Uppdaterad Debian 8: 8.6 utgiven

17 september 2016

Debianprojektet presenterar stolt den sjätte uppdateringen av sin stabila distribution Debian 8 (med kodnamn jessie). Denna uppdatering lägger huvudsakligen till rättningar till säkerhetsproblem till den stabila utgåvan, tillsammans med några korrigeringar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att denna uppdatering inte innebär en ny version av Debian 8 utan endast uppdaterar några av de inkluderade paketen. Det finns ingen anledning att kasta bort gamla jessie-CDs eller DVD-skivor utan allt som behövs är att uppdatera via en uppdaterad Debianspegling efter en installation, för att få alla inaktuella paket uppdaterade.

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket och de flesta uppdateringar från security.debian.org inkluderas i denna uppdatering.

Ny installationsmedia och CD- och DVD-avbildningar med uppdaterade paket kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering online till denna revision görs vanligtvis genom att peka paketverktyget aptitude (eller apt) (se manualsidan för sources.list(5)) mot en av Debians många FTP eller HTTP-speglingar. En fullständig lista över speglingar finns tillgänglig på:


Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga paket:

Paket Orsak
adblock-plus New upstream release, compatible with firefox-esr
apache2 Fix race condition and logical error in init script; remove links to manpages.debian.org in default index.html; mod_socache_memcache: Increase idle timeout to 15s to allow keep-alive connections; mod_proxy_fcgi: Fix wrong behaviour with 304 responses; correct systemd-sysv-generator behaviour; mod_proxy_html: Add missing config file mods-available/proxy_html.conf
audiofile Fix buffer overflow when changing both sample format and number of channels [CVE-2015-7747]
automake-1.14 Avoid insecure use of /tmp/ in install-sh
backintime Add missing dependency on python-dbus
backuppc Fix regressions from samba update to 4.2
base-files Update for the point release
biber Fix breakage triggered by point release update of perl
cacti Fix sql injection in tree.php [CVE-2016-3172] and graph_view.php [CVE-2016-3659]; fix authentication bypass [CVE-2016-2313]
ccache Upstream bug-fix release
clamav Don't fail if AllowSupplementaryGroups is still set in the configuration file
cmake Fix FindOpenSSL module to detect OpenSSL 1.0.1t
conkeror Support Firefox 44 and later
debian-edu-config Move from Iceweasel to Firefox ESR; adjust ldap-tools/ldap-debian-edu-install to be compliant with systemd now that unit samba.service is masked; dhclient-exit-hooks.d/hostname: adjust for the case of a dedicated LTSP server; adjust cf.krb5client to ensure that cfengine runs are idempotent; move code to cleanup /usr/share/pam-configs/krb5 diversion from postinst to preinst to ease upgrades from old wheezy installations; don't purge libnss-mdns as cups now needs mdns for automatic printer detection
debian-edu-doc Update Debian Edu jessie and wheezy manuals from the wiki
debian-installer Rebuild against proposed-updates
debian-installer-netboot-images Rebuild for the point release
debian-security-support Update included support data; add support for marking packages as losing support at a future date
dietlibc Fix insecure default PATH
dwarfutils Security fixes [CVE-2015-8538 CVE-2015-8750 CVE-2016-2050 CVE-2016-2091 CVE-2016-5034 CVE-2016-5036 CVE-2016-5038 CVE-2016-5039 CVE-2016-5042]
e2fsprogs Disable prompts for time skew which is fudged in e2fsck; fix potential corruption of Hurd file systems by e2fsck, pointer bugs that could cause crashes in e2fsck and resize2fs
exim4 Fix cutthrough bug with body lines having a single dot; fix crash on exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'; improve NEWS file; backport missing upstream patch to actually make $initial_cwd expansion work
file Fix buffer over-write in finfo_open with malformed magic file [CVE-2015-8865]
firegestures New upstream release, compatible with firefox-esr
flashplugin-nonfree Update-flashplugin-nonfree: Delete old get-upstream-version.pl from cache
fusionforge Remove dependency on Mediawiki plugin from fusionforge-full metapackage
gdcm Fix integer overflow [CVE-2015-8396] and denial of service [CVE-2015-8397]
glibc Fix assertion failure with unconnectable name server addresses (regression introduced by CVE-2015-7547 fix); fix *context functions on s390x; fix a buffer overflow in the glob function [CVE-2016-1234], a stack overflow in nss_dns_getnetbyname_r [CVE-2016-3075], a stack overflow in getaddrinfo function [CVE-2016-3706], a stack overflow in Sun RPC clntudp_call() [CVE-2016-4429]; update from upstream stable branch; fix open and openat functions with O_TMPFILE; fix backtrace hang on armel/armhf, possibly causing a minor denial of service vulnerability [CVE-2016-6323]; fix mtr on systems using only IPv6 nameservers
gnome-maps New upstream release; use the Mapbox tile server, instead of the no longer supported MapQuest server
gnome-sudoku Don't generate the same puzzle sequence every time
gnupg gpgv: Tweak default options for extra security; g10: Fix checking key for signature validation
gnupg2 gpgv: Tweak default options for extra security; g10: Fix checking key for signature validation
greasemonkey New upstream release, compatible with firefox-esr
intel-microcode New upstream release
jakarta-jmeter Really install the templates; fix an error with libxstream-java >= 1.4.9 when loading the templates
javatools Return correct architecture string for ppc64el in java-arch.sh
kamailio Fix libssl version check
libbusiness-creditcard-perl Adjust to changes in credit card ranges and processing of various companies
libcss-dom-perl Work around Encode changes included in perl and libencode-perl stable updates
libdatetime-timezone-perl Update included data to 2016e; new upstream release
libdevel-declare-perl Fix breakage caused by change in perl stable update
libnet-ssleay-perl Fix build failure with openssl 1.0.1t-1+deb8u1
libquota-perl Adapt platform detection to work with Linux 4.x
libtool Fix multi-arch co-installability [amd64 i386]
libxml2 Fix a problem unparsing URIs without a host part like qemu:///system; this unbreaks libvirt, libsys-virt-perl and others
linux New upstream stable release
lxc Make sure stretch/sid containers have an init system, after init 1.34 dropped the 'Essential: yes' header
mariadb-10.0 New upstream release, including security fix [CVE-2016-6662]
mozilla-noscript New upstream release, compatible with firefox-esr
nullmailer Do not keep relayhost data in debconf database longer than strictly needed
open-iscsi Init script: wait a bit after iSCSI devices have appeared, working around a race condition in which dependent devices can appear only after the initial udev settle has returned; open-iscsi-udeb: update initramfs after copying configuration to target system
openssl Fix length check for CRLs; enable asm optimisation for s390x
ovirt-guest-agent Install ovirt-guest-agent.py executable; change owner of log directory to ovirtagent in postinst
piuparts Fix build failure (don't test the current Debian release status, tracking that is distro-info-data's problem)
policykit-1 Several bug-fixes: fix heap corruption [CVE-2015-3255], local authenticated denial of service [CVE-2015-4625] and issue with invalid object paths in RegisterAuthenticationAgent [CVE-2015-3218]
publicsuffix New upstream release
pypdf2 Fix infinite loop in readObject() function
python-django Bug-fix update to 1.7.11
python2.7 Address StartTLS stripping attack in smtplib [CVE-2016-0772], integer overflow in zipimporter [CVE-2016-5636], HTTP header injection [CVE-2016-5699]
quassel Fix remote DoS in quassel core with invalid handshake data [CVE-2016-4414]
ruby-eventmachine Fix remotely triggerable crash due to FD handling
ruby2.1 dl::dlopen should not open a library with tainted library name in safe mode [CVE-2009-5147]; Fiddle handles should not call functions with tainted function names [CVE-2015-7551]
sendmail Do not abort with an assertion if the connection to an LDAP server is lost; ensure sendmail {client_port} is set correctly on little endian machines
sqlite3 Fix tempdir selection vulnerability [CVE-2016-6153], segfault following heavy SAVEPOINT usage
systemd Use the right timeout for stop processes we fork; don't reset log level to NOTICE if we get quiet on the kernel cmdline; fix prepare priority queue comparison function in sd-event; update links to kernel.org cgroup documentation; don't start console-getty.service when /dev/console is missing; order systemd-user-sessions.service after nss-user-lookup.target and network.target
tabmixplus New upstream release, compatible with firefox-esr
tcpreplay Handle frames of 65535 octets size, add a size check [CVE-2016-6160]
tor Update the set of authority directory servers
tzdata New upstream release; update to 2016e
unbound Init script fixes: add pidfile magic comment; call start-stop-daemon with --retry for 'stop' action
util-vserver Rebuild against dietlibc 0.33~cvs20120325-6+deb8u1, fixing insecure default PATH
vorbis-tools Fix large alloca on bad AIFF input to oggenc [CVE-2015-6749], Validate count of channels in the header [CVE-2014-9638 CVE-2014-9639], fix segmentation fault in vcut
vtk Rebuild to fix Java paths [ppc64el]
wget By default, on server redirects to a FTP resource, use the original URL to get the local file name [CVE-2016-4971]
wpa Security updates relating to invalid characters [CVE-2016-4476, CVE-2016-4477]
yaws Fix HTTP_PROXY cgi env injection [CVE-2016-1000108]
zabbix Fix mysql.size shell command injection in zabbix-agent [CVE-2016-4338]

Paketet mariadb-10.0 misslyckades att bygga på powerpc-arkitekturen, men har inkluderats i punktutgåvan för att tillåta snabbare släpp av rättningen för CVE-2016-6662, som inte hade avslöjats i tid för uppladdningen. Om en rättning för byggfelet blir tillgänglig för nästa DSA för mariadb-10.0, kommer ett uppdaterat paket att göras tillgängligt via jessie-updates.


Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan givit ut bulletiner för var och en av dessa uppdateringar.

Bulletin-ID Paket
DSA-3548 samba
DSA-3548 talloc
DSA-3548 tdb
DSA-3548 tevent
DSA-3548 ldb
DSA-3565 monotone
DSA-3588 symfony
DSA-3589 gdk-pixbuf
DSA-3590 chromium-browser
DSA-3591 imagemagick
DSA-3592 nginx
DSA-3593 libxml2
DSA-3594 chromium-browser
DSA-3595 mariadb-10.0
DSA-3596 spice
DSA-3597 expat
DSA-3598 vlc
DSA-3599 p7zip
DSA-3600 firefox-esr
DSA-3602 php5
DSA-3603 libav
DSA-3604 drupal7
DSA-3605 libxslt
DSA-3606 libpdfbox-java
DSA-3607 linux
DSA-3608 libreoffice
DSA-3609 tomcat8
DSA-3610 xerces-c
DSA-3611 libcommons-fileupload-java
DSA-3612 gimp
DSA-3613 libvirt
DSA-3614 tomcat7
DSA-3615 wireshark
DSA-3616 linux
DSA-3617 horizon
DSA-3618 php5
DSA-3619 libgd2
DSA-3620 pidgin
DSA-3621 mysql-connector-java
DSA-3622 python-django
DSA-3623 apache2
DSA-3624 mysql-5.5
DSA-3625 squid3
DSA-3626 openssh
DSA-3627 phpmyadmin
DSA-3628 libunicode-linebreak-perl
DSA-3628 debhelper
DSA-3628 libmime-encwords-perl
DSA-3628 perl
DSA-3628 libsys-syslog-perl
DSA-3628 libmodule-build-perl
DSA-3628 libnet-dns-perl
DSA-3628 libintl-perl
DSA-3628 cdbs
DSA-3628 libmime-charset-perl
DSA-3628 devscripts
DSA-3628 exim4
DSA-3629 ntp
DSA-3630 libgd2
DSA-3631 php5
DSA-3632 mariadb-10.0
DSA-3633 xen
DSA-3634 redis
DSA-3635 libdbd-mysql-perl
DSA-3637 chromium-browser
DSA-3638 curl
DSA-3639 wordpress
DSA-3640 firefox-esr
DSA-3641 openjdk-7
DSA-3642 lighttpd
DSA-3643 kde4libs
DSA-3644 fontconfig
DSA-3645 chromium-browser
DSA-3646 postgresql-9.4
DSA-3647 icedove
DSA-3648 wireshark
DSA-3649 gnupg
DSA-3650 libgcrypt20
DSA-3651 rails
DSA-3652 imagemagick
DSA-3653 flex
DSA-3653 bogofilter
DSA-3654 quagga
DSA-3655 mupdf
DSA-3656 tryton-server
DSA-3657 libarchive
DSA-3658 libidn
DSA-3659 linux
DSA-3660 chromium-browser
DSA-3661 charybdis
DSA-3662 inspircd
DSA-3663 xen
DSA-3664 pdns

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket Orsak
minit Ej underhållen och utdaterad
trn Säkerhetsproblem; ersatt av trn4


Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila stabila utgåvan med denna punktutgåva.


Den fullständiga listan på paket som har förändrats med denna revision:


Den nuvarande stabila utgåvan:


Föreslagna uppdateringar till den stabila utgåvan:


Information om den stabila stabila utgåvan (versionsfakta, kända problem, osv.):


Säkerhetsbulletiner och information:


Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.


För mer information, besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.