14 DAY TRIAL // The developers behind the Debian project announced yesterday the availability of the second update of Debian GNU/Linux 4.0 "Etch".
This is NOT a new version of Debian GNU/Linux 4.0, but only updates some of the packages included. So, don't throw away your 4.0 CDs or DVDs, because it is not the case. You will have to update against ftp.debian.org after an installation, in order to incorporate the latest changes.
The Debian-Installer has been updated to use and support the upgraded kernels included in this release. This brings with it a problem: old netboot and floppy images will stop working, but you can find updated versions of them from the regular locations.
Here are some of the packages that were corrected for Etch's second update:
■ apache2 - Fix of several CVEs ■ apache2-mpm-itk - Rebuild for apache2 rebuilds ■ bonson - Rebuild against lib3ds-dev ■ cdebconf - Fix of several memory leaks ■ debconf - Fix possible hangs during netboot installs ■ dosemu-freedos - Remove unused non-free code ■ enigmail - Fix regression introduced by icedove 1.5.0.10 ■ fai-kernels - Recompile for Linux Kernel rebuilds ■ findutils - Fix locate heap buffer overflow (CVE-2007-2452) ■ flashplugin-nonfree - New upstream release fixes security problems ■ glibc - Fix nscd crash ■ gnome-hearts - Added missing dependency ■ gnome-panel - Fix authentication bypass ■ iceweasel-l10n - Remove roa-es-val translation and updated package description ■ joystick - Bring architectures back in sync ■ linux-latest-2.6 - Rebuild for Linux Kernel rebuild ■ lvm2 - Fix to work correctly with striped lvm1 metadata ■ mpop - Rebuild against etch (i386 only) ■ multipath-tools - Move priority of initscript ■ opal - Fix CVE-2007-4924 ■ openscenegraph - Bring architectures back in sync ■ openvpn - Rebuild against liblzo2 to fix general protection errors. ■ pam - Fix CVE-2005-2977 ■ po4a - Fix CVE-2007-4462 ■ postgresql-8.1 - Fix regression introduced in 8.1.9 ■ pwlib - Fix CVE-2007-4897 ■ pygresql - Fix package on libpq ■ sear - Rebuild against lib3ds-dev ■ tzdata - Recent timezone updates ■ unace - Make program 64bit clean ■ user-mode-linux - Rebuild for Debian Kernel rebuild ■ uswsusp - Fix regression
Also, the developers came up with many security fixes, so your system will be much safer from now on:
■ DSA-1288 - pptpd - Denial of service ■ DSA-1317 - tinymux - Buffer overflow ■ DSA-1319 - maradns - Denial of service ■ DSA-1320 - clamav - Several vulnerabilities ■ DSA-1321 - evolution-data-server - Arbitrary code execution ■ DSA-1322 - wireshark - Denial of service ■ DSA-1323 - krb5 - Several vulnerabilities ■ DSA-1324 - hiki - Missing input sanitizing ■ DSA-1325 - evolution - Arbitrary code execution ■ DSA-1326 - fireflier - Unsafe temporary files ■ DSA-1327 - gsambad - Unsafe temporary files ■ DSA-1328 - unicon - Buffer overflow ■ DSA-1330 - php5 - Arbitrary code execution ■ DSA-1331 - php4 - Arbitrary code execution ■ DSA-1332 - VLC - Arbitrary code execution ■ DSA-1333 - curl - Certificate handling ■ DSA-1335 - GIMP - Arbitrary code execution
You can download Debian 4.0r2 right now from Softpedia!