The Debian project is pleased to announce the eighth and final update of its old stable distribution Debian GNU/Linux 3.1 (codename `sarge’). This update mainly adds corrections for security problems to the oldstable release, along with a few adjustments to serious problems.
Several remote vulnerabilities have been discovered in OpenLDAP, a
free implementation of the Lightweight Directory Access Protocol. The
Common Vulnerabilities and Exposures project identifies the following
problems:
Read the full story: DSA-1541 openldap2.3 - several vulnerabilities: http://www.debian.org/security/2008/dsa-1541
It was discovered that lighttpd, a fast webserver with minimal memory
footprint, didn’t correctly handle SSL errors. This could allow
a remote attacker to disconnect all active SSL connections.
Read the full story: DSA-1540 lighttpd - denial of service: http://www.debian.org/security/2008/dsa-1540