Debian Project updates its Linux distribution

Dozens of patches have been released for Debian/GNU Linux 3.1 in the first major update of the free OS since it was released in June.

Dozens of patches have been released for Debian/GNU Linux in the first major update to version 3.1 of the free OS since it was released in June.

The fixes, for the OS release code-named "sarge," are a mix of security updates and corrections to "serious problems," according to an advisory Tuesday on the Debian Web site. A list of the 172 fixes is at http://www.debian.org/News/2005/20051220.

Users do not have to discard their 3.1 CDs but update the installation at ftp.debian.org, according to the posting.

Remedies fix programs such as Mozilla Foundation's Firefox browser. That patch corrects a vulnerability that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird, Mozilla's desktop e-mail client, isn't affected, and Galeon, a native Gnome browser, will automatically be fixed since it uses Mozilla components, according to the posting.

Another patch fixes the Apache Web server. Remote attackers could "poison" the Web cache when it is acting as an HTTP proxy, bypass a firewall and perform a cross-scripting attack that causes Apache to incorrectly handle and forward the request, the patch notes said.

Several other commercial Linux distributions are based on Debian, including Ubuntu Linux and Componentized Linux.

Join the newsletter!

Error: Please check your email address.

More about ApacheDebianMozillaMozilla Foundation

Show Comments