Dozens of patches have been released for Debian/GNU Linux in the first major update to version 3.1 of the free OS since it was released in June.
The fixes, for the OS release code-named "sarge," are a mix of security updates and corrections to "serious problems," according to an advisory Tuesday on the Debian Web site. A list of the 172 fixes is at http://www.debian.org/News/2005/20051220.
Users do not have to discard their 3.1 CDs but update the installation at ftp.debian.org, according to the posting.
Another patch fixes the Apache Web server. Remote attackers could "poison" the Web cache when it is acting as an HTTP proxy, bypass a firewall and perform a cross-scripting attack that causes Apache to incorrectly handle and forward the request, the patch notes said.
Several other commercial Linux distributions are based on Debian, including Ubuntu Linux and Componentized Linux.