Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the third update of its
stable distribution Debian GNU/Linux 4.0 (codename etch). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.
The Debian Project
Debian GNU/Linux 4.0 updated
February 17th, 2008

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the third update of its
stable distribution Debian GNU/Linux 4.0 (codename etch). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included. There is
no need to throw away 4.0 CDs or DVDs but only to update against after an installation, in order to incorporate those late

Those who frequently install updates from won't have
to update many packages and most updates from are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively
will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:


Debian-Installer Update

The installer has been updated to use and support the updated kernels
included in this release. This change causes old netboot and floppy images
to stop working; updated versions are available from the regular locations.

This update also includes stability improvements and added support for
SGI O2 machines with 300MHz RM5200SC (Nevada) CPUs that were announced with
the second update, but were not actually included.

Important changes

Updated versions of the bcm43xx-fwcutter package will be distributed via The package itself will be removed from etch with the
next update.

Flashplugin-nonfree has been removed (see below), as this is closed source
and we don't get security support for it. For security reasons, we
recommend to immediately remove any version of flashplugin-nonfree and any
remaining files of the Adobe Flash Player. Tested updates will be made
available via

Miscellaneous Bugfixes

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

Package Reason

apache Fix of several vulnerabilities
apache2 Fix of several vulnerabilities
apache2-mpm-itk Rebuild for apache2 rebuilds
bos Remove non-free content
clamav Remove non-free (and undistributable) unrar-code
cpio Fix malformed creation of ustar archives
denyhosts Fix improper parsing of ssh logfiles
ircproxy Fix denial of service
glibc Fix sunrpc memory leak
gpsd Fix problem with leap years
ipmitool Bring architectures back in sync
kdebase Add support for latest flash plugin
kdelibs Add support for latest flash plugin
kdeutils Prevent unauthorised access when hibernated
libchipcard2 Add missing dependency
linux-2.6 Fix several bugs
loop-aes Updated linux-2.6 kernel
madwifi Fix possible denial of service
net-snmp Fix broken snmpbulkwalk
ngircd Fix possible denial of service
sing Fix privilege escalation
sun-java5 Fix remote program execution
unrar-nonfree Fix arbitrary code execution
viewcvs Fix cvs parsing
xorg-server Fix inline assembler for processors without cpuid

These packages are updated to support the newer kernels:


Security Updates

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these

Advisory ID Package(s) Correction(s)

DSA 1405 zope-cmfplone Arbitrary code execution
DSA 1437 cupsys Several vulnerabilities
DSA 1438 tar Several vulnerabilities
DSA 1439 typo3-src SQL injection.
DSA 1440 inotify-tools Arbitrary code execution
DSA 1441 peercast Arbitrary code execution
DSA 1442 libsndfile Arbitrary code execution
DSA 1443 tcpreen Denial of service
DSA 1444 php5 Several vulnerabilities
DSA 1445 maradns Denial of service
DSA 1446 wireshark Denial of service
DSA 1447 tomcat5.5 Several vulnerabilities
DSA 1448 eggdrop Arbitrary code execution
DSA 1449 loop-aes-utils Programming error
DSA 1450 util-linux Programming error
DSA 1451 mysql-dfsg-5.0 Several vulnerabilities
DSA 1452 wzdftpd Denial of service
DSA 1453 tomcat5 Several vulnerabilities
DSA 1454 freetype Arbitrary code execution
DSA 1455 libarchive Several problems
DSA 1456 fail2ban Denial of service
DSA 1457 dovecot Information disclosure
DSA 1458 openafs Denial of service
DSA 1459 gforge SQL injection
DSA 1460 postgresql-8.1 Several vulnerabilities
DSA 1461 libxml2 Denial of service
DSA 1462 hplip Privilege escalation
DSA 1463 postgresql-7.4 Several vulnerabilities
DSA 1464 syslog-ng Denial of service
DSA 1465 apt-listchanges Arbitrary code execution
DSA 1466 xorg Several vulnerabilities
DSA 1468 tomcat5.5 Several vulnerabilities
DSA 1469 flac Arbitrary code execution
DSA 1470 horde3 Denial of service
DSA 1471 libvorbis Several vulnerabilities
DSA 1472 xine-lib Arbitrary code execution
DSA 1473 scponly Arbitrary code execution
DSA 1474 exiv2 Arbitrary code execution
DSA 1475 gforge Cross site scripting
DSA 1476 pulseaudio Privilege escalation
DSA 1477 yarssr Arbitrary shell command execution
DSA 1478 mysql-dfsg-5.0 Several vulnerabilities
DSA 1479 fai-kernels Several vulnerabilities
DSA 1479 linux-2.6 Several vulnerabilities
DSA 1483 net-snmp Denial of service
DSA 1484 xulrunner Several vulnerabilities

Removed Packages

These packages are removed from the distribution:

Package Reason

bandersnatch Too buggy
flashplugin-nonfree Closed source and no security support
flyspray Too buggy, no support from upstream
ipxripd Incompatibility with the Etch kernel
jags Too buggy
unace-nonfree Broken on big-endian or 64bit-systems

The complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:



The complete lists of packages that have changed with this revision:


The current stable distribution:


Proposed updates to the stable distribution:


Stable distribution information (release notes, errata etc.):


Security announcements and information:


About Debian

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely
free operating systems Debian GNU/Linux.

Contact Information

For further information, please visit the Debian web pages at
<>, send mail to <>, or
contact the stable release team at <>.

– To UNSUBSCRIBE, email to with a subject of “unsubscribe”. Trouble? Contact

No Response to “Debian GNU/Linux 4.0 updated” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.