Posts Tagged debian

Linux Command Line Cheat Sheet – A list of handy commands

Posted by on Tuesday, 16 June, 2009

This is a linux command line reference for common operations.
Examples marked with • are valid/safe to paste without modification into a terminal, so
you may want to keep a terminal window open while reading this so you can cut & paste.
All these commands have been tested both on Fedora and Ubuntu.

Command Description
apropos whatis Show commands pertinent to string. See also threadsafe
man -t man | ps2pdf – > man.pdf make a pdf of a manual page
which command Show full path name of command
time command See how long a command takes
time cat Start stopwatch. Ctrl-d to stop. See also sw
nice info Run a low priority command (The “info” reader in this case)
renice 19 -p $$ Make shell (script) low priority. Use for non interactive tasks
dir navigation
cd – Go to previous directory
cd Go to $HOME directory
(cd dir && command) Go to dir, execute command and return to current dir
pushd . Put current dir on stack so you can popd back to it
alias l=’ls -l –color=auto’ quick dir listing
ls -lrt List files by date. See also newest and find_mm_yyyy
ls /usr/bin | pr -T9 -W$COLUMNS Print in 9 columns to width of terminal
find -name ‘*.[ch]’ | xargs grep -E ‘expr’ Search ‘expr’ in this dir and below. See also findrepo
find -type f -print0 | xargs -r0 grep -F ‘example’ Search all regular files for ‘example’ in this dir and below
find -maxdepth 1 -type f | xargs grep -F ‘example’ Search all regular files for ‘example’ in this dir
find -maxdepth 1 -type d | while read dir; do echo $dir; echo cmd2; done Process each item with multiple commands (in while loop)
find -type f ! -perm -444 Find files not readable by all (useful for web site)
find -type d ! -perm -111 Find dirs not accessible by all (useful for web site)
locate -r ‘file[^/]*\.txt’ Search cached index for names. This re is like glob *file*.txt
look reference Quickly search (sorted) dictionary for prefix
grep –color reference /usr/share/dict/words Highlight occurances of regular expression in dictionary
archives and compression
gpg -c file Encrypt file
gpg file.gpg Decrypt file
tar -c dir/ | bzip2 > dir.tar.bz2 Make compressed archive of dir/
bzip2 -dc dir.tar.bz2 | tar -x Extract archive (use gzip instead of bzip2 for tar.gz files)
tar -c dir/ | gzip | gpg -c | ssh user@remote ‘dd of=dir.tar.gz.gpg’ Make encrypted archive of dir/ on remote machine
find dir/ -name ‘*.txt’ | tar -c –files-from=- | bzip2 > dir_txt.tar.bz2 Make archive of subset of dir/ and below
find dir/ -name ‘*.txt’ | xargs cp -a –target-directory=dir_txt/ –parents Make copy of subset of dir/ and below
( tar -c /dir/to/copy ) | ( cd /where/to/ && tar -x -p ) Copy (with permissions) copy/ dir to /where/to/ dir
( cd /dir/to/copy && tar -c . ) | ( cd /where/to/ && tar -x -p ) Copy (with permissions) contents of copy/ dir to /where/to/
( tar -c /dir/to/copy ) | ssh -C user@remote ‘cd /where/to/ && tar -x -p’ Copy (with permissions) copy/ dir to remote:/where/to/ dir
dd bs=1M if=/dev/sda | gzip | ssh user@remote ‘dd of=sda.gz’ Backup harddisk to remote machine
rsync (Network efficient file copier: Use the –dry-run option for testing)
rsync -P rsync://rsync.server.com/path/to/file file Only get diffs. Do multiple times for troublesome downloads
rsync –bwlimit=1000 fromfile tofile Locally copy with rate limit. It’s like nice for I/O
rsync -az -e ssh –delete ~/public_html/ remote.com:’~/public_html’ Mirror web site (using compression and encryption)
rsync -auz -e ssh remote:/dir/ . && rsync -auz -e ssh . remote:/dir/ Synchronize current directory with remote one
ssh (Secure SHell)
ssh $USER@$HOST command Run command on $HOST as $USER (default command=shell)
ssh -f -Y $USER@$HOSTNAME xeyes Run GUI command on $HOSTNAME as $USER
scp -p -r $USER@$HOST: file dir/ Copy with permissions to $USER’s home directory on $HOST
ssh -g -L 8080:localhost:80 root@$HOST Forward connections to $HOSTNAME:8080 out to $HOST:80
ssh -R 1434:imap:143 root@$HOST Forward connections from $HOST:1434 in to imap:143
wget (multi purpose download tool)
(cd dir/ && wget -nd -pHEKk http://www.pixelbeat.org/cmdline.html) Store local browsable version of a page to the current dir
wget -c http://www.example.com/large.file Continue downloading a partially downloaded file
wget -r -nd -np -l1 -A ‘*.jpg’ http://www.example.com/dir/ Download a set of files to the current directory
wget ftp://remote/file[1-9].iso/ FTP supports globbing directly
wget -q -O- http://www.pixelbeat.org/timeline.html | grep ‘a href’ | head Process output directly
echo ‘wget url’ | at 01:00 Download url at 1AM to current dir
wget –limit-rate=20k url Do a low priority download (limit to 20KB/s in this case)
wget -nv –spider –force-html -i bookmarks.html Check links in a file
wget –mirror http://www.example.com/ Efficiently update a local copy of a site (handy from cron)
networking (Note ifconfig, route, mii-tool, nslookup commands are obsolete)
ethtool eth0 Show status of ethernet interface eth0
ethtool –change eth0 autoneg off speed 100 duplex full Manually set ethernet interface speed
iwconfig eth1 Show status of wireless interface eth1
iwconfig eth1 rate 1Mb/s fixed Manually set wireless interface speed
iwlist scan List wireless networks in range
ip link show List network interfaces
ip link set dev eth0 name wan Rename interface eth0 to wan
ip link set dev eth0 up Bring interface eth0 up (or down)
ip addr show List addresses for interfaces
ip addr add 1.2.3.4/24 brd + dev eth0 Add (or del) ip and mask (255.255.255.0)
ip route show List routing table
ip route add default via 1.2.3.254 Set default gateway to 1.2.3.254
tc qdisc add dev lo root handle 1:0 netem delay 20msec Add 20ms latency to loopback device (for testing)
tc qdisc del dev lo root Remove latency added above
host pixelbeat.org Lookup DNS ip address for name or vice versa
hostname -i Lookup local ip address (equivalent to host `hostname`)
whois pixelbeat.org Lookup whois info for hostname or ip address
netstat -tupl List internet services on a system
netstat -tup List active connections to/from system
windows networking (Note samba is the package that provides all this windows specific networking support)
smbtree Find windows machines. See also findsmb
nmblookup -A 1.2.3.4 Find the windows (netbios) name associated with ip address
smbclient -L windows_box List shares on windows machine or samba server
mount -t smbfs -o fmask=666,guest //windows_box/share /mnt/share Mount a windows share
echo ‘message’ | smbclient -M windows_box Send popup to windows machine (off by default in XP sp2)
text manipulation (Note sed uses stdin and stdout. Newer versions support inplace editing with the -i option)
sed ‘s/string1/string2/g’ Replace string1 with string2
sed ‘s/\(.*\)1/\12/g’ Modify anystring1 to anystring2
sed ‘/ *#/d; /^ *$/d’ Remove comments and blank lines
sed ‘:a; /\\$/N; s/\\\n//; ta’ Concatenate lines with trailing \
sed ‘s/[ \t]*$//’ Remove trailing spaces from lines
sed ‘s/\([`”$\]\)/\\\1/g’ Escape shell metacharacters active within double quotes
seq 10 | sed “s/^/      /; s/ *\(.\{7,\}\)/\1/” Right align numbers
sed -n ‘1000p;1000q Print 1000th line
sed -n ‘10,20p;20q Print lines 10 to 20
sed -n ‘s/.*<title>\(.*\)<\/title>.*/\1/ip;T;q Extract title from HTML web page
sed -i 42d ~/.ssh/known_hosts Delete a particular line
sort -t. -k1,1n -k2,2n -k3,3n -k4,4n Sort IPV4 ip addresses
echo ‘Test’ | tr ‘[:lower:]’ ‘[:upper:]’ Case conversion
tr -dc ‘[:print:]’ < /dev/urandom Filter non printable characters
history | wc -l Count lines
set operations (Note you can export LANG=C for speed. Also these assume no duplicate lines within a file)
sort file1 file2 | uniq Union of unsorted files
sort file1 file2 | uniq -d Intersection of unsorted files
sort file1 file1 file2 | uniq -u Difference of unsorted files
sort file1 file2 | uniq -u Symmetric Difference of unsorted files
join -a1 -a2 file1 file2 Union of sorted files
join file1 file2 Intersection of sorted files
join -v2 file1 file2 Difference of sorted files
join -v1 -v2 file1 file2 Symmetric Difference of sorted files
math
echo ‘(1 + sqrt(5))/2’ | bc -l Quick math (Calculate φ). See also bc
echo ‘pad=20; min=64; (100*10^6)/((pad+min)*8)’ | bc More complex (int) e.g. This shows max FastE packet rate
echo ‘pad=20; min=64; print (100E6)/((pad+min)*8)’ | python Python handles scientific notation
echo ‘pad=20; plot [64:1518] (100*10**6)/((pad+x)*8)’ | gnuplot -persist Plot FastE packet rate vs packet size
echo ‘obase=16; ibase=10; 64206’ | bc Base conversion (decimal to hexadecimal)
echo $((0x2dec)) Base conversion (hex to dec) ((shell arithmetic expansion))
units -t ‘100m/9.69s’ ‘miles/hour’ Unit conversion (metric to imperial)
units -t ‘500GB’ ‘GiB’ Unit conversion (SI to IEC prefixes)
units -t ‘1 googol’ Definition lookup
seq 100 | (tr ‘\n’ +; echo 0) | bc Add a column of numbers. See also add and funcpy
calendar
cal -3 Display a calendar
cal 9 1752 Display a calendar for a particular month year
date -d fri What date is it this friday. See also day
[ $(date -d “tomorrow” +%d) = “01” ] || exit exit a script unless it’s the last day of the month
date –date=’25 Dec’ +%A What day does xmas fall on, this year
date –date=’@2147483647′ Convert seconds since the epoch (1970-01-01 UTC) to date
TZ=’:America/Los_Angeles’ date What time is it on West coast of US (use tzselect to find TZ)
echo “mail -s ‘get the train’ P@draigBrady.com < /dev/null” | at 17:45 Email reminder
echo “DISPLAY=$DISPLAY xmessage cooker” | at “NOW + 30 minutes” Popup reminder
locales
printf “%’d\n” 1234 Print number with thousands grouping appropriate to locale
BLOCK_SIZE=\’1 ls -l get ls to do thousands grouping appropriate to locale
echo “I live in `locale territory`” Extract info from locale database
LANG=en_IE.utf8 locale int_prefix Lookup locale info for specific country. See also ccodes
locale | cut -d= -f1 | xargs locale -kc | less List fields available in locale database
recode (Obsoletes iconv, dos2unix, unix2dos)
recode -l | less Show available conversions (aliases on each line)
recode windows-1252.. file_to_change.txt Windows “ansi” to local charset (auto does CRLF conversion)
recode utf-8/CRLF.. file_to_change.txt Windows utf8 to local charset
recode iso-8859-15..utf8 file_to_change.txt Latin9 (western europe) to utf8
recode ../b64 < file.txt > file.b64 Base64 encode
recode /qp.. < file.txt > file.qp Quoted printable decode
recode ..HTML < file.txt > file.html Text to HTML
recode -lf windows-1252 | grep euro Lookup table of characters
echo -n 0x80 | recode latin-9/x1..dump Show what a code represents in latin-9 charmap
echo -n 0x20AC | recode ucs-2/x2..latin-9/x Show latin-9 encoding
echo -n 0x20AC | recode ucs-2/x2..utf-8/x Show utf-8 encoding
CDs
gzip < /dev/cdrom > cdrom.iso.gz Save copy of data cdrom
mkisofs -V LABEL -r dir | gzip > cdrom.iso.gz Create cdrom image from contents of dir
mount -o loop cdrom.iso /mnt/dir Mount the cdrom image at /mnt/dir (read only)
cdrecord -v dev=/dev/cdrom blank=fast Clear a CDRW
gzip -dc cdrom.iso.gz | cdrecord -v dev=/dev/cdrom – Burn cdrom image (use dev=ATAPI -scanbus to confirm dev)
cdparanoia -B Rip audio tracks from CD to wav files in current dir
cdrecord -v dev=/dev/cdrom -audio *.wav Make audio CD from all wavs in current dir (see also cdrdao)
oggenc –tracknum=’track’ track.cdda.wav -o ‘track.ogg’ Make ogg file from wav file
disk space (See also FSlint)
ls -lSr Show files by size, biggest last
du -s * | sort -k1,1rn | head Show top disk users in current dir. See also dutop
df -h Show free space on mounted filesystems
df -i Show free inodes on mounted filesystems
fdisk -l Show disks partitions sizes and types (run as root)
rpm -q -a –qf ‘%10{SIZE}\t%{NAME}\n’ | sort -k1,1n List all packages by installed size (Bytes) on rpm distros
dpkg-query -W -f=’${Installed-Size;10}\t${Package}\n’ | sort -k1,1n List all packages by installed size (KBytes) on deb distros
dd bs=1 seek=2TB if=/dev/null of=ext3.test Create a large test file (taking no space). See also truncate
> file truncate data of file or create an empty file
monitoring/debugging
tail -f /var/log/messages Monitor messages in a log file
strace -c ls >/dev/null Summarise/profile system calls made by command
strace -f -e open ls >/dev/null List system calls made by command
ltrace -f -e getenv ls >/dev/null List library calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22 Show network traffic except ssh. See also tcpdump_not_me
ps -e -o pid,args –forest List processes in a hierarchy
ps -e -o pcpu,cpu,nice,state,cputime,args –sort pcpu | sed ‘/^ 0.0 /d’ List processes by % cpu usage
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS List processes by mem usage. See also ps_mem.py
ps -C firefox-bin -L -o pid,tid,pcpu,state List all threads for a particular process
ps -p 1,2 List info for particular process IDs
last reboot Show system reboot history
free -m Show amount of (remaining) RAM (-m displays in MB)
watch -n.1 ‘cat /proc/interrupts’ Watch changeable data continuously
system information (see also sysinfo) (‘#’ means root access is required)
uname -a Show kernel version and system architecture
head -n1 /etc/issue Show name and version of distribution
cat /proc/partitions Show all partitions registered on the system
grep MemTotal /proc/meminfo Show RAM total seen by the system
grep “model name” /proc/cpuinfo Show CPU(s) info
lspci -tv Show PCI info
lsusb -tv Show USB info
mount | column -t List mounted filesystems on the system (and align output)
grep -F capacity: /proc/acpi/battery/BAT0/info Show state of cells in laptop battery
# dmidecode -q | less Display SMBIOS/DMI information
# smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
# hdparm -i /dev/sda Show info about disk sda
# hdparm -tT /dev/sda Do a read speed test on disk sda
# badblocks -s /dev/sda Test for unreadable blocks on disk sda
interactive (see also linux keyboard shortcuts)
readline Line editor used by bash, python, bc, gnuplot, …
screen Virtual terminals with detach capability, …
mc Powerful file manager that can browse rpm, tar, ftp, ssh, …
gnuplot Interactive/scriptable graphing
links Web browser
xdg-open http://www.pixelbeat.org/ open a file or url with the registered desktop application
miscellaneous
alias hd=’od -Ax -tx1z -v’ Handy hexdump. (usage e.g.: • hd /proc/self/cmdline | less)
alias realpath=’readlink -f’ Canonicalize path. (usage e.g.: • realpath ~/../$USER)
set | grep $USER Search current environment
touch -c -t 0304050607 file Set file timestamp (YYMMDDhhmm)
python -m SimpleHTTPServer Serve current directory tree at http://$HOSTNAME:8000/

Debian GNU/Linux 5.0 updated

Posted by on Monday, 13 April, 2009

——————————

——————————————-
The Debian Project                                 http://www.debian.org/
Debian GNU/Linux 5.0 updated                             press@debian.org
April 11th, 2009                 http://www.debian.org/News/2009/20090411
————————————————————————-

Debian GNU/Linux 5.0 updated

The Debian project is pleased to announce the first update of its stable
distribution Debian GNU/Linux 5.0 (codename “lenny”).  This update mainly
adds corrections for security problems to the stable release, along with
a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 5.0 but only updates some of the packages included.  There is
no need to throw away 5.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

<http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes
———————-

This stable update adds several binary updates for various architectures
to packages whose version was not synchronised across all architectures.
It also adds a few important corrections to the following packages:

Package                                      Reason

barnowl                                      Fix for CVE-2009-0363 (through testing-security)
base-files                                   Fix a typo to remove “base” correctly
bind9                                        Fix atomic operations on alpha and ia64
brltty                                       Upload with fixed version number
consolekit                                   Various fixes
fai                                          Fix typo which prevents perl scripts to work
firmware-nonfree                             Kernel ABI change
flpsed                                       Fix dependency on ghostscript-x
gdm                                          Fix a double free
gthumb                                       Fix copying loop
gtick                                        Add dependency on oss-compat
gtk+2.0                                      Fix infinite loop caused by setting color scheme
gtkguitune                                   Add dependency on oss-compat
heartbeat                                    Fix failover and message corruption
imagemagick                                  Replace non-free fonts
irqbalance                                   Do not crash on bogus /proc/irq entries
kvm                                          Fix hang on reboot with virtio
libbz2-ruby [armel]                          Rebuild to put modules in arm-linux instead of arm-linux-eabi
libcgi-application-plugins-perl              Fix information leak
libeb-ruby [armel]                           Rebuild to put modules in arm-linux instead of arm-linux-eabi
libfilesystem-ruby [armel]                   Rebuild to put modules in arm-linux instead of arm-linux-eabi
libfusefs-ruby [armel]                       Rebuild to put modules in arm-linux instead of arm-linux-eabi
libkakasi-ruby [armel]                       Rebuild to put modules in arm-linux instead of arm-linux-eabi
libodbc-ruby [armel]                         Rebuild to put modules in arm-linux instead of arm-linux-eabi
libopengl-ruby [armel]                       Rebuild to put modules in arm-linux instead of arm-linux-eabi
librevolution-ruby [armel]                   Rebuild to put modules in arm-linux instead of arm-linux-eabi
libvorbisfile-ruby [armel]                   Rebuild to put modules in arm-linux instead of arm-linux-eabi
libwrap-ruby [armel]                         Rebuild to put modules in arm-linux instead of arm-linux-eabi
linux-2.6                                    Several issues
linux-kernel-di-alpha-2.6                    New kernel for debian-installer
linux-kernel-di-amd64-2.6                    New kernel for debian-installer
linux-kernel-di-arm-2.6                      Add minix-modules to orion5x kernel flavour
linux-kernel-di-armel-2.6                    New kernel for debian-installer
linux-kernel-di-hppa-2.6                     New kernel for debian-installer
linux-kernel-di-i386-2.6                     New kernel for debian-installer
linux-kernel-di-ia64-2.6                     New kernel for debian-installer
linux-kernel-di-mips-2.6                     New kernel for debian-installer
linux-kernel-di-mipsel-2.6                   New kernel for debian-installer
linux-kernel-di-powerpc-2.6                  New kernel for debian-installer
linux-kernel-di-s390-2.6                     New kernel for debian-installer
linux-kernel-di-sparc-2.6                    New kernel for debian-installer
linux-latest-2.6                             Kernel ABI change
linux-modules-contrib-2.6                    Rebuild for kernel ABI change
linux-modules-di-alpha-2.6                   New kernel modules for debian-installer
linux-modules-di-amd64-2.6                   New kernel modules for debian-installer
linux-modules-di-arm-2.6                     New kernel modules for debian-installer
linux-modules-di-armel-2.6                   New kernel modules for debian-installer
linux-modules-di-hppa-2.6                    New kernel modules for debian-installer
linux-modules-di-i386-2.6                    New kernel modules for debian-installer
linux-modules-di-ia64-2.6                    New kernel modules for debian-installer
linux-modules-di-mips-2.6                    New kernel modules for debian-installer
linux-modules-di-mipsel-2.6                  New kernel modules for debian-installer
linux-modules-di-powerpc-2.6                 New kernel modules for debian-installer
linux-modules-di-s390-2.6                    New kernel modules for debian-installer
linux-modules-di-sparc-2.6                   New kernel modules for debian-installer
linux-modules-extra-2.6                      Rebuild for kernel ABI change
linux-modules-nonfree-2.6                    Rebuild for kernel ABI change
live-initramfs                               Fix media timeout, boot and shutdown issues
lvm2                                         Fix lvm on multipath in initrd
mediawiki                                    Fix XSS vulnerabilities
mp3gain [i386]                               Rebuild in a clean environment
mt-daapd                                     Fix crasher in built-in webserver
munin                                        Fix cgi mode
nvidia-graphics-legacy-96xx-modules-amd64    Rebuild for kernel ABI change
nvidia-graphics-legacy-96xx-modules-i386     Rebuild for kernel ABI change
nvidia-graphics-modules-amd64                Rebuild for kernel ABI change
nvidia-graphics-modules-i386                 Rebuild for kernel ABI change
oldsys-preseed                               Add support for the D-Link DNS-323
open-vm-tools                                Fix builds with other kernels than the running one
openoffice.org Repacked source to remove RFC text file, various bug fixes
optipng                                      Fix array overflow vulnerability
pam                                          Fix signedness error in _pam_StrTok
pcapy                                        Fix memory leak and capturing on lo
pidgin                                       Fix failure while connecting to ICQ servers due to protocol changes
pidgin-otr                                   Provide translation
posixlock [armel]                            Rebuild to put modules in arm-linux instead of arm-linux-eabi
postgresql-8.3                               New upstream bugfix release
pyusb                                        Fix module for python2.5 on 64 bit arch
qwik [armel]                                 Rebuild to put modules in arm-linux instead of arm-linux-eabi
root-system                                  Add libsm-dev as Build-Dependency
roundup                                      Fix several vulnerabilities
ruby-v4l [armel]                             Rebuild to put modules in arm-linux instead of arm-linux-eabi
samba                                        Fix two bugs of severity important
sary-ruby [armel]                            Rebuild to put modules in arm-linux instead of arm-linux-eabi
sbnc                                         Fix sbnc.key file location
schroot                                      Build with pthreads explicitly to fix a crash on alpha
smartmontools                                Fix target not checking for running daemon
snort                                        Fix possible segfault
texlive-extra                                Blacklist aurora, non-commercial license
toolame                                      Portability fixes
user-mode-linux                              Rebuild against updated linux-source
xorg-server                                  Work around broken PCI on sparc in lenny’s kernel
xserver-xorg-video-savage                    Do not add panel modes when there is no panel

New version of debian-installer
——————————-

debian-installer was updated to incorporate the updated Linux kernel
(DSA-1749), to add support for the D-Link DNS-323 (a NAS device) and to
incorporate new archive keys.

Security Updates
—————-

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID    Package                 Correction(s)

DSA-1719       gnutls26                Certificate validation
DSA-1725       websvn                  Information leak
DSA-1726       python-crypto           Denial of service
DSA-1728       dkim-milter             Denial of service
DSA-1730       proftpd-dfsg            SQL injection vulnerabilities
DSA-1734       opensc                  Information disclosure
DSA-1735       znc                     Privilege escalation
DSA-1736       mahara                  Cross-site scripting
DSA-1737       wesnoth                 Several vulnerabilities
DSA-1738       curl                    Arbitrary file access
DSA-1739       mldonkey                Double slash vulnerability
DSA-1740       yaws                    Denial of service
DSA-1741       psi                     Denial of service
DSA-1742       libsndfile              Arbitrary code execution
DSA-1743       libtk-img               Arbitrary code execution
DSA-1744       weechat                 Denial of service
DSA-1745       lcms                    Arbitrary code execution
DSA-1746       ghostscript             Arbitrary code execution
DSA-1747       glib2.0                 Arbitrary code execution
DSA-1749       linux-2.6               Several issues
DSA-1750       libpng                  Several vulnerabilities
DSA-1751       xulrunner               Several vulnerabilities
DSA-1752       webcit                  Potential remote code execution
DSA-1755       systemtap               Local privilege escalation
DSA-1756       xulrunner               Multiple vulnerabilities
DSA-1757       auth2db                 SQL injection
DSA-1758       nss-ldapd               Information disclosure
DSA-1759       strongswan              Possible denial of service
DSA-1760       openswan                Possible denial of service


Debian GNU/Linux 4.0 updated

Posted by on Sunday, 12 April, 2009

————————————————————————-
The Debian Project                                 http://www.debian.org/
Debian GNU/Linux 4.0 updated                             press@debian.org
April 8th, 2009                  http://www.debian.org/News/2009/20090408
————————————————————————-

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the eighth update of its
oldstable distribution Debian GNU/Linux 4.0 (codename “etch”).  This
update mainly adds corrections for security problems to the oldstable
release, along with a few adjustment to serious problems.

Please note that this update does not constitute a new version of Debian
GNU/Linux 4.0 but only updates some of the packages included.  There is
no need to throw away 4.0 CDs or DVDs but only to update via an up-to-
date Debian mirror after an installation, to cause any out of date
packages to be updated.

Those who frequently install updates from security.debian.org won’t have
to update many packages and most updates from security.debian.org are
included in this update.

New CD and DVD images containing updated packages and the regular
installation media accompanied with the package archive respectively will
be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors.  A comprehensive list of
mirrors is available at:

<http://www.debian.org/distrib/ftplist>

Miscellaneous Bugfixes
———————-

This oldstable update adds a few important corrections to the following
packages:

Package                        Reason

libweather-com-perl         Adopt to weather.com’s interface changes
optipng                     Fix array overflow vulnerability
pam                         Fix signedness error in _pam_StrTok
postgresql-8.1              New upstream bugfix release 8.1.17
sleuthkit                   Fix license issue
debian-installer            Include the updated archive key.
debian-archive-keyring    Add new archive key

Security Updates
—————-

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

Advisory ID    Package                 Correction(s)

DSA-1622       newsx                   Arbitrary code execution
DSA-1712       rt2400                  Arbitrary code execution
DSA-1713       rt2500                  Arbitrary code execution
DSA-1714       rt2570                  Arbitrary code execution
DSA-1716       vnc4                    Remote code execution
DSA-1717       devil                   Buffer overflow
DSA-1718       boinc                   Validation bypass
DSA-1719       gnutls13                Certificate validation
DSA-1720       typo3-src               Several vulnerabilities
DSA-1721       libpam-krb5             Local privilege escalation
DSA-1722       libpam-heimdal          Local privilege escalation
DSA-1723       phpmyadmin              Arbitrary code execution
DSA-1724       moodle                  Several vulnerabilities
DSA-1726       python-crypto           Denial of service
DSA-1729       gst-plugins-bad0.10     Multiple vulnerabilities
DSA-1731       ndiswrapper             Arbitrary code execution vulnerability
DSA-1732       squid3                  Denial of service
DSA-1733       vim                     Multiple vulnerabilities
DSA-1735       znc                     Privelege escalation
DSA-1737       wesnoth                 Several vulnerabilities
DSA-1738       curl                    Arbitrary file access
DSA-1740       yaws                    Denial of service
DSA-1742       libsndfile              Arbitrary code execution
DSA-1743       libtk-img               Arbitrary code execution
DSA-1746       gs-gpl                  Arbitrary code execution
DSA-1747       glib2.0                 Arbitrary code execution
DSA-1750       libpng                  Several vulnerabilities
DSA-1759       strongswan              Denial of service
DSA-1760       openswan                Denial of service

A complete list of all accepted and rejected packages together with
rationale is on the preparation page for this revision:

<http://release.debian.org/oldstable/4.0/4.0r8/>

URLs
—-

The complete lists of packages that have changed with this revision:

<http://ftp.debian.org/debian/dists/etch/ChangeLog>

The current oldstable distribution:

<http://ftp.debian.org/debian/dists/oldstable>

Proposed updates to the stable distribution:

<http://ftp.debian.org/debian/dists/oldstable-proposed-updates>

oldstable distribution information (release notes, errata etc.):

<http://www.debian.org/releases/oldstable/>

Security announcements and information:

http://www.debian.org/security/

About Debian
————

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating systems Debian GNU/Linux.