Debian 4.0r2 Released
Submitted by ggarron on Fri, 12/28/2007 - 03:04.
Please post your question in our forum and use comments only to leave your comments about the article, thanks.
Debian has released another security upgrade to the Etch which is now release 2 so Debian Etch is now Debian 4.0r2
These updates are basically security updates, and does not constitute another Debian version, all you need to do is:
apt-get update
apt-get dist-upgrade
and you will be running all security patches, but if you install Debian constantly it is better if you download your Installation CDs again, to avoid big time upgrading over the Internet.
The main security updates are:
| Advisory ID | Package(s) | Correction(s) |
|---|---|---|
| DSA-1288 | pptpd | Denial of service |
| DSA-1317 | tinymux | Buffer overflow |
| DSA-1319 | maradns | Denial of service |
| DSA-1320 | clamav | Several vulnerabilities |
| DSA-1321 | evolution-data-server | Arbitrary code execution |
| DSA-1322 | wireshark | Denial of service |
| DSA-1323 | krb5 | Several vulnerabilities |
| DSA-1324 | hiki | Missing input sanitising |
| DSA-1325 | evolution | Arbitrary code execution |
| DSA-1326 | fireflier | Unsafe temporary files |
| DSA-1327 | gsambad | Unsafe temporary files |
| DSA-1328 | unicon | Buffer overflow |
| DSA-1330 | php5 | Arbitrary code execution |
| DSA-1331 | php4 | Arbitrary code execution |
| DSA-1332 | vlc | Arbitrary code execution |
| DSA-1333 | curl | Certificate handling |
| DSA-1335 | gimp | Arbitrary code execution |
| DSA-1337 | xulrunner | Several vulnerabilities |
| DSA-1338 | iceweasel | Several vulnerabilities |
| DSA-1339 | iceape | Several vulnerabilities |
| DSA-1340 | clamav | Denial of service |
| DSA-1341 | bind9 | DNS cache poisoning |
| DSA-1342 | xfs | Privilege escalation |
| DSA-1343 | file | Arbitrary code execution |
| DSA-1344 | iceweasel | Several vulnerabilities |
| DSA-1345 | xulrunner | Several vulnerabilities |
| DSA-1346 | iceape | Several vulnerabilities |
| DSA-1347 | xpdf | Arbitrary code execution |
| DSA-1348 | poppler | Arbitrary code execution |
| DSA-1351 | bochs | Privilege escalation |
| DSA-1353 | tcpdump | Arbitrary code execution |
| DSA-1355 | kdegraphics | Arbitrary code execution |
| DSA-1356 | Linux | 2.6.18 |
| DSA-1357 | koffice | Arbitrary code execution |
| DSA-1358 | asterisk | Several vulnerabilities |
| DSA-1359 | dovecot | Directory traversal |
| DSA-1360 | rsync | Arbitrary code execution |
| DSA-1361 | postfix-policyd | Arbitrary code execution |
| DSA-1362 | lighttpd | Several vulnerabilities |
| DSA-1363 | Linux | 2.6.18 |
| DSA-1364 | vim | Several vulnerabilities |
| DSA-1365 | id3lib3.8.3 | Denial of service |
| DSA-1366 | clamav | Several vulnerabilities |
| DSA-1367 | krb5 | Arbitrary code execution |
| DSA-1368 | librpcsecgss | Arbitrary code execution |
| DSA-1369 | gforge | SQL injection |
| DSA-1370 | phpmyadmin | Several vulnerabilities |
| DSA-1371 | phpwiki | Several vulnerabilities |
| DSA-1372 | ktorrent | Directory traversal |
| DSA-1372 | xorg-server | Privilege escalation |
| DSA-1374 | jffnms | Several vulnerabilities |
| DSA-1375 | OpenOffice.org | Arbitrary code execution |
| DSA-1376 | kdebase | Authentication bypass |
| DSA-1377 | fetchmail | Denial of service |
| DSA-1378 | Linux | 2.6.18 |
| DSA-1379 | openssl | Arbitrary code execution |
| DSA-1380 | elinks | Information disclosure |
| DSA-1381 | Linux | 2.6.18 |
| DSA-1382 | quagga | Denial of service |
| DSA-1383 | gforge | Cross-site scripting |
| DSA-1384 | xen-utils | Several vulnerabilities |
| DSA-1385 | xfs | Arbitrary code execution |
| DSA-1386 | wesnoth | Denial of service |
| DSA-1387 | librpcsecgss | Arbitrary code execution |
| DSA-1388 | dhcp | Arbitrary code execution |
| DSA-1389 | zoph | SQL injection |
| DSA-1390 | t1lib | Arbitrary code execution |
| DSA-1391 | icedove | Several vulnerabilities |
| DSA-1392 | xulrunner | Several vulnerabilities |
| DSA-1393 | xfce4-terminal | Arbitrary command execution |
| DSA-1394 | reprepro | Authentication bypass |
| DSA-1395 | xen-utils | File truncation |
| DSA-1396 | iceweasel | Several vulnerabilities |
| DSA-1397 | mono | Integer overflow |
| DSA-1398 | perdition | Arbitrary code execution |
| DSA-1400 | perl | Arbitrary code execution |
| DSA-1401 | iceape | Several vulnerabilities |
| DSA-1402 | gforge | Several vulnerabilities |
| DSA-1403 | phpmyadmin | Cross-site scripting |
| DSA-1404 | gallery2 | Privilege escalation |
| DSA-1405 | zope-cmfplone | Arbitrary code execution |
| DSA-1406 | horde3 | Several vulnerabilities |
| DSA-1407 | cupsys | Arbitrary code execution |
| DSA-1408 | kdegraphics | Arbitrary code execution |
| DSA-1409 | samba | Several vulnerabilities |
| DSA-1410 | ruby1.8 | Insecure SSL certificate validation |
| DSA-1412 | ruby1.9 | Insecure SSL certificate validation |
| DSA-1413 | mysql | Several vulnerabilities |
| DSA-1414 | wireshark | Several vulnerabilities |
| DSA-1415 | tk8.4 | Arbitrary code execution |
| DSA-1416 | tk8.3 | Arbitrary code execution |
| DSA-1417 | asterisk | SQL injection |
| DSA-1418 | cacti | SQL injection |
| DSA-1419 | OpenOffice.org | Arbitrary Java code execution |
| DSA-1420 | zabbix | Privilege escalation |
| DSA-1421 | wesnoth | Arbitrary file disclosure |
| DSA-1422 | e2fsprogs | Arbitrary code execution |
| DSA-1423 | sitebar | Several vulnerabilities |
| DSA-1424 | iceweasel | Several vulnerabilities |
| DSA-1425 | xulrunner | Several vulnerabilities |
| DSA-1426 | qt-x11-free | Several vulnerabilities |
| DSA-1427 | samba | Arbitrary code execution |
| DSA-1428 | Linux | 2.6.18 |
| DSA-1429 | htdig | Cross-site scripting |
| DSA-1430 | libnss-ldap | Denial of service |
| DSA-1431 | ruby-gnome2 | Arbitrary code execution |
| DSA-1432 | link-grammar | Arbitrary code execution |
| DSA-1433 | centericq | Arbitrary code execution |
| DSA-1434 | mydns | Denial of service |
| DSA-1435 | clamav | Several vulnerabilities |
| DSA-1436 | Linux | 2.6.18 |
If you want to download the new stable CDs go to this link
Or read the full release note here
Bookmark/Search this post with:
Trackback URL for this post:
http://www.go2linux.org/trackback/399
Bookmarked your post over at Blog Bookmarker.com!
If you like this article, subscribe to our full rss
Please post your question in our forum and use comments only to leave your comments about the article, thanks.
can't you just do apt-get
can't you just do apt-get update and apt-get upgrade?
Debian doesn't do a very good job of describing these incremental releases.
I thought that you could use any Etch install CD and keep using it as long as you update ... and you shouldn't need apt-get dist-upgrade if you're already running Etch -- am I right?
So as long as you do an apt-get update and apt-get upgrade after an install, do you even need this new image at all?
Yes you are right about
Yes you are right about Etch, just with
apt-get update
apt-get upgrade
should be enough, this is not the case with Lenny, where you usually need
apt-get dis-upgrade
to upgrade those packages "kept back", sometimes even that does not work, and Yes with only one CD is enough, unless, your Internet connection is not good enough, that way it is better to get the latest CD, so the first update does not take too long.
Also is it possible just to
Also is it possible just to insert the Update image 4.0r2 and run a command to update the system. Basically I need to do a fresh install and my original DVD's aren't r2, so what I would like to do is install with my DVD's and then update with this DVD. Is that possible and if so how?
Cheers
to answer my own question,
to answer my own question, in case anyone else is in the same situation, insert the DVD then type;
apt-get cdrom add
apt-get dis-upgrade
Cheers
I think you can also use
I think you can also use Jigdo
http://www.debian.org/CD/jigdo-cd/
to update your ISO image.
Guillermo Garron
Post new comment