Debian 8 更新:8.8 發佈
2017年05月06日
Debian 項目很高興地宣佈 Debian 8 穩定版本的第八次更新(代號 jessie
)。此更新主要向穩定版本中添加了補丁以修復安全問題,以及為一些嚴重問題所做的調整。安全建議已經單獨出版,並會在適當的情況下予以引用。
請注意,此更新並不是 Debian 8 的新版本,其僅更新了所包含的一些套件。沒有必要丟棄舊的 jessie
CD 或 DVD,只需在安裝後使用最新的 Debian 映射站台更新舊的套件即可。
經常從 security.debian.org 安裝更新的用户將不必更新許多套件,並且此更新中包含了 security.debian.org 的大多數更新。
包含更新包的新安裝媒體和 CD/DVD 映像即將於通常處提供。
透過將 aptitude(或 apt)包工具(請參閲 sources.list(5) 手冊頁)指向 Debian 的許多 FTP 或 HTTP 映射站台之一,通常可以進行此修訂。全面的映射站台列表可在以下網址獲得:
雜項錯誤修正
此穩定版更新為以下套件添加了一些重要修正:
| 包 | 原因 |
|---|---|
| activemq | Fix DoS in activemq-core via shutdown command [CVE-2015-7559] |
| apf-firewall | 添加對核心 >= 3.X 的兼容 |
| apt-xapian-index | 移除對 update-python-modules 的調用 |
| base-files | 為更新發布升級 |
| binutils | Apply patch from upstream to fix gold on arm64 |
| ca-certificates | Update-ca-certificates: update local certificates directory when calling --fresh; support running without hooks |
| commons-daemon | 修復 ppc64el 支持 |
| crafty | 不生成 CPU 特定代碼 |
| debian-edu-doc | 更新翻譯 |
| debian-installer | 為更新發布重編譯 |
| debian-installer-netboot-images | 為更新發布重編譯 |
| dropbear | Fix command restriction bypass in authorized_keys [CVE-2016-3116], format string injection [CVE-2016-7406] and arbitrary code execution issues [CVE-2016-7407 CVE-2016-7408] |
| erlang | Fix heap overflow vulnerability in regular expression parsing [CVE-2016-10253] |
| glibc | 修正 PowerPC sqrt 不準確 |
| gnome-media | 添加缺失的 Breaks: gnome-media-common, libgnome-media-dev, libgnome-media0 以匹配 Replaces |
| gnome-screenshot | 使用破折號作為時間格式分隔符 |
| gnome-settings-daemon | 使用破折號作為時間格式分隔符 |
| gnutls28 | Fix truncation issue in PKCS#12 password encoding; fix double free in certificate information printing [CVE-2017-5334]; fix memory leak in server side error path; fix memory leaks and an infinite loop in OpenPGP certificate parsing [CVE-2017-5335 CVE-2017-5336 CVE-2017-5337]; fix integer overflow in OpenPGP certificate parsing [CVE-2017-7869]; fix read past the end of buffer in OpenPGP certificate parsing; fix crashes in OpenPGP certificate parsing, related to private key parsing [GNUTLS-SA-2017-3B]; fix possible OOM in OpenPGP certificate parsing [GNUTLS-SA-2017-3C] |
| groovy | 修正透過構造序列化對象遠程代碼執行的漏洞 [CVE-2016-6814] |
| groovy2 | 修正透過構造序列化對象遠程代碼執行的漏洞 [CVE-2016-6814] |
| guile-2.0 | Fix REPL server vulnerability [CVE-2016-8606], mkdir umask-related vulnerability [CVE-2016-8605] |
| initramfs-tools | Include drivers for all keyboards when MODULES=dep; include most USB host drivers and all bus driver modules; remove code that prunes 'broken' symlinks and sometimes /etc/mtab; add all I2C bus and mux drivers when MODULES=most; stop force-loading drivers found through sysfs when MODULES=dep |
| installation-guide | Fix instructions for creating syslinux.cfg to work with syslinux 5 |
| irqbalance | Only warn once for affinity hint subset empty irqs |
| kup | Backport changes needed to work with kernel.org in future |
| libdatetime-timezone-perl | 數據更新至 2017b |
| libindicate | libindicate-gtk3-dev:依賴於 libindicate-gtk3-3 而不是 libindicate-gtk3 |
| libmateweather | 將 Rangoon 時區重命名為 Yangon(根據 tzdata 2016g 更改) |
| libvirt | 改善 qemu v2.6+ 兼容性 |
| libvorbisidec | 添加 libogg-dev 依賴到 libvorbisidec-dev |
| libxslt | 為 xsltAddTextString 檢查整數溢出 [CVE-2017-5029] |
| linux | Update to new stable release 3.16.43; mm/huge_memory.c: fix up mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thpbackport |
| logback | Don't deserialize data from untrusted sockets [CVE-2017-5929] |
| lxc | Ensure target netns is caller-owned [CVE-2017-5985] |
| minicom | 修正 vt100.c 裏的超限寫入 [CVE-2017-7467] |
| modsecurity-crs | 修正 modsecurity_crs_16_session_hijacking.conf 中的拼寫錯誤 |
| mongodb | 修正 .dbshell 的權限 [CVE-2016-6494];redact key and nonce from auth attempt logs |
| ndisc6 | Use upstream default merge hook when resolvconf is not available |
| ndoutils | Postrm purge: 在調用前檢查 ucf 存在 |
| nvidia-graphics-drivers | New upstream version (340.102) containing security fixes [CVE-2017-0309 CVE-2017-0310 CVE-2017-0311 CVE-2017-0318 CVE-2017-0321]; fix module build on Linux 4.10 and newer |
| nvidia-graphics-drivers-legacy-304xx | New upstream version (304.135) containing security fixes [CVE-2017-0309 CVE-2017-0310 CVE-2017-0311 CVE-2017-0318 CVE-2017-0321]; fix module build on Linux 4.10 and newer |
| nvidia-graphics-modules | 用 nvidia-kernel-source 340.102 重編譯 |
| openchange | 修正用 samba 4.2 編譯時的錯誤 |
| openmpi | libopenmpi1.6: Fix two incorrect soname links, Use versioned Conflicts: libopenmpi2 (<< 1.6) to not interfere with upgrades to stretch |
| plv8 | 檢查調用函數的權限 |
| postfix | Fix build failure with Linux 4.x kernels; add delmap to .prerm for all packages that contain map data types exposed through external .so files so that upgrades to stretch (where the associated files have moved) will be functional |
| postgresql-9.4 | 新上游版本 |
| python-cryptography | Fix HKDF issue with small key sizes [CVE-2016-9243]; fix build failure due to SSL2 method detection |
| radare2 | 修正拒絕服務漏洞 [CVE-2017-6197] |
| sane-backends | 修正安全問題 [CVE-2017-6318] |
| sendmail | Only touch files as smmsp:smmsp in /var/run/sendmail/stampdir to avoid possible privilege escalation; use lockfile-create (from lockfile-progs) instead of touch to manage the cronjob lockfiles; sendmail-base: Add Depends: netbase for /etc/services |
| sitesummary | 修正包 pre-removal 命令稿 |
| smemstat | Fix null pointer dereference when UID can't be read |
| spip | Fix multiple cross-site scripting issues, server side request forgery attacks [CVE-2016-7999], directory traversal [CVE-2016-7982], arbitrary code execution [CVE-2016-7998], cross-site request forgery [CVE-2016-7980], cross-site scripting vulnerabilities [CVE-2016-7981 CVE-2016-9997 CVE-2016-9998 CVE-2016-9152] |
| sus | 為 SUSv4 TC2 更新 |
| synergy | 修正當 synergyc 啓動時的崩潰 |
| systemd | Fix boolean properties retrieved via sd-bus on big-endian architectures; systemctl: Add is-enabled support for SysV init scripts; if the start command vanishes during runtime don't hit an assert; if an automount unit is masked, don't react to activation |
| transmissionrpc | 添加缺失的 Python 模塊依賴到 python-six |
| tzdata | Update included data to 2017b; enable partial translations of debconf templates |
| unzip | 修正 unzip [CVE-2014-9913] 和 zipinfo [CVE-2016-9844] 裏的緩衝區溢出 |
| uwsgi | 修正以最近的 glibc 構建失敗問題 |
| vim | Fix buffer overflows when reading corrupted undo files [CVE-2017-6349 CVE-2017-6350] |
| vlc | 新上游版本 |
| webissues-server | postrm purge:在調用前檢查 ucf 存在 |
| wget | 修正 URL 主機部分的 CRLF 注入 [CVE-2017-6508] |
| xmobar | 更新天氣預報 feed URL |
| xshisen | 修正啓動時的頻繁段錯誤 |
| yara | 修正多個安全問題 [CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924] |
安全更新
此修訂版將以下安全更新添加到了穩定版本。安全小組已經分別為這些更新發布了通告:
已刪除的套件
由於我們無法控制的情況,以下套件已被刪除:
| 包 | 原因 |
|---|---|
| cgiemail | RC-buggy,不再維護 |
| grive | 由於 Google API 更改而損壞 |
| libapache2-authenntlm-perl | 由於 Apache 2.4 而損壞 |
| libwww-dict-leo-org-perl | 由於上游更改而損壞 |
| live-f1 | 由於第三方更改而損壞 |
| owncloud | 不受支持 |
| owncloud-apps | 不受支持 |
Debian 安裝程序
安裝程序已經更新,以配合發佈時包含在穩定版本中的修正內容。
URL
此修訂版中更改套件的完整列表:
當前穩定發行版:
擬議的穩定發行版更新:
穩定發行版信息(發行説明,勘誤表等):
安全公告及信息:
關於 Debian
Debian 項目是一個自由軟件開發者組織,為製作完全免費的 Debian 操作系統而自願貢獻時間和精力。
聯繫信息
更多信息,請訪問 Debian 主頁 https://www.debian.org/,發送郵件至 <press@debian.org>,或聯繫穩定版本團隊 <debian-release@lists.debian.org>。