Debian 9858 Published by

Debian GNU/Linux 3.1r3 is now available:

The Debian project has updated the stable distribution Debian GNU/Linux 3.1 (codename sarge). This update mainly adds security updates to the stable release, along with a few corrections to serious problems. Those who frequently update from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

Please note that this update does not constitute a new version of Debian GNU/Linux 3.1 but only updates some of the packages included. There is no need to throw away 3.1 CDs. Instead you only need to update against ftp.debian.org or a mirror after an installation, in order to incorporate those changes. New CD and DVD images are being built right now and will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the apt package tool (see the sources.list(5) manual page) to one of Debian's many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

http://www.debian.org/mirror/list



Debian-Installer Update

In order to make available updated Linux kernel packages in the Debian installer it had to be updated as well. To accomplish this the following packages also required an update: base-config, base-installer, debian-installer and preseed.

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
evms Fixes system lockup on boot
evolution-webcal Getting architectures back in sync
glibc Fixes build failures
grub Preparations for etch kernels
kazehakase Corrects segmentation faults
octaviz Corrects library path
perl Corrects problems with UTF-8/taint fix and Tk
python-pgsql Corrects regression due to PostgreSQL update
vlan Corrects interface settings
wzdftpd Corrects wrong dependencies
Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package(s) Correction(s)
DSA-725 ppxp Local root exploit
DSA-986 gnutls11 Arbitrary code execution
DSA-1017 kernel-source-2.6.8 Several vulnerabilities
DSA-1018 kernel-source-2.4.27 Several vulnerabilities
DSA-1027 mailman Denial of service
DSA-1032 zope-cmfplone Unprivileged data manipulation
DSA-1035 fcheck Insecure temporary file creation
DSA-1036 bsdgames Local privilege escalation
DSA-1037 zgv Arbitrary code execution
DSA-1038 xzgv Arbitrary code execution
DSA-1039 blender Several vulnerabilities
DSA-1040 gdm Local root exploit
DSA-1041 abc2ps Arbitrary code execution
DSA-1042 cyrus-sasl2 Denial of service
DSA-1043 abcmidi Arbitrary code execution
DSA-1044 mozilla-firefox Several vulnerabilities
DSA-1045 openvpn Arbitrary code execution
DSA-1046 mozilla Several vulnerabilities
DSA-1047 resmgr Unauthorised access
DSA-1048 asterisk Arbitrary code execution
DSA-1049 ethereal Several vulnerabilities
DSA-1050 clamav Arbitrary code execution
DSA-1051 mozilla-thunderbird Several vulnerabilities
DSA-1052 cgiirc Arbitrary code execution
DSA-1053 mozilla Arbitrary code execution
DSA-1054 tiff Arbitrary code execution
DSA-1055 mozilla-firefox Arbitrary code execution
DSA-1056 webcalendar Information leak
DSA-1057 phpldapadmin Cross-site scripting
DSA-1058 awstats Arbitrary command execution
DSA-1059 quagga Several vulnerabilities
DSA-1060 kernel-patch-vserver Privilege escalation
DSA-1061 popfile Denial of service
DSA-1062 kphone Insecure file creation
DSA-1063 phpgroupware Cross-site scripting
DSA-1064 cscope Arbitrary code execution
DSA-1065 hostapd Denial of service
DSA-1066 phpbb2 Cross-site scripting
DSA-1068 fbi Denial of service
DSA-1072 nagios Arbitrary code execution
DSA-1073 mysql-dfsg-4.1 Several vulnerabilities
DSA-1074 mpg123 Arbitrary code execution
DSA-1075 awstats Arbitrary command execution
DSA-1076 lynx Denial of service
DSA-1078 tiff Denial of service
DSA-1079 mysql-dfsg Several vulnerabilities
DSA-1080 dovecot Directory traversal
DSA-1081 libextractor Arbitrary code execution
DSA-1083 motor Arbitrary code execution
DSA-1084 typespeed Arbitrary code execution
DSA-1085 lynx-cur Several vulnerabilities
DSA-1086 xmcd Denial of service
DSA-1087 postgresql Encoding vulnerabilities
DSA-1088 centericq Arbitrary code execution
DSA-1090 spamassassin Arbitrary command execution
DSA-1091 tiff Arbitrary code execution
DSA-1092 mysql-dfsg-4.1 SQL injection
DSA-1093 xine Arbitrary code execution
DSA-1094 gforge Cross-site scripting
DSA-1095 freetype Several vulnerabilities
DSA-1096 webcalendar Arbitrary code execution
DSA-1097 kernel-source-2.4.27 Several vulnerabilities
DSA-1098 horde3 Cross-site scripting
DSA-1099 horde2 Cross-site scripting
DSA-1100 wv2 Integer overflow
DSA-1101 courier Denial of service
DSA-1102 pinball Privilege escalation
DSA-1103 kernel-source-2.6.8 Several vulnerabilities
DSA-1104 openoffice.org Several vulnerabilities
DSA-1105 xine-lib Denial of service
DSA-1106 ppp Privilege escalation
DSA-1107 gnupg Denial of service
DSA-1108 mutt Arbitrary code execution
DSA-1109 rssh Privilege escalation
DSA-1110 samba Denial of service
DSA-1111 kernel-source-2.6.8 Privilege escalation
DSA-1112 mysql-dfsg-4.1 Several vulnerabilities
DSA-1113 zope2.7 Information disclosure
DSA-1114 hashcash Arbitrary code execution
DSA-1115 gnupg2 Denial of service
DSA-1116 gimp Arbitrary code execution
DSA-1117 libgd2 Denial of service
DSA-1118 mozilla Several vulnerabilities
DSA-1119 hiki Denial of service
DSA-1120 mozilla-firefox Several vulnerabilities
DSA-1121 postgrey Denial of service
DSA-1122 libnet-server-perl Denial of service
DSA-1123 libdumb Arbitrary code execution
DSA-1124 fbi Potential deletion of user data
DSA-1125 drupal Cross-site scripting
DSA-1126 asterisk Denial of service
DSA-1127 ethereal Several vulnerabilities
DSA-1128 heartbeat Local denial of service
DSA-1129 osiris Arbitrary code execution
DSA-1130 sitebar Cross-site scripting
DSA-1131 apache Arbitrary code execution
DSA-1132 apache2 Arbitrary code execution
DSA-1133 mantis Cross-site scripting
DSA-1134 mozilla-thunderbird Several vulnerabilities
DSA-1135 libtunepimp Arbitrary code execution
DSA-1136 gpdf Denial of service
DSA-1137 tiff Several vulnerabilities
DSA-1138 cfs Denial of service
DSA-1139 ruby1.6 Privilege escalation
DSA-1140 gnupg Denial of service
DSA-1141 gnupg2 Denial of service
DSA-1142 freeciv Arbitrary code execution
DSA-1143 dhcp Denial of service
DSA-1144 chmlib Denial of service
DSA-1145 freeradius Several vulnerabilities
DSA-1146 krb5 Privilege escalation
DSA-1147 drupal Cross-site scripting
DSA-1148 gallery Several vulnerabilities
DSA-1149 ncompress Potential code execution
DSA-1150 shadow Privilege escalation
DSA-1151 heartbeat Denial of service
DSA-1153 clamav Arbitrary code execution
DSA-1154 squirrelmail Information disclosure
DSA-1155 sendmail Denial of service
DSA-1159 mozilla-thunderbird Several vulnerabilities

A complete list of all accepted and rejected packages together with rationale is on the preparation page for this revision:

http://release.debian.org/stable/3.1/3.1r3/
URLs

The complete lists of packages that have changed with this release:

http://ftp.debian.org/debian/dists/sarge/ChangeLog

The current stable distribution:
http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates/

Stable distribution information (release notes, errata, etc.):
http://www.debian.org/releases/stable/

Security announcements and information:
http://security.debian.org/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at http://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.