Archive for category Releases

Debian GNU/Linux 5.0 updated

Posted by on Monday, 13 April, 2009

——————————

——————————————-
The Debian Project http://www.debian.org/
Debian GNU/Linux 5.0 updated press@debian.org
April 11th, 2009 http://www.debian.org/News/2009/20090411
————————————————————————-

Debian GNU/Linux 5.0 updated

The Debian project is pleased to announce the first update of its stable
distribution Debian GNU/Linux 5.0 (codename “lenny”). This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included. There is
no need to throw away 5.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

<http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes
———————-

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

Package Reason

barnowl Fix for CVE-2009-0363 (through testing-security)
base-files Fix a typo to remove “base” correctly
bind9 Fix atomic operations on alpha and ia64
brltty Upload with fixed version number
consolekit Various fixes
fai Fix typo which prevents perl scripts to work
firmware-nonfree Kernel ABI change
flpsed Fix dependency on ghostscript-x
gdm Fix a double free
gthumb Fix copying loop
gtick Add dependency on oss-compat
gtk+2.0 Fix infinite loop caused by setting color scheme
gtkguitune Add dependency on oss-compat
heartbeat Fix failover and message corruption
imagemagick Replace non-free fonts
irqbalance Do not crash on bogus /proc/irq entries
kvm Fix hang on reboot with virtio
libbz2-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libcgi-application-plugins-perl Fix information leak
libeb-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libfilesystem-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libfusefs-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libkakasi-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libodbc-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libopengl-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
librevolution-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libvorbisfile-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
libwrap-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
linux-2.6 Several issues
linux-kernel-di-alpha-2.6 New kernel for debian-installer
linux-kernel-di-amd64-2.6 New kernel for debian-installer
linux-kernel-di-arm-2.6 Add minix-modules to orion5x kernel flavour
linux-kernel-di-armel-2.6 New kernel for debian-installer
linux-kernel-di-hppa-2.6 New kernel for debian-installer
linux-kernel-di-i386-2.6 New kernel for debian-installer
linux-kernel-di-ia64-2.6 New kernel for debian-installer
linux-kernel-di-mips-2.6 New kernel for debian-installer
linux-kernel-di-mipsel-2.6 New kernel for debian-installer
linux-kernel-di-powerpc-2.6 New kernel for debian-installer
linux-kernel-di-s390-2.6 New kernel for debian-installer
linux-kernel-di-sparc-2.6 New kernel for debian-installer
linux-latest-2.6 Kernel ABI change
linux-modules-contrib-2.6 Rebuild for kernel ABI change
linux-modules-di-alpha-2.6 New kernel modules for debian-installer
linux-modules-di-amd64-2.6 New kernel modules for debian-installer
linux-modules-di-arm-2.6 New kernel modules for debian-installer
linux-modules-di-armel-2.6 New kernel modules for debian-installer
linux-modules-di-hppa-2.6 New kernel modules for debian-installer
linux-modules-di-i386-2.6 New kernel modules for debian-installer
linux-modules-di-ia64-2.6 New kernel modules for debian-installer
linux-modules-di-mips-2.6 New kernel modules for debian-installer
linux-modules-di-mipsel-2.6 New kernel modules for debian-installer
linux-modules-di-powerpc-2.6 New kernel modules for debian-installer
linux-modules-di-s390-2.6 New kernel modules for debian-installer
linux-modules-di-sparc-2.6 New kernel modules for debian-installer
linux-modules-extra-2.6 Rebuild for kernel ABI change
linux-modules-nonfree-2.6 Rebuild for kernel ABI change
live-initramfs Fix media timeout, boot and shutdown issues
lvm2 Fix lvm on multipath in initrd
mediawiki Fix XSS vulnerabilities
mp3gain [i386] Rebuild in a clean environment
mt-daapd Fix crasher in built-in webserver
munin Fix cgi mode
nvidia-graphics-legacy-96xx-modules-amd64 Rebuild for kernel ABI change
nvidia-graphics-legacy-96xx-modules-i386 Rebuild for kernel ABI change
nvidia-graphics-modules-amd64 Rebuild for kernel ABI change
nvidia-graphics-modules-i386 Rebuild for kernel ABI change
oldsys-preseed Add support for the D-Link DNS-323
open-vm-tools Fix builds with other kernels than the running one
openoffice.org Repacked source to remove RFC text file, various bug fixes
optipng Fix array overflow vulnerability
pam Fix signedness error in _pam_StrTok
pcapy Fix memory leak and capturing on lo
pidgin Fix failure while connecting to ICQ servers due to protocol changes
pidgin-otr Provide translation
posixlock [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
postgresql-8.3 New upstream bugfix release
pyusb Fix module for python2.5 on 64 bit arch
qwik [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
root-system Add libsm-dev as Build-Dependency
roundup Fix several vulnerabilities
ruby-v4l [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
samba Fix two bugs of severity important
sary-ruby [armel] Rebuild to put modules in arm-linux instead of arm-linux-eabi
sbnc Fix sbnc.key file location
schroot Build with pthreads explicitly to fix a crash on alpha
smartmontools Fix target not checking for running daemon
snort Fix possible segfault
texlive-extra Blacklist aurora, non-commercial license
toolame Portability fixes
user-mode-linux Rebuild against updated linux-source
xorg-server Work around broken PCI on sparc in lenny’s kernel
xserver-xorg-video-savage Do not add panel modes when there is no panel

New version of debian-installer
——————————-

debian-installer was updated to incorporate the updated Linux kernel
(DSA-1749), to add support for the D-Link DNS-323 (a NAS device) and to
incorporate new archive keys.

Security Updates
—————-

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID Package Correction(s)

DSA-1719 gnutls26 Certificate validation
DSA-1725 websvn Information leak
DSA-1726 python-crypto Denial of service
DSA-1728 dkim-milter Denial of service
DSA-1730 proftpd-dfsg SQL injection vulnerabilities
DSA-1734 opensc Information disclosure
DSA-1735 znc Privilege escalation
DSA-1736 mahara Cross-site scripting
DSA-1737 wesnoth Several vulnerabilities
DSA-1738 curl Arbitrary file access
DSA-1739 mldonkey Double slash vulnerability
DSA-1740 yaws Denial of service
DSA-1741 psi Denial of service
DSA-1742 libsndfile Arbitrary code execution
DSA-1743 libtk-img Arbitrary code execution
DSA-1744 weechat Denial of service
DSA-1745 lcms Arbitrary code execution
DSA-1746 ghostscript Arbitrary code execution
DSA-1747 glib2.0 Arbitrary code execution
DSA-1749 linux-2.6 Several issues
DSA-1750 libpng Several vulnerabilities
DSA-1751 xulrunner Several vulnerabilities
DSA-1752 webcit Potential remote code execution
DSA-1755 systemtap Local privilege escalation
DSA-1756 xulrunner Multiple vulnerabilities
DSA-1757 auth2db SQL injection
DSA-1758 nss-ldapd Information disclosure
DSA-1759 strongswan Possible denial of service
DSA-1760 openswan Possible denial of service


Debian GNU/Linux 4.0 updated

Posted by on Sunday, 12 April, 2009

————————————————————————-
The Debian Project http://www.debian.org/
Debian GNU/Linux 4.0 updated press@debian.org
April 8th, 2009 http://www.debian.org/News/2009/20090408
————————————————————————-

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the eighth update of its
oldstable distribution Debian GNU/Linux 4.0 (codename “etch”). This
update mainly adds corrections for security problems to the oldstable
release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included. There is
no need to throw away 4.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

<http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes
———————-

This oldstable update adds a few important corrections to the following
packages:

Package Reason

libweather-com-perl Adopt to weather.com’s interface changes
optipng Fix array overflow vulnerability
pam Fix signedness error in _pam_StrTok
postgresql-8.1 New upstream bugfix release 8.1.17
sleuthkit Fix license issue
debian-installer Include the updated archive key.
debian-archive-keyring Add new archive key

Security Updates
—————-

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID Package Correction(s)

DSA-1622 newsx Arbitrary code execution
DSA-1712 rt2400 Arbitrary code execution
DSA-1713 rt2500 Arbitrary code execution
DSA-1714 rt2570 Arbitrary code execution
DSA-1716 vnc4 Remote code execution
DSA-1717 devil Buffer overflow
DSA-1718 boinc Validation bypass
DSA-1719 gnutls13 Certificate validation
DSA-1720 typo3-src Several vulnerabilities
DSA-1721 libpam-krb5 Local privilege escalation
DSA-1722 libpam-heimdal Local privilege escalation
DSA-1723 phpmyadmin Arbitrary code execution
DSA-1724 moodle Several vulnerabilities
DSA-1726 python-crypto Denial of service
DSA-1729 gst-plugins-bad0.10 Multiple vulnerabilities
DSA-1731 ndiswrapper Arbitrary code execution vulnerability
DSA-1732 squid3 Denial of service
DSA-1733 vim Multiple vulnerabilities
DSA-1735 znc Privelege escalation
DSA-1737 wesnoth Several vulnerabilities
DSA-1738 curl Arbitrary file access
DSA-1740 yaws Denial of service
DSA-1742 libsndfile Arbitrary code execution
DSA-1743 libtk-img Arbitrary code execution
DSA-1746 gs-gpl Arbitrary code execution
DSA-1747 glib2.0 Arbitrary code execution
DSA-1750 libpng Several vulnerabilities
DSA-1759 strongswan Denial of service
DSA-1760 openswan Denial of service

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<http://release.debian.org/oldstable/4.0/4.0r8/>

URLs
—-

The complete lists of packages that have changed with this revision:

<http://ftp.debian.org/debian/dists/etch/ChangeLog>

The current oldstable distribution:

<http://ftp.debian.org/debian/dists/oldstable>

Proposed updates to the stable distribution:

<http://ftp.debian.org/debian/dists/oldstable-proposed-updates>

oldstable distribution information (release notes, errata etc.):

<http://www.debian.org/releases/oldstable/>

Security announcements and information:

http://www.debian.org/security/

About Debian
————

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating systems Debian GNU/Linux.


Debian GNU/kFreeBSD

Posted by on Saturday, 11 April, 2009

Found at http://wiki.debian.org/Debian_GNU/kFreeBSD_why

Here are the reasons why we think Debian GNU/kFreeBSD could be preferred to other systems such as FreeBSD and Debian GNU/Linux.

They’re not absolute truths, nor do we expect everyone to agree with them. So please don’t engage in an endless discussion trying to convince someone that Debian GNU/kFreeBSD is the best. That kind of things do us more harm than good.

Why would you prefer Debian GNU/kFreeBSD to Debian GNU/Linux?

  • Cleaner or more standard kernel interfaces:
    • Single /dev implementation via devfs, instead of the 3 discordant ways of handling /dev that Linux provides.
    • OSS as the default sound system (i.e. the standard interface supported by almost every Unix-like system around).
    • OpenBSD Packet Filter (pf).
  • Other nice security features, like jails.

  • Support for NDIS drivers in the mainline kernel. On Linux, NdisWrapper is unlikely to make it into the mainline kernel.

  • Possible support for ZFS in the mainline kernel. Due to license and patent issues, ZFS is unlikely to appear on Linux.
  • kFreeBSD offers an alternative in case Linux is branded illegal by the SCO case or other threats. In legal terms, Linux sources are like a minefield. kFreeBSD is much less vulnerable to such attacks because of its less bazaar-like development model.
  • kFreeBSD developers often have more interest in merging new features rather than spawning forks all along (the port to Xbox is a very good example. See the responses from Linus Torvalds and kFreeBSD developers).

  • Some people say that kFreeBSD has better performance and/or stability (especially in disk/filesystem areas).
  • The FreeBSD kernel might support some hardware which Linux does not support and/or the FreeBSD kernel support might be better (less bugs).

Why would you prefer Debian GNU/kFreeBSD to FreeBSD?

  • If you like the Debian package system (or its package set) more than FreeBSD ports (just a matter of preference).
  • If you like GNU userland more than BSDish one (again, just a matter of preference).
  • If you don’t have anything against GPL or other copylefted free software licenses, you’ll appreciate that useful kernel modules like ext2fs driver, the upcoming reiserfs and xfs, or the upcoming ethernet driver for Xbox are (or will be) compiled in on the default kernel.
  • If you’re concerned about running a 100% free system, our commitment to the Debian Free Software Guidelines (DFSG) guarantees that Debian GNU/kFreeBSD doesn’t contain any non-free software. In fact, we have removed some non-free binary-only drivers that are contained in the upstream FreeBSD tree, like the ath driver.

Now I found this very interesing myself as I have used both systems and liked them both. I found debian to be better in respects for configureability via apt, and FreeBSD was equally good with its ports, though time consuming compiling somewhat. FBSD generally i found handled higher loads on production servers better, though to be fair that would be a HUGE serverload and for the most part Linux would do fine.

So if this happens, I would definately be one counted in having a nosey and giving it a go. However I do wonder if it would take off enough, and have enough support behind it to keep it going (and anyone whos in sysadmin hates trying to upgrade something no longer supported!)