix wrongly named desktop file |
qt-x11-free | Ease updates of KDE by hardcoding the unames |
trac | Fix multiple issues |
tzdata | New timezone information |
user-mode-linux | Rebuilt against linux-2.6_2.6.18.dfsg.1-21 |
vzctl | Fix file permission transfer on migrations |
wxmaxima | Fix connection problems making the package unusable |
xpdf | Remove strict versioned dependency on xpdf-utils to fix upgrade |
xpenguins-applet | Avoid double free |
znc | Fix NULL pointer dereferences leading to crashes |
These packages were updated on the specified architecture to bring the architectures back in sync:
Package | Architecture — Reason |
---|---|
apache2-mpm-itk | s390 amd64 sparc powerpc arm i386 mips ia64 alpha mipsel hppa — Rebuilt against updated apache2 |
gtimer | amd64 — Rebuilt against Etch libraries |
kdebase | arm |
kdelibs | arm |
sage | ia64 — Rebuilt against libsdl1.2_1.2.11-8 to kill off dangling .la references |
sear | ia64 — Rebuilt against lib3ds-dev 1.2.0-4.1+etch1 |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package | Correction(s) |
---|---|---|
DSA-1484 | xulrunner | Fix several vulnerabilities |
DSA-1485 | icedove | Fix several vulnerabilities |
DSA-1492 | wml | Clean up temporary files |
DSA-1497 | clamav | Fix several vulnerabilities |
DSA-1498 | libimager-perl | Fix arbitrary code execution |
DSA-1499 | pcre3 | Fix arbitrary code execution |
DSA-1500 | splitvt | Fix privilege escalation |
DSA-1501 | dspam | Fix information disclosure |
DSA-1502 | wordpress | Fix multiple vulnerabilities |
DSA-1505 | alsa-driver | Fix kernel memory leak |
DSA-1506 | iceape | Fix several vulnerabilities |
DSA-1507 | turba2 | Fix permission testing |
DSA-1508 | sword | Fix insufficient input sanitising |
DSA-1509 | koffice | Fix multiple vulnerabilities |
DSA-1510 | gs-gpl | Fix arbitrary code execution |
DSA-1511 | icu | Fix multiple problems |
DSA-1512 | evolution | Fix arbitrary code execution |
DSA-1513 | lighttpd | Fix CGI source disclosure |
DSA-1514 | moin | Fix several vulnerabilities |
DSA-1515 | libnet-dns-perl | Fix several vulnerabilities |
DSA-1516 | dovecot | Fix privilege escalation |
DSA-1517 | ldapscripts | Fix information disclosure |
DSA-1518 | backup-manager | Fix password disclosure |
DSA-1519 | horde3 | Fix insufficient input sanitising |
DSA-1520 | smarty | Fix insufficient input sanitising |
DSA-1522 | unzip | Fix programming error |
DSA-1523 | ikiwiki | Fix cross-site scripting |
DSA-1524 | krb5 | Fix multiple vulnerabilities |
DSA-1525 | asterisk | Fix several vulnerabilities |
DSA-1526 | xwine | Fix several vulnerabilities |
DSA-1527 | debian-goodies | Fix insufficient input sanitising |
DSA-1528 | serendipity | Fix cross site scripting |
DSA-1530 | cupsys | Fix multiple vulnerabilities |
DSA-1531 | policyd-weight | Fix insecure temporary files |
DSA-1532 | xulrunner | Fix several vulnerabilities |
DSA-1533 | exiftags | Fix several vulnerabilities |
DSA-1534 | iceape | Fix several vulnerabilities |
DSA-1535 | iceweasel | Fix several vulnerabilities |
DSA-1536 | xine-lib | Fix several vulnerabilities |
DSA-1537 | xpdf | Fix multiple vulnerabilities |
DSA-1538 | alsaplayer | Fix arbitrary code execution |
DSA-1539 | mapserver | Fix multiple vulnerabilities |
DSA-1540 | lighttpd | Fix denial of service |
DSA-1541 | openldap2.3 | Fix denial of service |
DSA-1542 | libcairo | Fix arbitrary code execution |
DSA-1543 | vlc | Fix several vulnerabilities |
DSA-1544 | pdns-recursor | Fix cache poisioning vulnerability |
DSA-1545 | rsync | Fix arbitrary code execution |
DSA-1546 | gnumeric | Fix arbitrary code execution |
DSA-1547 | openoffice.org | Fix arbitrary code execution |
DSA-1548 | xpdf | Fix arbitrary code execution |
DSA-1549 | clamav | Fix several vulnerabilities |
DSA-1550 | suphp | Fix local privilege escalation |
DSA-1551 | python2.4 | Fix several vulnerabilities |
DSA-1552 | mplayer | Fix arbitrary code execution |
DSA-1553 | ikiwiki | Fix cross-site request forgery |
DSA-1554 | roundup | Fix cross-site scripting vulnerability |
DSA-1555 | iceweasel | Fix arbitrary code execution |
DSA-1556 | perl | Fix denial of service |
DSA-1557 | phpmyadmin | Fix several vulnerabilities |
DSA-1558 | xulrunner | Fix arbitrary code execution |
DSA-1559 | phpgedview | Fix cross site scripting |
DSA-1560 | kronolith2 | Fix cross site scripting |
DSA-1561 | ltsp | Fix information disclosure |
DSA-1562 | iceape | Fix arbitrary code execution |
DSA-1563 | asterisk | Fix denial of service |
DSA-1564 | wordpress | Fix several vulnerabilities |
DSA-1566 | cpio | Fix denial of service |
DSA-1567 | blender | Fix arbitrary code execution |
DSA-1568 | b2evolution | Fix cross site scripting |
DSA-1569 | cacti | Fix multiple vulnerabilities |
DSA-1570 | kazehakase | Fix arbitrary code execution |
DSA-1571 | openssl | Fix predictable random number generator |
DSA-1572 | php5 | Fix several vulnerabilities |
DSA-1573 | rdesktop | Fix several vulnerabilities |
DSA-1574 | icedove | Fix several vulnerabilities |
DSA-1576 | openssh | Fix predictable randomness |
DSA-1577 | gforge | Fix insecure temporary files |
DSA-1578 | php4 | Fix several vulnerabilities |
DSA-1579 | netpbm-free | Fix arbitrary code execution |
DSA-1580 | phpgedview | Fix privilege escalation |
DSA-1581 | gnutls13 | Fix potential code execution |
DSA-1582 | peercast | Fix arbitrary code execution |
DSA-1583 | gnome-peercast | Fix several vulnerabilities |
DSA-1584 | libfishsound | Fix arbitrary code execution |
DSA-1585 | speex | Fix arbitrary code execution |
DSA-1586 | xine-lib | Fix several vulnerabilities |
DSA-1587 | mtr | Fix arbitrary code execution |
DSA-1589 | libxslt | Fix arbitrary code execution |
DSA-1590 | samba | Fix arbitrary code execution |
DSA-1591 | libvorbis | Fix several vulnerabilities |
DSA-1593 | tomcat5.5 | Fix missing input sanitising and cross site scripting issue |
DSA-1594 | imlib2 | Fix buffer overflows in XPM and PNM loaders |
DSA-1595 | xorg-server | Fix several vulnerabilities |
DSA-1596 | typo3-src | Fix several vulnerabilities |
DSA-1597 | mt-daapd | Fix several vulnerabilities |
DSA-1598 | libtk-img | Fix buffer overflow |
DSA-1599 | dbus | Fix programming error |
DSA-1600 | sympa | Fix denial of service |
DSA-1601 | wordpress | Fix several vulnerabilities |
DSA-1602 | pcre3 | Fix arbitrary code execution |
DSA-1603 | bind9 | Fix cache poisioning |
DSA-1606 | poppler | Fix arbitrary code execution |
DSA-1608 | mysql-dfsg-5.0 | Fix authorization bypass |
DSA-1611 | afuse | Fix privilege escalation |
DSA-1612 | ruby1.8 | Fix several vulnerabilities |
DSA-1613 | libgd2 | Fix multiple vulnerabilities |
A complete list of all accepted and rejected packages together with rationale is available on the preparation page for this revision:
Removed packages
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
glimpse | Licensing issues |
dcc | Incompatible with DCC network, security issues |
maxdb-7.5.00 | Security issues |
URLs
The complete lists of packages that have changed with this release:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.