Debian GNU/Linux 3.1 updated
September 1st, 2006
The Debian project has updated the stable distribution Debian GNU/Linux
3.1 (codename sarge
). This update mainly adds security updates to the
stable release, along with a few corrections to serious problems. Those
who frequently update from security.debian.org won't have to update many
packages and most updates from security.debian.org are included in this
update.
Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
apt
package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is
available at:
Debian-Installer Update
In order to make available updated Linux kernel packages in the Debian installer it had to be updated as well. To accomplish this the following packages also required an update: base-config, base-installer, debian-installer and preseed.
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
evms | Fixes system lockup on boot |
evolution-webcal | Getting architectures back in sync |
glibc | Fixes build failures |
grub | Preparations for etch kernels |
kazehakase | Corrects segmentation faults |
octaviz | Corrects library path |
perl | Corrects problems with UTF-8/taint fix and Tk |
python-pgsql | Corrects regression due to PostgreSQL update |
vlan | Corrects interface settings |
wzdftpd | Corrects wrong dependencies |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package(s) | Correction(s) |
---|---|---|
DSA-725 | ppxp | Local root exploit |
DSA-986 | gnutls11 | Arbitrary code execution |
DSA-1017 | kernel-source-2.6.8 | Several vulnerabilities |
DSA-1018 | kernel-source-2.4.27 | Several vulnerabilities |
DSA-1027 | mailman | Denial of service |
DSA-1032 | zope-cmfplone | Unprivileged data manipulation |
DSA-1035 | fcheck | Insecure temporary file creation |
DSA-1036 | bsdgames | Local privilege escalation |
DSA-1037 | zgv | Arbitrary code execution |
DSA-1038 | xzgv | Arbitrary code execution |
DSA-1039 | blender | Several vulnerabilities |
DSA-1040 | gdm | Local root exploit |
DSA-1041 | abc2ps | Arbitrary code execution |
DSA-1042 | cyrus-sasl2 | Denial of service |
DSA-1043 | abcmidi | Arbitrary code execution |
DSA-1044 | mozilla-firefox | Several vulnerabilities |
DSA-1045 | openvpn | Arbitrary code execution |
DSA-1046 | mozilla | Several vulnerabilities |
DSA-1047 | resmgr | Unauthorised access |
DSA-1048 | asterisk | Arbitrary code execution |
DSA-1049 | ethereal | Several vulnerabilities |
DSA-1050 | clamav | Arbitrary code execution |
DSA-1051 | mozilla-thunderbird | Several vulnerabilities |
DSA-1052 | cgiirc | Arbitrary code execution |
DSA-1053 | mozilla | Arbitrary code execution |
DSA-1054 | tiff | Arbitrary code execution |
DSA-1055 | mozilla-firefox | Arbitrary code execution |
DSA-1056 | webcalendar | Information leak |
DSA-1057 | phpldapadmin | Cross-site scripting |
DSA-1058 | awstats | Arbitrary command execution |
DSA-1059 | quagga | Several vulnerabilities |
DSA-1060 | kernel-patch-vserver | Privilege escalation |
DSA-1061 | popfile | Denial of service |
DSA-1062 | kphone | Insecure file creation |
DSA-1063 | phpgroupware | Cross-site scripting |
DSA-1064 | cscope | Arbitrary code execution |
DSA-1065 | hostapd | Denial of service |
DSA-1066 | phpbb2 | Cross-site scripting |
DSA-1068 | fbi | Denial of service |
DSA-1072 | nagios | Arbitrary code execution |
DSA-1073 | mysql-dfsg-4.1 | Several vulnerabilities |
DSA-1074 | mpg123 | Arbitrary code execution |
DSA-1075 | awstats | Arbitrary command execution |
DSA-1076 | lynx | Denial of service |
DSA-1078 | tiff | Denial of service |
DSA-1079 | mysql-dfsg | Several vulnerabilities |
DSA-1080 | dovecot | Directory traversal |
DSA-1081 | libextractor | Arbitrary code execution |
DSA-1083 | motor | Arbitrary code execution |
DSA-1084 | typespeed | Arbitrary code execution |
DSA-1085 | lynx-cur | Several vulnerabilities |
DSA-1086 | xmcd | Denial of service |
DSA-1087 | postgresql | Encoding vulnerabilities |
DSA-1088 | centericq | Arbitrary code execution |
DSA-1090 | spamassassin | Arbitrary command execution |
DSA-1091 | tiff | Arbitrary code execution |
DSA-1092 | mysql-dfsg-4.1 | SQL injection |
DSA-1093 | xine | Arbitrary code execution |
DSA-1094 | gforge | Cross-site scripting |
DSA-1095 | freetype | Several vulnerabilities |
DSA-1096 | webcalendar | Arbitrary code execution |
DSA-1097 | kernel-source-2.4.27 | Several vulnerabilities |
DSA-1098 | horde3 | Cross-site scripting |
DSA-1099 | horde2 | Cross-site scripting |
DSA-1100 | wv2 | Integer overflow |
DSA-1101 | courier | Denial of service |
DSA-1102 | pinball | Privilege escalation |
DSA-1103 | kernel-source-2.6.8 | Several vulnerabilities |
DSA-1104 | openoffice.org | Several vulnerabilities |
DSA-1105 | xine-lib | Denial of service |
DSA-1106 | ppp | Privilege escalation |
DSA-1107 | gnupg | Denial of service |
DSA-1108 | mutt | Arbitrary code execution |
DSA-1109 | rssh | Privilege escalation |
DSA-1110 | samba | Denial of service |
DSA-1111 | kernel-source-2.6.8 | Privilege escalation |
DSA-1112 | mysql-dfsg-4.1 | Several vulnerabilities |
DSA-1113 | zope2.7 | Information disclosure |
DSA-1114 | hashcash | Arbitrary code execution |
DSA-1115 | gnupg2 | Denial of service |
DSA-1116 | gimp | Arbitrary code execution |
DSA-1117 | libgd2 | Denial of service |
DSA-1118 | mozilla | Several vulnerabilities |
DSA-1119 | hiki | Denial of service |
DSA-1120 | mozilla-firefox | Several vulnerabilities |
DSA-1121 | postgrey | Denial of service |
DSA-1122 | libnet-server-perl | Denial of service |
DSA-1123 | libdumb | Arbitrary code execution |
DSA-1124 | fbi | Potential deletion of user data |
DSA-1125 | drupal | Cross-site scripting |
DSA-1126 | asterisk | Denial of service |
DSA-1127 | ethereal | Several vulnerabilities |
DSA-1128 | heartbeat | Local denial of service |
DSA-1129 | osiris | Arbitrary code execution |
DSA-1130 | sitebar | Cross-site scripting |
DSA-1131 | apache | Arbitrary code execution |
DSA-1132 | apache2 | Arbitrary code execution |
DSA-1133 | mantis | Cross-site scripting |
DSA-1134 | mozilla-thunderbird | Several vulnerabilities |
DSA-1135 | libtunepimp | Arbitrary code execution |
DSA-1136 | gpdf | Denial of service |
DSA-1137 | tiff | Several vulnerabilities |
DSA-1138 | cfs | Denial of service |
DSA-1139 | ruby1.6 | Privilege escalation |
DSA-1140 | gnupg | Denial of service |
DSA-1141 | gnupg2 | Denial of service |
DSA-1142 | freeciv | Arbitrary code execution |
DSA-1143 | dhcp | Denial of service |
DSA-1144 | chmlib | Denial of service |
DSA-1145 | freeradius | Several vulnerabilities |
DSA-1146 | krb5 | Privilege escalation |
DSA-1147 | drupal | Cross-site scripting |
DSA-1148 | gallery | Several vulnerabilities |
DSA-1149 | ncompress | Potential code execution |
DSA-1150 | shadow | Privilege escalation |
DSA-1151 | heartbeat | Denial of service |
DSA-1153 | clamav | Arbitrary code execution |
DSA-1154 | squirrelmail | Information disclosure |
DSA-1155 | sendmail | Denial of service |
DSA-1159 | mozilla-thunderbird | Several vulnerabilities |
A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
URLs
The complete lists of packages that have changed with this release:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.