27 Jul 2008 12:49
Debian GNU/Linux 4.0 updated and support for newer hardware added
Alexander Reichle-Schmehl <tolimar <at> debian.org>
2008-07-27 10:49:07 GMT
2008-07-27 10:49:07 GMT
------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Debian GNU/Linux 4.0 updated press <at> debian.org July 26th, 2008 http://www.debian.org/News/2008/20080726 ------------------------------------------------------------------------ Debian GNU/Linux 4.0 updated and support for newer hardware added The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 4.0 (codename etch). In addition to correcting several security problems and a few serious defects in the stable release, for the first time in Debian's history an update for a stable distrubtion also adds support for newer hardware by giving users the option to install newer drivers. Existing Debian GNU/Linux 4.0 installation CDs and DVDs can continue to be used to install this update. After installation, upgrading via an up-to-date Debian mirror will cause any out of date packages to be updated. However, users of the network-console installation method are strongly encouraged to update their media, see the "Debian Installer" portion of this announcement for more information. Those who install updates frequently from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New CD and DVD images containing updated packages and the regular installation media accompanied with the package archive respectively will be available soon at the regular locations. Upgrading to this revision online should be done by directing the aptitude (or apt) package tool (see the sources.list(5) manual page) at one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at: <http://www.debian.org/distrib/ftplist> About "etch-and-a-half" ----------------------- "Etch and a half" is Debian's desire to support hardware that requires updated drivers. This marks the first time the Debian project updates several core packages in its stable distribution without security implications and demonstrates its huge dedication for their users. Components newer than the first release of Debian GNU/Linux 4.0 ("etch") that were not supported yet will be detected by an updated installation routine which is able to install a newer Linux kernel (2.6.24) on the freshly installed system. This revision includes packages that are based upon the Linux 2.6.24 kernel as well. Installation of these additional packages is not required and will not occur by default. The existing 2.6.18-based kernel will continue to be the default kernel for the etch release. A more recent version of X.org, the X window system, also contains new drivers that add support to e.g. Geforce 8 series GPUs, intel 965GM, 965GME, G33, Q35, Q33 cards. Dual-head setups are also supported rudimentary. These packages have been updated or newly introduced through "etch-and-a-half": Package Reason linux-2.6.24 Updated for new kernel for etchnhalf linux-kbuild-2.6.24 Updated for new kernel for etchnhalf linux-latest-2.6-etchnhalf New kernel for etchnhalf xserver-xorg-video-nv Supporting more hardware xserver-xorg-video-intel Supporting more hardware aboot Fix alpha build, add support for kernels newer than 2.6.23 b43-fwcutter Fix wrongly encoded es.po debconf Make debconf-apt-progress compatible with the Lenny installer sysvinit Update shutdown to work with libata in linux newer than 2.6.23 wireless-tools Update to claim support for WE API in etchnhalf kernel Release notes covering the special features of "etch-and-a-half" have been written as well as a short update for the installation instructions. Release notes: <http://www.debian.org/releases/etch/etchnhalf> Installation instructions: <http://www.debian.org/releases/etch/debian-installer/etchnhalf> Debian-Installer Update ----------------------- The Debian-Installer was updated to repair an issue with the network-console installation option. Due to a lack of entropy in how the host key is generated, earlier Debian GNU/Linux 4.0 installers are vulnerable to a man-in-the-middle attack. Two other issues regarding installation on already existing RAID setups and recognizing PowerPC64 system have been fixed as well. Miscellaneous Bugfixes ---------------------- This stable update adds several binary updates for various architectures to packages whose version was not synchronised across all architectures. It also adds a few important corrections to the following packages: Package Reason apache2 Fix possible segfault introduced by patch for CVE-2007-6421 balsa Fix for stack-based buffer overflow base-installer Correctly recognize powerpc64 systems cbrpager Backported security fixes from upstream 0.9.18 for CVE-2008-2575 chkrootkit 'Enye' check was killing random applications debian-installer Rebuilt images containing network-console dns-flood-detector Actually write a pid file for start-stop-daemon exiv2 Fix regression in security update fai-kernels Rebuilt against linux-2.6_2.6.18.dfsg.1-21 firmware-nonfree Build-depend on new kernel ABI 2.6-6 glibc Fix nscd host caching and linker script for libraries using TLS grub Fix 1 TiB disk addressing limit hal Allow mounting ntfs volumes from within KDE initramfs-tools Fix MBR checking on md devices and booting with Xen kiosktool Correct the path to the KDE menu file licq Fixing 'ICQ version too old' connection failure linux-2.6 Fix several issues partman-lvm Fix installation with already existing RAID pdftohtml Transition users to poppler-utils python-django Fix cross-site scripting vulnerability qsynth Fix wrongly named desktop file qt-x11-free Ease updates of KDE by hardcoding the unames trac Fix multiple issues tzdata New timezone information user-mode-linux Rebuilt against linux-2.6_2.6.18.dfsg.1-21 vzctl Fix file permission transfer on migrations wxmaxima Fix connection problems making the package unusable xpdf Remove strict versioned dependency on xpdf-utils to fix upgrade xpenguins-applet Avoid double free znc Fix NULL pointer dereferences leading to crashes These packages were updated on the specified architecture to bring the architectures back in sync: Package Architecture -- Reason apache2-mpm-itk s390 amd64 sparc powerpc arm i386 mips ia64 alpha mipsel hppa -- Rebuilt against updated apache2 gtimer amd64 -- Rebuilt against Etch libraries kdebase arm kdelibs arm sage ia64 -- Rebuilt against libsdl1.2_1.2.11-8 to kill off dangling .la references sear ia64 -- Rebuilt against lib3ds-dev 1.2.0-4.1+etch1 Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package(s) Correction(s) DSA 1484 xulrunner Fix several vulnerabilities DSA 1485 icedove Fix several vulnerabilities DSA 1492 wml Clean up temporary files DSA 1497 clamav Fix several vulnerabilities DSA 1498 libimager-perl Fix arbitrary code execution DSA 1499 pcre3 Fix arbitrary code execution DSA 1500 splitvt Fix privilege escalation DSA 1501 dspam Fix information disclosure DSA 1502 wordpress Fix multiple vulnerabilities DSA 1505 alsa-driver Fix kernel memory leak DSA 1506 iceape Fix several vulnerabilities DSA 1507 turba2 Fix permission testing DSA 1508 sword Fix insufficient input sanitising DSA 1509 koffice Fix multiple vulnerabilities DSA 1510 gs-gpl Fix arbitrary code execution DSA 1511 icu Fix multiple problems DSA 1512 evolution Fix arbitrary code execution DSA 1513 lighttpd Fix CGI source disclosure DSA 1514 moin Fix several vulnerabilities DSA 1515 libnet-dns-perl Fix several vulnerabilities DSA 1516 dovecot Fix privilege escalation DSA 1517 ldapscripts Fix information disclosure DSA 1518 backup-manager Fix password disclosure DSA 1519 horde3 Fix insufficient input sanitising DSA 1520 smarty Fix insufficient input sanitising DSA 1522 unzip Fix programming error DSA 1523 ikiwiki Fix cross-site scripting DSA 1524 krb5 Fix multiple vulnerabilities DSA 1525 asterisk Fix several vulnerabilities DSA 1526 xwine Fix several vulnerabilities DSA 1527 debian-goodies Fix insufficient input sanitising DSA 1528 serendipity Fix cross site scripting DSA 1530 cupsys Fix multiple vulnerabilities DSA 1531 policyd-weight Fix insecure temporary files DSA 1532 xulrunner Fix several vulnerabilities DSA 1533 exiftags Fix several vulnerabilities DSA 1534 iceape Fix several vulnerabilities DSA 1535 iceweasel Fix several vulnerabilities DSA 1536 xine-lib Fix several vulnerabilities DSA 1537 xpdf Fix multiple vulnerabilities DSA 1538 alsaplayer Fix arbitrary code execution DSA 1539 mapserver Fix multiple vulnerabilities DSA 1540 lighttpd Fix denial of service DSA 1541 openldap2.3 Fix denial of service DSA 1542 libcairo Fix arbitrary code execution DSA 1543 vlc Fix several vulnerabilities DSA 1544 pdns-recursor Fix cache poisioning vulnerability DSA 1545 rsync Fix arbitrary code execution DSA 1546 gnumeric Fix arbitrary code execution DSA 1547 openoffice.org Fix arbitrary code execution DSA 1548 xpdf Fix arbitrary code execution DSA 1549 clamav Fix several vulnerabilities DSA 1550 suphp Fix local privilege escalation DSA 1551 python2.4 Fix several vulnerabilities DSA 1552 mplayer Fix arbitrary code execution DSA 1553 ikiwiki Fix cross-site request forgery DSA 1554 roundup Fix cross-site scripting vulnerability DSA 1555 iceweasel Fix arbitrary code execution DSA 1556 perl Fix denial of service DSA 1557 phpmyadmin Fix several vulnerabilities DSA 1558 xulrunner Fix arbitrary code execution DSA 1559 phpgedview Fix cross site scripting DSA 1560 kronolith2 Fix cross site scripting DSA 1561 ltsp Fix information disclosure DSA 1562 iceape Fix arbitrary code execution DSA 1563 asterisk Fix denial of service DSA 1564 wordpress Fix several vulnerabilities DSA 1566 cpio Fix denial of service DSA 1567 blender Fix arbitrary code execution DSA 1568 b2evolution Fix cross site scripting DSA 1569 cacti Fix multiple vulnerabilities DSA 1570 kazehakase Fix arbitrary code execution DSA 1571 openssl Fix predictable random number generator DSA 1572 php5 Fix several vulnerabilities DSA 1573 rdesktop Fix several vulnerabilities DSA 1574 icedove Fix several vulnerabilities DSA 1576 openssh Fix predictable randomness DSA 1577 gforge Fix insecure temporary files DSA 1578 php4 Fix several vulnerabilities DSA 1579 netpbm-free Fix arbitrary code execution DSA 1580 phpgedview Fix privilege escalation DSA 1581 gnutls13 Fix potential code execution DSA 1582 peercast Fix arbitrary code execution DSA 1583 gnome-peercast Fix several vulnerabilities DSA 1584 libfishsound Fix arbitrary code execution DSA 1585 speex Fix arbitrary code execution DSA 1586 xine-lib Fix several vulnerabilities DSA 1587 mtr Fix arbitrary code execution DSA 1589 libxslt Fix arbitrary code execution DSA 1590 samba Fix arbitrary code execution DSA 1591 libvorbis Fix several vulnerabilities DSA 1593 tomcat5.5 Fix missing input sanitising and cross site scripting issue DSA 1594 imlib2 Fix buffer overflows in XPM and PNM loaders DSA 1595 xorg-server Fix several vulnerabilities DSA 1596 typo3-src Fix several vulnerabilities DSA 1597 mt-daapd Fix several vulnerabilities DSA 1598 libtk-img Fix buffer overflow DSA 1599 dbus Fix programming error DSA 1600 sympa Fix denial of service DSA 1601 wordpress Fix several vulnerabilities DSA 1602 pcre3 Fix arbitrary code execution DSA 1603 bind9 Fix cache poisioning DSA 1606 poppler Fix arbitrary code execution DSA 1608 mysql-dfsg-5.0 Fix authorization bypass DSA 1611 afuse Fix privilege escalation DSA 1612 ruby1.8 Fix several vulnerabilities DSA 1613 libgd2 Fix multiple vulnerabilities A complete list of all accepted and rejected packages together with rationale is available on the preparation page for this revision: <http://release.debian.org/stable/4.0/4.0r3/> Removed packages ---------------- The following packages were removed due to circumstances beyond our control: Package Reason glimpse Licensing issues dcc Incompatible with DCC network, security issues maxdb-7.5.00 Security issues URLs ---- The complete lists of packages that have changed with this revision: <http://ftp.debian.org/debian/dists/etch/ChangeLog> The current stable distribution: <http://ftp.debian.org/debian/dists/stable> Proposed updates to the stable distribution: <http://ftp.debian.org/debian/dists/proposed-updates> Stable distribution information (release notes, errata etc.): <http://www.debian.org/releases/stable/> Security announcements and information: <http://www.debian.org/security/> About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian GNU/Linux. Contact Information ------------------- For further information, please visit the Debian web pages at <http://www.debian.org/>, send mail to <press <at> debian.org>, or contact the stable release team at <debian-release <at> lists.debian.org>.