주의: 이 번역은 원문보다 오래되었습니다.
데비안 9 업데이트: 9.6 릴리스
2018년 11월 10일
데비안 프로젝트는 데비안 9 (코드명 stretch
)의 6번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 주로 심각한 문제에 대한 조정을 따른 보안 이슈의 수정을 추가합니다.
보안 권고는 이미 별도로 게시되었으며 사용 가능한 경우 참조됩니다.
포인트 릴리스는 새로운 버전의 데비안 9를 구성하는 것이 아니며
포함된 일부 패키지만 업데이트 한다는 점에 유의하십시오.
옛 stretch
미디어를 던져버릴 필요는 없습니다.
설치 후, 패키지를 최신 데비안 미러를 통해 현재 버전으로 업그레이드 할 수 있습니다.
security.debian.org에서 자주 업데이트를 설치하는 사람들은 많은 패키지를 업데이트하고, 대부분의 그러한 업데이트는 포인트 릴리스에 포함되어 있습니다.
새 설치 이미지는 곧 정규 위치에서 가능할 겁니다.
데비안의 많은 HTTP 미러 중 하나에서 패키지 관리 시스템을 가리킴으로써 기존 설치를 이 개정판으로 업그레이드 할 수 있습니다. 미러의 포괄적 목록은 아래에서 가능합니다:
여러가지 버그 수정
이 안정 업데이트는 몇 중요한 수정을 아래 패키지에 추가합니다:
패키지 | 이유 |
---|---|
accerciser | Fix accessing items without a compositor; fix Python console; add missing dependency on python3-xlib |
apache2 | mod_http2: Fix DoS by worker exhaustion [CVE-2018-1333] and by continuous SETTINGS [CVE-2018-11763]; mod_proxy_fcgi: Fix segfault |
base-files | Update /etc/debian_version for the point release |
brltty | Fix polkit authentication |
canna | Fix file conflict between canna-dbgsym and canna-utils-dbgsym |
cargo | New package to support Firefox ESR60 build |
clamav | New upstream release; fix HWP integer overflow, infinite loop vulnerability [CVE-2018-0360]; fix PDF object length check issue, unreasonably long time to parse relatively small file [CVE-2018-0361]; new upstream version; fix Denial-of-Service issue [CVE-2018-15378]; fix infinite loop in dpkg-reconfigure |
confuse | Fix an out of bound read in trim_whitespace [CVE-2018-14447] |
debian-installer | Update for -8 kernel ABI |
debian-installer-netboot-images | Rebuild for the point release |
dnsmasq | trust-anchors.conf: include latest DNS trust anchor KSK-2017 |
dom4j | Fix XML injection attack [CVE-2018-1000632]; compile with source/target 1.5 to fix a compilation issue with String.format |
dpdk | New upstream stable release |
dropbear | Fix user enumeration vulnerability [CVE-2018-15599] |
easytag | Fix OGG corruption |
enigmail | Add compatibility with newer Thunderbird versions |
espeakup | espeakup.service: Automatically load speakup_soft on daemon startup |
fastforward | Fix segfaults on 64-bit architectures |
firetray | Add compatibility with newer Thunderbird versions |
firmware-nonfree | Fix security issues in Broadcom wifi firmware [CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081]; re-add transitional packages for firmware-{adi,ralink} |
fofix-dfsg | Fix error at startup |
fuse | Whitelist autofs and FAT as valid mountpoint filesystems |
ganeti | Properly verify SSL certificates during VM export; sign generated certificates using SHA256 instead of SHA1; make bash completions autoloadable |
globus-gsi-credential | Fix issue with voms proxy and openssl 1.1 |
gnupg2 | Security fixes; backport functionality required for new enigmail |
gnutls28 | Fix security issues [CVE-2018-10844 CVE-2018-10845] |
gphoto2-cffi | Make python3-gphoto2cffi work again |
grub2 | grub-mknetdir: Add support for ARM64 EFI; change the default TSC calibration method to pmtimer on EFI systems |
hdparm | Only enable APM on disks that advertise it |
https-everywhere | Backport new upstream version, for compatibility with Firefox ESR 60 |
i3-wm | Fix crash upon restart when using marks |
iipimage | Fix Apache configuration |
jhead | Fix security issues [CVE-2018-17088 CVE-2018-16554] |
lastpass-cli | Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect changes in hosted Lastpass.com service |
ldap2zone | Fix endless loop checking zone serial |
libcgroup | Fix world-accessible (and writeable) log files [CVE-2018-14348] |
libclamunrar | New upstream release |
libdap | Fix libdap-doc contents |
libdatetime-timezone-perl | Update included data |
libgd2 | Bmp: check return value in gdImageBmpPtr [CVE-2018-1000222]; fix potential infinite loop in gdImageCreateFromGifCtx [CVE-2018-5711] |
libmail-deliverystatus-bounceparser-perl | Remove non-distributable sample spam and viruses |
libmspack | Fix out-of-bounds write [CVE-2018-18584] and acceptance of blankfilenames [CVE-2018-18585] |
libopenmpt | Fix up11: Out-of-bounds read loading IT / MO3 files with many pattern loops[CVE-2018-10017] |
libseccomp | Add support for Linux 4.9 syscalls: preadv2, pwritev2, pkey_mprotect, pkey_alloc and pkey_free; add support for statx |
libtirpc | rendezvous_request: check the makefd_xprt return value [CVE-2018-14622] |
libx11 | Fix several security isses [CVE-2018-14598 CVE-2018-14599 CVE-2018-14600] |
libxcursor | Fix a denial of service or potentially code execution via a one-byte heap overflow [CVE-2015-9262] |
libxml-stream-perl | Provide a default CA path |
libxml-structured-perl | Add missing build and runtime dependency on libxml-parser-perl |
linux | Xen: Fix boot regression in PV domains; xen-netfront: Fix regressions; ext4: fix false negatives *and* false positives in ext4_check_descriptors(); udeb: Add virtio_console to virtio-modules; cdc_ncm: avoid padding beyond end of skb; revert sit: reload iphdr in ipip6_rcv; new upstream release |
lxcfs | Revert uptime virtualization, fixing process start times |
magicmaze | Depend on fonts-isabella now that ttf-isabella is a virtual package |
mailman | Fix arbitrary text injection vulnerability in Mailman CGIs [CVE-2018-13796] |
multipath-tools | Avoid deadlock in udev triggers |
nagstamon | Address IcingaWeb2 Basic auth issue |
network-manager | libnm: Fix accessing enabled and metered properties; fix out-of-bounds heap write in dhcpv6 option handling [CVE-2018-15688] and various other issues in the sd-network based dhcp=internal plugin |
network-manager-applet | libnma/pygobject: libnma/NMA must use libnm/NM instead of legacy libraries |
ola | Fix typo in /etc/init.d/rdm_test_server; fix filename for jquery in rdm test server static HTML files |
opensc | Fix unbounded recursion and several out-of-bounds reads or writes [CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16424 CVE-2018-16425 CVE-2018-16426 CVE-2018-16427] |
pkgsel | Install new dependencies when safe-upgrade (default) is selected |
publicsuffix | Update included data |
python-django | Default to supporting Spatialite >= 4.2 |
python-imaplib2 | Install the correct module for Python 3; don't use TIMEOUT_MAX |
rustc | Enable building on further architectures: arm64, armel, armhf, i386, ppc64el, s390x |
sddm | Honour PAM's ambient supplemental groups; add missing utmp/wtmp/btmp handling |
serf | Fix NULL pointer dereference |
soundconverter | Fix opus vbr setting |
spamassassin | New upstream release; fix denial of service [CVE-2017-15705], remote code execution [CVE-2018-11780], code injection [CVE-2018-11781] and unsafe usage of .in @INC [CVE-2016-1238]; fix spamd service management on package upgrades |
spice-gtk | Fix flexible array buffer overflow [CVE-2018-10873] |
sqlcipher | Avoid a crash when opening a file |
subversion | Fix a regression introduced in the fixes for SHA1 collisions, where commits would incorrectly fail with a Filesystem is corrupterror if the delta length is a multiple of 16K |
systemd | networkd: Do not fail manager_connect_bus() if dbus is not active yet; dhcp6: Make sure we have enough space for the DHCP6 option header [CVE-2018-15688] |
systraq | Invert logic in order to exit successfully in case /e/s/Makefile is missing |
tomcat-native | Fix OSCP responder issue that made it possible for users to authenticate with revoked certificates when using mutual TLS [CVE-2018-8019 CVE-2018-8020] |
tor | Directory authority changes: retire Bifroestbridge authority, in favour of Serge; add an IPv6 address for the dannenbergdirectory authority |
tzdata | New upstream release |
ublock-origin | Backport new upstream version, for compatibility with Firefox ESR 60 |
unbound | Fix vulnerability in the processing of wildcard synthesized NSEC records [CVE-2017-15105] |
vagrant | Support VirtualBox 5.2 |
vmtk | python-vmtk: Add the missing dependency on python-vtk6 |
wesnoth-1.12 | Disallow loading lua bytecode via load/dofile [CVE-2018-1999023] |
wpa | Ignore unauthenticated encrypted EAPOL-Key data [CVE-2018-14526] |
x11vnc | Fix two buffer overflows |
xapian-core | Fix glass backend bug with long-lived cursors on a table in a WritableDatabase which could incorrectly lead to DatabaseCorruptError being thrown when the database was actually OK |
xmotd | Avoid crash with hardening flags |
xorg-server | GLX: do not pick sRGB config for 32-bit RGBA visual - fixes various blending issues with kwin and Mesa >= 18.0 (i.e. Mesa from stretch-backports) |
zutils | Fix a buffer overrun in zcat [CVE-2018-1000637] |
보안 업데이트
이 개정판은 다음 보안 업데이트를 안정적인 릴리스에 추가합니다. 보안 팀은 이미 이들 업데이트 각각에 대한 권고를 제공했습니다:
삭제된 패키지
아래 패키지는 우리의 제어를 넘어서는 환경때문에 삭제되었습니다:
패키지 | 이유 |
---|---|
adblock-plus-element-hiding-helper | Incompatible with newer firefox-esr versions |
all-in-one-sidebar | Incompatible with newer firefox-esr versions |
autofill-forms | Incompatible with newer firefox-esr versions |
automatic-save-folder | Incompatible with newer firefox-esr versions |
classic-theme-restorer | Incompatible with newer firefox-esr versions |
colorfultabs | Incompatible with newer firefox-esr versions |
custom-tab-width | Incompatible with newer firefox-esr versions |
dactyl | Incompatible with newer firefox-esr versions |
downthemall | Incompatible with newer firefox-esr versions |
dvips-fontdata-n2bk | Empty package |
firebug | Incompatible with newer firefox-esr versions |
firegestures | Incompatible with newer firefox-esr versions |
firexpath | Incompatible with newer firefox-esr versions |
flashgot | Incompatible with newer firefox-esr versions |
form-history-control | Incompatible with newer firefox-esr versions |
foxyproxy | Incompatible with newer firefox-esr versions |
gitlab | Open security issues, hard to backport fixes |
greasemonkey | Incompatible with newer firefox-esr versions |
intel-processor-trace | [s390x] Only useful on Intel architectures |
itsalltext | Incompatible with newer firefox-esr versions |
knot-resolver | Security issues |
lightbeam | Incompatible with newer firefox-esr versions |
livehttpheaders | Incompatible with newer firefox-esr versions |
lyz | Incompatible with newer firefox-esr versions |
npapi-vlc | Incompatible with newer firefox-esr versions |
nukeimage | Incompatible with newer firefox-esr versions |
openinbrowser | Incompatible with newer firefox-esr versions |
perspectives-extension | Incompatible with newer firefox-esr versions |
pwdhash | Incompatible with newer firefox-esr versions |
python-facebook | Broken due to upstream changes |
python-tvrage | Useless after tvrage.com shutdown |
reloadevery | Incompatible with newer firefox-esr versions |
sage-extension | Incompatible with newer firefox-esr versions |
scrapbook | Incompatible with newer firefox-esr versions |
self-destructing-cookies | Incompatible with newer firefox-esr versions |
spdy-indicator | Incompatible with newer firefox-esr versions |
status-4-evar | Incompatible with newer firefox-esr versions |
stylish | Incompatible with newer firefox-esr versions |
tabmixplus | Incompatible with newer firefox-esr versions |
tree-style-tab | Incompatible with newer firefox-esr versions |
ubiquity-extension | Incompatible with newer firefox-esr versions |
uppity | Incompatible with newer firefox-esr versions |
useragentswitcher | Incompatible with newer firefox-esr versions |
video-without-flash | Incompatible with newer firefox-esr versions |
webdeveloper | Incompatible with newer firefox-esr versions |
xul-ext-monkeysphere | Incompatible with newer firefox-esr versions |
Debian Installer
The installer has been updated to include the fixes incorporated into stable by the point release.
URL
이 리비전에서 바뀐 패키지 목록:
현재 안정 배포:
안정 버전에 제안된 업데이트:
안정 배포 정보 (릴리스 노트, 정오표 등.):
보안 알림과 정보:
데비안은
데비안 프로젝트는 완전히 자유로운 운영 체제인 데비안을 만들기 위해 시간과 노력을 자원한 자유 소프트웨어 개발자의 모임입니다.
연락처 정보
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.