Updated Debian 8: 8.11 released

June 23rd, 2018

The Debian project is pleased to announce the eleventh (and final) update of its oldstable distribution Debian 8 (codename jessie). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

After this point release, Debian's Security and Release Teams will no longer be producing updates for Debian 8. Users wishing to continue to receive security support should upgrade to Debian 9, or see https://wiki.debian.org/LTS for details about the subset of architectures and packages covered by the Long Term Support project.

The packages for some architectures for DSA 3746, DSA 3944, DSA 3968, DSA 4010, DSA 4014, DSA 4061, DSA 4075, DSA 4102, DSA 4155, DSA 4209 and DSA 4218 are not included in this point release for technical reasons. All other security updates released during the lifetime of "jessie" that have not previously been part of a point release are included in this update.

Please note that the point release does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old jessie media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes

This oldstable update adds a few important corrections to the following packages:

Package	Reason
adminer	Don't allow connections to privileged ports [CVE-2018-7667]
base-files	Update for the point release
blktrace	Fix buffer overflow in btt [CVE-2018-10689]
bwm-ng	Explicitly build without libstatgrab support
clamav	Security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]; fix temporary file cleanup issue; new upstream release; new upstream version
debian-installer	Rebuild for the point release
debian-installer-netboot-images	Rebuild for the point release
debian-security-support	Update package data
dh-make-perl	Support Contents file without header
dns-root-data	Update IANA DNSSEC files to 2017-02-02 versions
faad2	Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]
file	Avoid reading past the end of a buffer [CVE-2018-10360]
ghostscript	Fix segfault with fuzzing file in gxht_thresh_image_init; fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194]
intel-microcode	Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]
lame	Fix security issues by switching to use I/O routines from sndfile [CVE-2017-15018 CVE-2017-15045 CVE-2017-15046 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872]
libdatetime-timezone-perl	Update included data
libextractor	Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]
libipc-run-perl	Fix memory leak
linux	New upstream stable release
mactelnet	Security fix [CVE-2016-7115]
ncurses	Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879]
nvidia-graphics-drivers	New upstream version
nvidia-graphics-drivers-legacy-304xx	Update to latest driver
openafs	Fix kernel module build against linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes
openldap	Fix upgrade failure when olcSuffix contains a backslash; fix memory corruption caused by calling sasl_client_init() multiple times
patch	Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]
postgresql-9.4	New upstream release
psensor	Fix directory traversal issue [CVE-2014-10073]
python-mimeparse	Fix python3-mimeparse's dependencies
rar	Strip statically linked rar and install the dynamically linked version instead
reportbug	Stop CCing secure-testing-team@lists.alioth.debian.org
sam2p	Fix multiple invalid frees and buffer-overflow vulnerabilities [CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554]
slurm-llnl	Fix upgrade issue from wheezy
soundtouch	Security fixes [CVE-2017-9258 CVE-2017-9259 CVE-2017-9260]
subversion	Fix crashes with Perl bindings, commonly seen when using git-svn
tzdata	Update included data
user-mode-linux	Rebuild against current jessie kernel
virtualbox-guest-additions-iso	Fix multiple security issues [CVE-2016-0592 CVE-2016-0495 CVE-2015-8104 CVE-2015-7183 CVE-2015-5307 CVE-2015-7183 CVE-2015-4813 CVE-2015-4896 CVE-2015-3456]
xerces-c	Fix Denial of Service via external DTD reference [CVE-2017-12627]
zsh	Rebuild against libraries currently in jessie

Security Updates

This revision adds the following security updates to the oldstable release. The Security Team has already released an advisory for each of these updates:

Advisory ID	Package
DSA-3707	openjdk-7
DSA-3708	mat
DSA-3746	graphicsmagick
DSA-3782	openjdk-7
DSA-3832	openoffice.org-dictionaries
DSA-3858	openjdk-7
DSA-3923	freerdp
DSA-3944	mariadb-10.0
DSA-3954	openjdk-7
DSA-3968	icedove
DSA-4010	git-annex
DSA-4014	thunderbird
DSA-4048	openjdk-7
DSA-4054	tor
DSA-4057	erlang
DSA-4058	optipng
DSA-4059	libxcursor
DSA-4060	wireshark
DSA-4061	thunderbird
DSA-4062	firefox-esr
DSA-4066	otrs2
DSA-4067	openafs
DSA-4068	rsync
DSA-4069	otrs2
DSA-4070	enigmail
DSA-4071	sensible-utils
DSA-4075	thunderbird
DSA-4076	asterisk
DSA-4077	gimp
DSA-4079	poppler
DSA-4081	php5
DSA-4082	linux
DSA-4082	linux-latest
DSA-4083	poco
DSA-4084	gifsicle
DSA-4085	xmltooling
DSA-4086	libxml2
DSA-4087	transmission
DSA-4088	gdk-pixbuf
DSA-4089	bind9
DSA-4090	wordpress
DSA-4091	mysql-5.5
DSA-4092	awstats
DSA-4093	openocd
DSA-4094	smarty3
DSA-4096	firefox-esr
DSA-4097	poppler
DSA-4098	curl
DSA-4100	tiff
DSA-4101	wireshark
DSA-4102	thunderbird
DSA-4104	p7zip
DSA-4108	mailman
DSA-4109	ruby-omniauth
DSA-4110	exim4
DSA-4111	libreoffice
DSA-4114	jackson-databind
DSA-4115	quagga
DSA-4117	gcc-4.9
DSA-4118	tomcat-native
DSA-4119	libav
DSA-4122	squid3
DSA-4123	drupal7
DSA-4124	lucene-solr
DSA-4126	xmltooling
DSA-4127	simplesamlphp
DSA-4129	freexl
DSA-4130	dovecot
DSA-4132	libvpx
DSA-4133	isc-dhcp
DSA-4136	curl
DSA-4137	libvirt
DSA-4139	firefox-esr
DSA-4140	libvorbis
DSA-4141	libvorbisidec
DSA-4142	uwsgi
DSA-4143	firefox-esr
DSA-4146	plexus-utils
DSA-4147	polarssl
DSA-4148	kamailio
DSA-4149	plexus-utils2
DSA-4150	icu
DSA-4151	librelp
DSA-4152	mupdf
DSA-4153	firefox-esr
DSA-4154	net-snmp
DSA-4155	thunderbird
DSA-4156	drupal7
DSA-4157	openssl
DSA-4161	python-django
DSA-4163	beep
DSA-4164	apache2
DSA-4165	ldap-account-manager
DSA-4167	sharutils
DSA-4168	squirrelmail
DSA-4172	perl
DSA-4175	freeplane
DSA-4176	mysql-5.5
DSA-4177	libsdl2-image
DSA-4178	libreoffice
DSA-4179	linux-tools
DSA-4180	drupal7
DSA-4184	sdl-image1.2
DSA-4186	gunicorn
DSA-4187	linux-latest
DSA-4187	linux
DSA-4189	quassel
DSA-4190	jackson-databind
DSA-4192	libmad
DSA-4193	wordpress
DSA-4194	lucene-solr
DSA-4195	wget
DSA-4196	linux
DSA-4199	firefox-esr
DSA-4202	curl
DSA-4204	imagemagick
DSA-4208	procps
DSA-4209	thunderbird
DSA-4211	xdg-utils
DSA-4212	git
DSA-4214	zookeeper
DSA-4215	batik
DSA-4216	prosody
DSA-4217	wireshark
DSA-4218	memcached
DSA-4220	firefox-esr
DSA-4221	libvncserver
DSA-4222	gnupg2
DSA-4224	gnupg
DSA-4225	openjdk-7
DSA-4226	perl
DSA-4227	plexus-archiver
DSA-4228	spip
DSA-4229	strongswan

Removed packages

The following packages were removed due to circumstances beyond our control:

Package	Reason
dolibarr	Too much work to maintain it properly in Debian
electrum	No longer able to connect to the network
jirc	Broken with jessie's libpoe-filter-xml-perl
nvidia-graphics-modules	License problem; incompatible with current kernel ABI
openstreetmap-client	Broken
redmine	No longer security supported
redmine-plugin-pretend	Depends on redmine
redmine-plugin-recaptcha	Depends on redmine
redmine-recaptcha	Depends on redmine
youtube-dl	Incompatible YouTube API changes

Debian Installer

The installer has been updated to include the fixes incorporated into oldstable by the point release.

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog

The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/

Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates

oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/

Security announcements and information:

https://www.debian.org/security/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.