Uppdaterad Debian 8: 8.7 utgiven
14 januari 2017
Debianprojektet presenterar stolt den sjunde uppdateringen av sin
stabila distribution Debian 8 (med kodnamn jessie
)..
Denna uppdatering lägger huvudsakligen till rättningar till säkerhetsproblem
till den stabila utgåvan, tillsammans med några korrigeringar för
allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och
refereras när de finns tillgängliga.
Vänligen notera att denna uppdatering inte innebär en ny version av Debian
8 utan endast uppdaterar några av de inkluderade paketen. Det finns
ingen anledning att kasta bort gamla jessie
-CDs eller DVD-skivor
utan allt som behövs är att uppdatera via en uppdaterad Debianspegling efter
en installation, för att få alla inaktuella paket uppdaterade.
De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket och de flesta uppdateringar från security.debian.org inkluderas i denna uppdatering.
Ny installationsmedia och CD- och DVD-avbildningar med uppdaterade paket kommer snart att finnas tillgängliga på de vanliga platserna.
En uppgradering online till denna revision görs vanligtvis genom att peka paketverktyget aptitude (eller apt) (se manualsidan för sources.list(5)) mot en av Debians många FTP eller HTTP-speglingar. En fullständig lista över speglingar finns tillgänglig på:
Blandade felrättningar
Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:
Paket | Orsak |
---|---|
ark | Stop crashing on exit when being used solely as a KPart |
asterisk | Fix security issue due to non-printable ASCII chars treated as whitespace [CVE-2016-9938] |
asused | Use created fields instead of changed, in line with changes to source data |
base-files | Change /etc/debian_version to 8.7 |
bash | Fix arbitrary code execution via malicious hostname [CVE-2016-0634] and specially crafted SHELLOPTS+PS4 variables allows command substitution [CVE-2016-7543] |
ca-certificates | Update Mozilla certificate authority bundle to version 2.9; postinst: run update-certificates without hooks to initially populate /etc/ssl/certs |
cairo | Fix DoS via using SVG to generate invalid pointers [CVE-2016-9082] |
ccache | [amd64] Rebuild in a clean environment |
ceph | Fix short CORS request issue [CVE-2016-9579], mon DoS [CVE-2016-5009], anonymous read on ACL [CVE-2016-7031], RGW DoS [CVE-2016-8626] |
chirp | Disable reporting of telemetry by default |
cyrus-imapd-2.4 | Fix LIST GROUP support |
darktable | Fix integer overflow in ljpeg_start() [CVE-2015-3885] |
dbus | Fix potential format string vulnerability; dbus.prerm: ensure that dbus.socket is stopped before removal |
debian-edu-doc | Update Debian Edu Jessie manual from the wiki; fix (da|nl) Jessie manual PO files to get the PDF manuals built; translation updates |
debian-edu-install | Update version number to 8+edu1 |
debian-installer | Rebuild for the point release |
debian-installer-netboot-images | Rebuild for the point release |
duck | Fix loading of code from untrusted location [CVE-2016-1239] |
e2fsprogs | Rebuild against dietlibc 0.33~cvs20120325-6+deb8u1, to pick up included security fixes |
ebook-speaker | Fix hint about installing html2text to read html files |
elog | Fix posting entry as arbitrary username [CVE-2016-6342] |
evolution-data-server | Fix premature drop of connection with reduced TCP window sizes and resulting loss of data |
exim4 | Fix GnuTLS memory leak |
file | Fix memory leak in magic loader |
ganeti-instance-debootstrap | Fix losetup invocations by replacing -s with --show |
glibc | Do not unconditionally use the fsqrt instruction on 64-bit PowerPC CPUs; fix a regression introduced by cvs-resolv-ipv6-nameservers.diff in hesiod; disable lock elision (aka Intel TSX) on x86 architectures |
glusterfs | Quota: Fix could not start auxiliary mount issue |
gnutls28 | Fix incorrect certificate validation when using OCSP responses [GNUTLS-SA-2016-3 / CVE-2016-7444]; ensure compatibility with CVE-2016-6489-patched nettle |
hplip | Use full gpg key fingerprint when fetching key from keyservers [CVE-2015-0839] |
ieee-data | Disable monthly update cron job |
intel-microcode | Update microcode |
irssi | Fix information exposure issue via buf.pl and /upgrade [CVE-2016-7553]; fix NULL pointer dereference in the nickcmp function [CVE-2017-5193], use-after-free when receiving invalid nick message [CVE-2017-5194] and out-of-bounds read in certain incomplete control codes [CVE-2017-5195] |
isenkram | Download firmware using curl; use HTTPS when downloading modaliases; change mirror from http.debian.net to httpredir.debian.org |
jq | Fix heap buffer overflow [CVE-2015-8863] and stack exhaustion [CVE-2016-4074] |
libclamunrar | Fix out-of-band access |
libdatetime-timezone-perl | Update to 2016h; update included data to 2016i; update to 2016j; update to 2016g |
libfcgi-perl | Fix numerous connections cause segfault DoS[CVE-2012-6687] |
libio-socket-ssl-perl | Fix issue with incorrect unreadable SSL_key_fileerror when using filesystem ACLs |
libmateweather | Switch from discontinued weather.noaa.gov to aviationweather.gov |
libphp-adodb | Fix XSS vulnerability [CVE-2016-4855] and SQL injection issue [CVE-2016-7405] |
libpng | Fix null pointer deference issue [CVE-2016-10087] |
libwmf | Fix allocating huge block of memory [CVE-2016-9011] |
linkchecker | Fix HTTPS checks |
linux | Update to stable 3.16.39; add chaoskey driver, backported from 4.8, support for n25q256a11 SPI flash device; security,perf: Allow unprivileged use of perf_event_open to be disabled; several bug and security fixes |
lxc | Attach: do not send procfd to attached process [CVE-2016-8649]; remount bind mounts if read-only flag is provided; fix Alpine Linux container creation |
mapserver | Fix FTBFS with php >= 5.6.25; fix information leak via error messages [CVE-2016-9839] |
mdadm | Allow '--grow --continue' to successfully reshape an array when using backup space on a 'spare' device |
metar | Update report URL |
minissdpd | Fix improper validation of array index vulnerability [CVE-2016-3178 CVE-2016-3179] |
monotone | Change the sigpipe test case to write 1M of test data to increase chances of overflowing the pipe buffer |
most | Fix shell injection attack when opening lzma-compressed files [CVE-2016-1253] |
mpg123 | Fix DoS with crafted ID3v2 tags |
musl | Fix integer overflow [CVE-2016-8859] |
nbd | Stop mixing global flags into the flags field that gets sent to the kernel, so that connecting to nbd-server >= 3.9 does not cause every export to be (incorrectly) marked as read-only |
nettle | Protect against potential side-channel attacks against exponentiation operations [CVE-2016-6489] |
nss-pam-ldapd | Have init script stop action only return when nslcd has actually stopped |
nvidia-graphics-drivers | Update to new driver version, including security fixes [CVE-2016-8826 CVE-2016-7382 CVE-2016-7389] |
nvidia-graphics-drivers-legacy-304xx | Update to new driver version, including security fixes [CVE-2016-8826 CVE-2016-7382 CVE-2016-7389] |
nvidia-graphics-modules | Rebuild against nvidia-kernel-source 340.101 |
openbox | Add libxcursor-dev build-dependency to fix loading of startup notifications; replace getgrent with getgroups so as not to enumerate all groups at startup |
opendkim | Fix relaxed canonicalization of folded headers, which broke signatures |
pam | Fix handling of loginuid in containers |
pgpdump | Fix endless loop parsing specially crafted input in read_binary [CVE-2016-4021] and buffer overrun in read_radix64 |
postgresql-9.4 | New upstream release |
postgresql-common | Pg_upgradecluster: Properly upgrade databases with non-login role owners; pg_ctlcluster: Protect against symlink in /var/log/postgresql/ allowing the creation of arbitrary files elsewhere [CVE-2016-1255] |
potrace | Security fixes [CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703] |
python-crypto | Raise a warning when IV is used with ECB or CTR and ignore the IV [CVE-2013-7459] |
python-werkzeug | Fix XSS issue in debugger |
qtbase-opensource-src | Prevent bad-ptrs deref in QNetworkConfigurationManagerPrivate; fix X11 tray icons on some desktops |
rawtherapee | Fix buffer overflow in dcraw [CVE-2015-8366] |
redmine | Handle dependency check failure when triggered, to avoid breaking in the middle of dist-upgrades; avoid opening database configuration that are not readable |
samba | Fix client side SMB2/3 required signing can be downgraded[CVE-2016-2119], various regressions introduced by the 4.2.10 security fixes, segfault with clustering |
sed | Ensure consistent permissions with different umasks |
shutter | Fix insecure usage of system() [CVE-2015-0854] |
sniffit | Security fix [CVE-2014-5439] |
suckless-tools | Fix SEGV in slock when user's account has been disabled [CVE-2016-6866] |
sympa | Fix logrotate configuration so that sympa is not left in a confused state when systemd is used |
systemd | Don't return any error in manager_dispatch_notify_fd() [CVE-2016-7796]; core: Rework logic to determine when we decide to add automatic deps for mounts; various ordering fixes for ifupdown; systemctl: Fix argument handling when invoked as shutdown; localed: tolerate absence of /etc/default/keyboard; systemctl, loginctl, etc.: Don't start polkit agent when running as root |
tevent | New upstream version, required for samba |
tre | Fix regex integer overflow in buffer size computations [CVE-2016-8859] |
tzdata | Update included data to 2016h; update to 2016g; update to 2016j; update included data to 2016i |
unrtf | Fix buffer overflow in various cmd_ functions [CVE-2016-10091] |
w3m | Several security fixes [CVE-2016-9430 CVE-2016-9434 CVE-2016-9438 CVE-2016-9440 CVE-2016-9441 CVE-2016-9423 CVE-2016-9431 CVE-2016-9424 CVE-2016-9432 CVE-2016-9433 CVE-2016-9437 CVE-2016-9422 CVE-2016-9435 CVE-2016-9436 CVE-2016-9426 CVE-2016-9425 CVE-2016-9428 CVE-2016-9442 CVE-2016-9443 CVE-2016-9429 CVE-2016-9621 CVE-2016-9439 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9631 CVE-2016-9630 CVE-2016-9632 CVE-2016-9633] |
wireless-regdb | Update included data |
wot | Remove plugin due to privacy issues |
xwax | Replace ffmpeg with avconv from libav-tools |
zookeeper | Fix buffer overflow via the input command when using the cmd:batch mode syntax [CVE-2016-5017] |
Säkerhetsuppdateringar
Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan givit ut bulletiner för var och en av dessa uppdateringar
Borttagna paket
Följande paket har tagits bort på grund av omständigheter utom vår kontroll:
Paket | Orsak |
---|---|
dotclear | Säkerhetsproblem |
sogo | Säkerhetsproblem |
Debianinstalleraren
Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila stabila utgåvan med denna punktutgåva.
URLer
Den fullständiga listan på paket som har förändrats med denna revision:
Den nuvarande stabila utgåvan:
Föreslagna uppdateringar till den stabila utgåvan:
Information om den stabila stabila utgåvan (versionsfakta, kända problem, osv.):
Säkerhetsbulletiner och information:
Om Debian
Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.
Kontaktinformation
För mer information, besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.