Alexander Reichle-Schmehl | 27 Jul 12:49 2008
Picon

Debian GNU/Linux 4.0 updated and support for newer hardware added

------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Debian GNU/Linux 4.0 updated                            press <at> debian.org
July 26th, 2008                 http://www.debian.org/News/2008/20080726
------------------------------------------------------------------------

Debian GNU/Linux 4.0 updated and support for newer hardware added

The Debian project is pleased to announce the fourth update of its
stable distribution Debian GNU/Linux 4.0 (codename etch).  In addition
to correcting several security problems and a few serious defects in the
stable release, for the first time in Debian's history an update for a
stable distrubtion also adds support for newer hardware by giving users
the option to install newer drivers.

Existing Debian GNU/Linux 4.0 installation CDs and DVDs can continue to
be used to install this update. After installation, upgrading via an
up-to-date Debian mirror will cause any out of date packages to be
updated. However, users of the network-console installation method are
strongly encouraged to update their media, see the "Debian Installer"
portion of this announcement for more information.

Those who install updates frequently from security.debian.org won't have
to update many packages and most updates from security.debian.org are
included in this update. 

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations. 

Upgrading to this revision online should be done by directing the
aptitude (or apt) package tool (see the sources.list(5) manual page) at
one of Debian's many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

    <http://www.debian.org/distrib/ftplist>

About "etch-and-a-half"
-----------------------

"Etch and a half" is Debian's desire to support hardware that requires
updated drivers. This marks the first time the Debian project updates
several core packages in its stable distribution without security
implications and demonstrates its huge dedication for their users.

Components newer than the first release of Debian GNU/Linux 4.0 ("etch")
that were not supported yet will be detected by an updated installation
routine which is able to install a newer Linux kernel (2.6.24) on the
freshly installed system. This revision includes packages that are based
upon the Linux 2.6.24 kernel as well. Installation of these additional
packages is not required and will not occur by default.  The existing
2.6.18-based kernel will continue to be the default kernel for the etch
release.

A more recent version of X.org, the X window system, also contains new
drivers that add support to e.g. Geforce 8 series GPUs, intel 965GM,
965GME, G33, Q35, Q33 cards.  Dual-head setups are also supported
rudimentary.

These packages have been updated or newly introduced through
"etch-and-a-half":

     Package			Reason

     linux-2.6.24		Updated for new kernel for etchnhalf
     linux-kbuild-2.6.24	Updated for new kernel for etchnhalf
     linux-latest-2.6-etchnhalf	New kernel for etchnhalf
     xserver-xorg-video-nv	Supporting more hardware
     xserver-xorg-video-intel	Supporting more hardware
     aboot			Fix alpha build, add support for kernels newer than 2.6.23
     b43-fwcutter		Fix wrongly encoded es.po
     debconf 			Make debconf-apt-progress compatible with the Lenny installer
     sysvinit			Update shutdown to work with libata in linux newer than 2.6.23
     wireless-tools		Update to claim support for WE API in etchnhalf kernel

Release notes covering the special features of "etch-and-a-half" have
been written as well as a short update for the installation
instructions.

  Release notes:		<http://www.debian.org/releases/etch/etchnhalf>
  Installation instructions:	<http://www.debian.org/releases/etch/debian-installer/etchnhalf>

Debian-Installer Update
-----------------------

The Debian-Installer was updated to repair an issue with the network-console
installation option. Due to a lack of entropy in how the host key is generated,
earlier Debian GNU/Linux 4.0 installers are vulnerable to a man-in-the-middle
attack. Two other issues regarding installation on already existing RAID
setups and recognizing PowerPC64 system have been fixed as well.

Miscellaneous Bugfixes
----------------------

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

     Package			Reason

     apache2			Fix possible segfault introduced by patch for CVE-2007-6421
     balsa			Fix for stack-based buffer overflow
     base-installer		Correctly recognize powerpc64 systems
     cbrpager			Backported security fixes from upstream 0.9.18 for CVE-2008-2575
     chkrootkit			'Enye' check was killing random applications
     debian-installer		Rebuilt images containing network-console
     dns-flood-detector		Actually write a pid file for start-stop-daemon
     exiv2			Fix regression in security update
     fai-kernels		Rebuilt against linux-2.6_2.6.18.dfsg.1-21
     firmware-nonfree		Build-depend on new kernel ABI 2.6-6
     glibc			Fix nscd host caching and linker script for libraries using TLS
     grub			Fix 1 TiB disk addressing limit
     hal			Allow mounting ntfs volumes from within KDE
     initramfs-tools		Fix MBR checking on md devices and booting with Xen
     kiosktool			Correct the path to the KDE menu file
     licq			Fixing 'ICQ version too old' connection failure
     linux-2.6			Fix several issues
     partman-lvm		Fix installation with already existing RAID
     pdftohtml			Transition users to poppler-utils
     python-django		Fix cross-site scripting vulnerability
     qsynth			Fix wrongly named desktop file
     qt-x11-free		Ease updates of KDE by hardcoding the unames
     trac			Fix multiple issues
     tzdata			New timezone information
     user-mode-linux		Rebuilt against linux-2.6_2.6.18.dfsg.1-21
     vzctl			Fix file permission transfer on migrations
     wxmaxima			Fix connection problems making the package unusable
     xpdf			Remove strict versioned dependency on xpdf-utils to fix upgrade
     xpenguins-applet		Avoid double free
     znc			Fix NULL pointer dereferences leading to crashes

These packages were updated on the specified architecture to bring the architectures back in sync:

     Package			Architecture -- Reason

     apache2-mpm-itk		s390 amd64 sparc powerpc arm i386 mips ia64 alpha mipsel hppa --
     				Rebuilt against updated apache2
     gtimer			amd64 -- Rebuilt against Etch libraries
     kdebase			arm
     kdelibs			arm
     sage			ia64 -- Rebuilt against libsdl1.2_1.2.11-8 to kill off dangling .la references
     sear			ia64 -- Rebuilt against lib3ds-dev 1.2.0-4.1+etch1

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

 Advisory ID   Package(s)	Correction(s)

   DSA 1484    xulrunner	Fix several vulnerabilities
   DSA 1485    icedove		Fix several vulnerabilities
   DSA 1492    wml		Clean up temporary files
   DSA 1497    clamav		Fix several vulnerabilities
   DSA 1498    libimager-perl	Fix arbitrary code execution
   DSA 1499    pcre3		Fix arbitrary code execution
   DSA 1500    splitvt		Fix privilege escalation
   DSA 1501    dspam		Fix information disclosure
   DSA 1502    wordpress	Fix multiple vulnerabilities
   DSA 1505    alsa-driver	Fix kernel memory leak
   DSA 1506    iceape		Fix several vulnerabilities
   DSA 1507    turba2		Fix permission testing
   DSA 1508    sword		Fix insufficient input sanitising
   DSA 1509    koffice		Fix multiple vulnerabilities
   DSA 1510    gs-gpl		Fix arbitrary code execution
   DSA 1511    icu		Fix multiple problems
   DSA 1512    evolution	Fix arbitrary code execution
   DSA 1513    lighttpd		Fix CGI source disclosure
   DSA 1514    moin		Fix several vulnerabilities
   DSA 1515    libnet-dns-perl	Fix several vulnerabilities
   DSA 1516    dovecot		Fix privilege escalation
   DSA 1517    ldapscripts	Fix information disclosure
   DSA 1518    backup-manager	Fix password disclosure
   DSA 1519    horde3		Fix insufficient input sanitising
   DSA 1520    smarty		Fix insufficient input sanitising
   DSA 1522    unzip		Fix programming error
   DSA 1523    ikiwiki		Fix cross-site scripting
   DSA 1524    krb5		Fix multiple vulnerabilities
   DSA 1525    asterisk		Fix several vulnerabilities
   DSA 1526    xwine		Fix several vulnerabilities
   DSA 1527    debian-goodies	Fix insufficient input sanitising
   DSA 1528    serendipity	Fix cross site scripting
   DSA 1530    cupsys		Fix multiple vulnerabilities
   DSA 1531    policyd-weight	Fix insecure temporary files
   DSA 1532    xulrunner	Fix several vulnerabilities
   DSA 1533    exiftags		Fix several vulnerabilities
   DSA 1534    iceape		Fix several vulnerabilities
   DSA 1535    iceweasel	Fix several vulnerabilities
   DSA 1536    xine-lib		Fix several vulnerabilities
   DSA 1537    xpdf		Fix multiple vulnerabilities
   DSA 1538    alsaplayer	Fix arbitrary code execution
   DSA 1539    mapserver	Fix multiple vulnerabilities
   DSA 1540    lighttpd		Fix denial of service
   DSA 1541    openldap2.3	Fix denial of service
   DSA 1542    libcairo		Fix arbitrary code execution
   DSA 1543    vlc		Fix several vulnerabilities
   DSA 1544    pdns-recursor	Fix cache poisioning vulnerability
   DSA 1545    rsync		Fix arbitrary code execution
   DSA 1546    gnumeric		Fix arbitrary code execution
   DSA 1547    openoffice.org	Fix arbitrary code execution
   DSA 1548    xpdf		Fix arbitrary code execution
   DSA 1549    clamav		Fix several vulnerabilities
   DSA 1550    suphp		Fix local privilege escalation
   DSA 1551    python2.4	Fix several vulnerabilities
   DSA 1552    mplayer		Fix arbitrary code execution
   DSA 1553    ikiwiki		Fix cross-site request forgery
   DSA 1554    roundup		Fix cross-site scripting vulnerability
   DSA 1555    iceweasel	Fix arbitrary code execution
   DSA 1556    perl		Fix denial of service
   DSA 1557    phpmyadmin	Fix several vulnerabilities
   DSA 1558    xulrunner	Fix arbitrary code execution
   DSA 1559    phpgedview	Fix cross site scripting
   DSA 1560    kronolith2	Fix cross site scripting
   DSA 1561    ltsp		Fix information disclosure
   DSA 1562    iceape		Fix arbitrary code execution
   DSA 1563    asterisk		Fix denial of service
   DSA 1564    wordpress	Fix several vulnerabilities
   DSA 1566    cpio		Fix denial of service
   DSA 1567    blender		Fix arbitrary code execution
   DSA 1568    b2evolution	Fix cross site scripting
   DSA 1569    cacti		Fix multiple vulnerabilities
   DSA 1570    kazehakase	Fix arbitrary code execution
   DSA 1571    openssl		Fix predictable random number generator
   DSA 1572    php5		Fix several vulnerabilities
   DSA 1573    rdesktop		Fix several vulnerabilities
   DSA 1574    icedove		Fix several vulnerabilities
   DSA 1576    openssh		Fix predictable randomness
   DSA 1577    gforge		Fix insecure temporary files
   DSA 1578    php4		Fix several vulnerabilities
   DSA 1579    netpbm-free	Fix arbitrary code execution
   DSA 1580    phpgedview	Fix privilege escalation
   DSA 1581    gnutls13		Fix potential code execution
   DSA 1582    peercast		Fix arbitrary code execution
   DSA 1583    gnome-peercast   Fix several vulnerabilities
   DSA 1584    libfishsound	Fix arbitrary code execution
   DSA 1585    speex		Fix arbitrary code execution
   DSA 1586    xine-lib		Fix several vulnerabilities
   DSA 1587    mtr		Fix arbitrary code execution
   DSA 1589    libxslt		Fix arbitrary code execution
   DSA 1590    samba		Fix arbitrary code execution
   DSA 1591    libvorbis	Fix several vulnerabilities
   DSA 1593    tomcat5.5	Fix missing input sanitising and cross site scripting issue
   DSA 1594    imlib2		Fix buffer overflows in XPM and PNM loaders
   DSA 1595    xorg-server	Fix several vulnerabilities
   DSA 1596    typo3-src	Fix several vulnerabilities
   DSA 1597    mt-daapd		Fix several vulnerabilities
   DSA 1598    libtk-img	Fix buffer overflow
   DSA 1599    dbus		Fix programming error
   DSA 1600    sympa		Fix denial of service
   DSA 1601    wordpress	Fix several vulnerabilities
   DSA 1602    pcre3		Fix arbitrary code execution
   DSA 1603    bind9		Fix cache poisioning
   DSA 1606    poppler		Fix arbitrary code execution
   DSA 1608    mysql-dfsg-5.0	Fix authorization bypass
   DSA 1611    afuse		Fix privilege escalation
   DSA 1612    ruby1.8		Fix several vulnerabilities
   DSA 1613    libgd2		Fix multiple vulnerabilities

A complete list of all accepted and rejected packages together with
rationale is available on the preparation page for this revision:

  <http://release.debian.org/stable/4.0/4.0r3/>

Removed packages
----------------

The following packages were removed due to circumstances beyond our control:

     Package		Reason

     glimpse		Licensing issues
     dcc		Incompatible with DCC network, security issues
     maxdb-7.5.00	Security issues

URLs
----

The complete lists of packages that have changed with this revision:

  <http://ftp.debian.org/debian/dists/etch/ChangeLog>

The current stable distribution:

  <http://ftp.debian.org/debian/dists/stable>

Proposed updates to the stable distribution:

  <http://ftp.debian.org/debian/dists/proposed-updates>

Stable distribution information (release notes, errata etc.):

  <http://www.debian.org/releases/stable/>

Security announcements and information:

  <http://www.debian.org/security/>

About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating system Debian GNU/Linux.

Contact Information
-------------------

For further information, please visit the Debian web pages at
<http://www.debian.org/>, send mail to <press <at> debian.org>, or
contact the stable release team at <debian-release <at> lists.debian.org>.


Gmane