Debian GNU/Linux 3.1 updated
February 18th, 2007
The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.
Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included in the stable release. There is no need to throw away 3.1 CDs or DVDs but only to update against ftp.debian.org after an installation, in order to incorporate those late changes.
Upgrade CD and DVD images will be created soon. No new installation images will be created. Users are advised to update their system against an official Debian mirror after a new installation and update the kernel instead. For the next update new images are anticipated.
Upgrading to this revision online is usually done by pointing the
apt
package tool (see the sources.list(5) manual page) to one of
Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is
available at:
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
exim | Update description to reflect upgrade problems |
glibc | Update timezone data |
openvpn | Fix restart of openvpn in init script |
pinball | Get architectures back in sync |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Advisory ID | Package(s) | Correction(s) |
---|---|---|
DSA-996 | libcrypt-cbc-perl | Cryptographic weakness |
DSA-1193 | XFree86 | Several vulnerabilities |
DSA-1196 | clamav | Arbitrary code execution |
DSA-1197 | python2.4 | Arbitrary code execution |
DSA-1198 | python-2.3 | Arbitrary code execution |
DSA-1199 | webmin | Input validation problems |
DSA-1200 | qt-x11-free | Denial of service |
DSA-1201 | ethereal | Denial of service |
DSA-1202 | screen | Arbitrary code execution |
DSA-1203 | libpam-ldap | Access control bypass |
DSA-1204 | ingo1 | Arbitrary shell command execution |
DSA-1205 | thttpd | Insecure temporary file creation |
DSA-1206 | php4 | Several vulnerabilities |
DSA-1207 | phpmyadmin | Several vulnerabilities |
DSA-1208 | bugzilla | Several vulnerabilities |
DSA-1209 | trac | Cross-site request forgery |
DSA-1210 | mozilla-firefox | Several vulnerabilities |
DSA-1211 | pdns | Arbitrary code execution |
DSA-1212 | openssh | Denial of service |
DSA-1213 | imagemagick | Several vulnerabilities |
DSA-1214 | gv | Arbitrary code execution |
DSA-1215 | xine-lib | Execution of arbitrary code |
DSA-1216 | flexbackup | Denial of service |
DSA-1217 | linux-ftpd | Access control bypass |
DSA-1218 | proftpd | Denial of service |
DSA-1219 | texinfo | Multiple vulnerabilities |
DSA-1220 | pstotext | Arbitrary shell command execution |
DSA-1221 | libgsf | Arbitrary code execution |
DSA-1222 | proftpd | Several vulnerabilities |
DSA-1223 | tar | Arbitrary file overwrite |
DSA-1224 | mozilla | Several vulnerabilities |
DSA-1225 | mozilla-firefox | Several vulnerabilities |
DSA-1226 | links | Arbitrary shell command execution |
DSA-1227 | mozilla-thunderbird | Several vulnerabilities |
DSA-1228 | elinks | Arbitrary shell command execution |
DSA-1229 | asterisk | Arbitrary code execution |
DSA-1230 | l2tpns | Buffer overflow |
DSA-1231 | gnupg | Arbitrary code execution |
DSA-1232 | clamav | Denial of service |
DSA-1233 | kernel-source-2.6.8 | Several vulnerabilities |
DSA-1234 | ruby1.6 | Denial of service |
DSA-1235 | ruby1.8 | Denial of service |
DSA-1236 | enemies-of-carlotta | Missing sanity checks |
DSA-1237 | kernel-source-2.4.27 | Several vulnerabilities |
DSA-1238 | clamav | Several vulnerabilities |
DSA-1239 | sql-ledger | Arbitrary code execution |
DSA-1241 | squirrelmail | Cross-site scripting |
DSA-1242 | elog | Arbitrary code execution |
DSA-1243 | evince | Arbitrary code execution |
DSA-1244 | xine-lib | Arbitrary code execution |
DSA-1245 | proftpd | Denial of service |
DSA-1246 | openoffice.org | Arbitrary code execution |
DSA-1247 | libapache-mod-auth-kerb | Remote denial of service |
DSA-1248 | libsoup | Denial of service |
DSA-1249 | xfree86 | Privilege escalation |
DSA-1250 | cacti | Arbitrary code execution |
DSA-1251 | netrik | Arbitrary shell command execution |
DSA-1252 | vlc | Arbitrary code execution |
DSA-1253 | mozilla-firefox | Several vulnerabilities |
DSA-1254 | bind9 | Denial of service |
DSA-1255 | libgtop2 | Arbitrary code execution |
DSA-1256 | gtk+2.0 | Denial of service |
DSA-1257 | samba | Several vulnerabilities |
DSA-1258 | mozilla-thunderbird | Several vulnerabilities |
DSA-1259 | fetchmail | Information disclosure |
DSA-1260 | imagemagick | Arbitrary code execution |
DSA-1261 | postgresql | Several vulnerabilities |
A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:
URLs
The complete lists of packages that have changed with this release:
The current stable distribution:
Proposed updates to the stable distribution:
Stable distribution information (release notes, errata, etc.):
Security announcements and information:
About Debian
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux.
Contact Information
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.