주의: 이 번역은 원문보다 오래되었습니다.
데비안 9 업데이트: 9.2 릴리스
2017년 10월 7일
데비안 프로젝트는 안정 배포판 데비안9 (codename stretch
의 두번쩨 업데이트를 알리게 되어
기쁩니다.
이 포인트 릴리스는 주로 보안 이슈에 대한 수정 및 심각한 이슈에 대한 조정을 추가합니다.
보안권고는 이미 별도로 게시했으며 사용 가능한 곳에 참조됩니다.
포인트 릴리스는 데비안 9의 새 버전을 구성하지 않고
포함된 패키지 일부만 업데이트함을 주의하세요.
기존 stretch
매체를 버릴 필요는 없습니다.
설치 후, 패키지는 최신 데비안 미러를 써서 현재 버전으로 업그레이드 될 수 있습니다.
security.debian.org에서 업데이트를 자주 설치하는 사용자는 많은 패키지를 업데이트하지 않을 것이며, 대부분 그 업데이트는 포인트 릴리스에 포함되었습니다.
새 설치 이미지는 일반 위치에서 곧 가능하게 될 겁니다.
기존 설치를 이 리비전으로 업그레이드하는 것이 데비안의 많은 HTTP 미러 중 하나에 있는 패키지 관리시스템에서 수행될 수 있습니다. 포괄적 미러 목록이 아래에 가능합니다:
이 포인트 릴리스의 특수한 경우로, apt-get
도구를 써서 업그레이드하는 사람들은
dist-upgrade
명령을 써서 최신 커널 패키지로 업데이트 할 필요가 있습니다.
apt
와 aptitude
처럼 다른 도구를 사용하는 사용자는 upgrade
명령을 사용해야 합니다.
여러가지 버그 수정
포인트 릴리스를 준비하는 동안 관리감독으로 인해, base-files
패키지에 대한 일반적 업데이트는
불행히도 포함되지 않았습니다.
업데이트 된 패키지는 가까운 미래에 stretch-updates
를 통해 가능하게 될 겁니다.
이 안정 업데이트는 아래 패키지에 중요한 수정을 추가합니다:
| 패키지 | 이유 |
|---|---|
| apt | Fix issues in apt-daily-upgrade; fix a possible crash in the mirror method |
| at-spi2-core | Fix crash on switching windows |
| bareos | Fix permissions of bareos-dir logrotate config on upgrade; fix file corruption when using SHA1 signature |
| bind9 | Import support for DNSSEC KSK-2017 |
| bridge-utils | Fix a problem with some vlan interfaces not being created |
| caja | Fix excessive CPU use while loading background image |
| chrony | Do not pass 'burst' command to chronyc |
| cross-gcc | Fix outdated support for gcc 6.3.0-18 |
| cvxopt | Remove the unneccessary and non-working compatibility layer for lpx_main() |
| db5.3 | Do not access DB_CONFIG when db_home is not set [CVE-2017-10140] |
| dbus | New upstream stable release |
| debian-edu-doc | Merge stretch related documentation and translation updates; update Debian Edu Stretch manual from the wiki; replace existing boot menu screenshots with recent ones from the wiki |
| debian-installer | Update Linux kernel ABI to 4 |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| desktop-base | Fix XML syntax errors in gnome wallpaper description files making Joy wallpapers unavailable by default; ensure postinst doesn’t fail on upgrade even when an incomplete theme pack is active |
| dns-root-data | Update root.hints to 2017072601 version; change the state of KSK-2017 to VALID |
| dnsdist | Security fixes [CVE-2016-7069 CVE-2017-7557] |
| dnsviz | Cherry-pick upstream fixes related to root.hints and root.keys changes |
| dose3 | Fix versioned provides support - packages that provide the same virtual package in different versions, or that provide the same versioned virtual package as a real package, are co-installable |
| ecl | Add missing dependency on libffi-dev |
| erlang-p1-tls | Fix ECDH curves |
| evolution | Fix hang on right click in composer window |
| expect | Properly check for EOF, to avoid losing input |
| fife | Fix memory leak |
| flatpak | New upstream stable release; prevent deploying files with inappropriate permissions; restore compatibility with libostree 2017.7 |
| freerdp | Enable TLS >= 1.1 support |
| gnome-exe-thumbnailer | Switch to msitools' msiinfo for ProductVersion fetching, replacing the insecure VBScript-based parsing [CVE-2017-11421]; fix unreadable white-on-white text on version labels |
| gnupg2 | Fix dirmngr issues with broken reverse DNS, assertion when using tofu-default-policy ask, multiple issues with scdaemon, avoid spurious warnings when sharing a keybox with gpg >= 2.1.20 |
| gnutls28 | Fix OCSP verification errors, especially with ECDSA signatures |
| gosa-plugin-mailaddress | Fix parent constructor calls, for compatibility with PHP7 |
| gsoap | Fix integer overflow via large XML document [CVE-2017-9765] |
| haveged | Start haveged.service after systemd-tmpfiles-setup.service has been run |
| ipsec-tools | Security fix [CVE-2016-10396] |
| irssi | Fix null pointer dereference [CVE-2017-10965], use-after-free condition for nicklist [CVE-2017-10966] |
| kanatest | Remove DISABLE_DEPRECATED flags, they cause implicit pointer conversion and thus a segmentation fault on startup |
| kdepim | Fix send Later with Delay bypasses OpenPGP[CVE-2017-9604] |
| kf5-messagelib | Fix send Later with Delay bypasses OpenPGP[CVE-2017-9604] |
| krb5 | Fix security issue where remote authenticated attackers can crash the KDC [CVE-2017-11368]; fix startup if getaddrinfo() returns a wildcard v6 address and handling of explicitly specified v4 wildcard address; fix SRV lookups to respect udp_preference_limit |
| lava-tool | Add missing dependency on python-simplejson |
| librsb | Fix a few severe bugs leading to numerically wrong results |
| libselinux | Rebuild with new sbuild to fix changelog date |
| libsolv | Fix dependencies on Python 3 modules |
| libwpd | Fix denial of service issue [CVE-2017-14226] |
| linux | New upstream stable version |
| linux-latest | Update to 4.9.0-4 |
| lzma | Rebuild with new sbuild to fix changelog date |
| mailman | Fix broken dependencies in contrib/SpamAssassin.py |
| mate-power-manager | Don't abort on unknown DBus signal name |
| mate-themes | Fix font colour of URL bar in Google Chrome |
| mate-tweak | Add missing dependency on python3-gi |
| ncurses | Fix various crash bugs in the tic library and the tic binary [CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13734 CVE-2017-13733] |
| nettle | Rebuild with new sbuild to fix changelog date |
| node-brace-expansion | Fix regular expression denial of service issue |
| node-dateformat | Set TZ=UTC for tests to fix build failure |
| ntp | Build and install /usr/bin/sntp |
| nvidia-graphics-drivers | New upstream long lived branch release 375.82 - security fixes [CVE-2017-6257 CVE-2017-6259], add support for the following GPUs: GeForce GTX 1080 with Max-Q Design, GeForce GTX 1070 with Max-Q Design, GeForce GTX 1060 with Max-Q Design; nvidia-kernel-dkms: Honor parallel setting from dkms |
| open-vm-tools | Randomly generate temporary directory name [CVE-2015-5191] |
| opendkim | Start as root and drop privileges in opendkim for proper key file ownership |
| openldap | Relax the dependency of libldap-2.4-2 on libldap-common to also permit later versions; fix upgrade failure when olcSuffix contains a backslash; avoid reading the value of the LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory; fix potential endless replication loop in a multi-master delta-syncrepl scenario with 3 or more nodes; fix memory corruption caused by calling sasl_client_init() multiple times and possibly concurrently |
| openvpn | Fix broken reconnects due to wrong push digest calculation |
| osinfo-db | Update distribution information |
| pcb-rnd | Fix execution of code via a maliciously formed design file |
| postfix | New upstream stable version - send single character variable names to milters without {}; prevent MIME downgrade of Postfix-generated message/delivery status; work around Berkeley DB attempting to read settings from DB_CONFIGfile |
| python-pampy | Fix dependencies on Python 3 modules |
| request-tracker4 | Fix regression in previous security release where incorrect SHA256 passwords could trigger an error |
| ruby-gnome2 | ruby-{gdk3,gtksourceview2,pango,poppler}: Add missing dependencies |
| samba | Ensure SMB signing enforced [CVE-2017-12150]; keep required encryption across SMB3 DFS redirects [CVE-2017-12151]; fix server memory information leak over SMB1 [CVE-2017-12163]; new upstream release; fix libpam-winbind.prerm to be multiarch-safe; add missing logrotate for /var/log/samba/log.samba; fix outdated DNS Root servers; fix Non-kerberos logins fails on winbind 4.X when krb5_auth is configured in PAM |
| smplayer | Fix connections to YouTube |
| speech-dispatcher | Make spd-conf work again |
| suricata | Limit the number of recursive calls in the DER/ASN.1 decoder to avoid stack overflows |
| swift | New upstream stable release |
| tbdialout | Include leading plus symbol when using tel: URI scheme |
| tiny-initramfs | Add missing dependency on cpio |
| topal | Fix misuse of sed character class syntax |
| torsocks | Fix check_addr() to return either 0 or 1 |
| trace-cmd | Fix segfault while processing certain trace files |
| unbound | Fix install of trust anchor when two anchors are present; depend on dns-root-data (>= 2017072601~) for KSK-2017 |
| unknown-horizons | Fix memory leak |
| up-imapproxy | Correct systemd service file |
| vim | Fix several crashes / illegal memory accesses [CVE-2017-11109] |
| waagent | New upstream release, with support for Azure Stack |
| webkit2gtk | Upstream security and bugfix release [CVE-2017-2538 CVE-2017-7052 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064] |
| whois | Fix whois referrals for .com, .net, .jobs, .bz, .cc and .tv; add several new Indian TLD servers; update the list of gTLDs |
| wrk | Fix build failures |
| xfonts-ayu | Fix generation of bold and italic fonts |
| xkeyboard-config | Move Indic layouts back to the main layout list, enabling their use again |
| yadm | Fix race condition which could allow access to private PGP and SSH keys [CVE-2017-11353] |
보안 업데이트
이 리비전은 아래 보안 업데이트를 안정 릴리스에 추가했습니다. 보안 팀은 이미 각 업데이트에 대한 자문을 발표했습니다:
삭제된 패키지
아래 패키지는 우리의 통제를 넘는 상황으로 삭제되었습니다:
| 패키지 | 이유 |
|---|---|
| clapack | Outdated and unmaintained fork of lapack |
데비안 설치관리자
설치관리자는 안정 버전의 포인트 릴리스에 포함된 수정사항을 포함하도록 업데이트 되었습니다.
URL
이 리비전으로 변경된 패키지 목록:
현재 안정 배포판:
안정 배포판에 대해 제안된 업데이트:
안정 배포판 정보(릴리스 노트, 정오표 등):
보안 알림과 정보:
데비안에 대하여
데비안 프로젝트는 시간과 노력을 봉사하여 완전히 자유 운영 체제 데비안을 만들려고 하는 자유 소프트웨어 개발자의 모임입니다.
연락 정보
좀 더 자세한 정보를 위해, 데비안 웹 페이지 https://www.debian.org/를 방문하고, 메일을 <press@debian.org>에 보내거나, 안정 릴리스 팀 <debian-release@lists.debian.org>에 문의하세요.