Debian 8 更新:8.8 发布
2017年05月06日
Debian 项目很高兴地宣布 Debian 8 稳定版本的第八次更新(代号 jessie
)。此更新主要向稳定版本中添加了补丁以修复安全问题,以及为一些严重问题所做的调整。安全建议已经单独出版,并会在适当的情况下予以引用。
请注意,此更新并不是 Debian 8 的新版本,其仅更新了所包含的一些软件包。没有必要丢弃旧的 jessie
CD 或 DVD,只需在安装后使用最新的 Debian 镜像更新旧的软件包即可。
经常从 security.debian.org 安装更新的用户将不必更新许多软件包,并且此更新中包含了 security.debian.org 的大多数更新。
包含更新包的新安装媒体和 CD/DVD 映像即将于通常处提供。
通过将 aptitude(或 apt)包工具(请参阅 sources.list(5) 手册页)指向 Debian 的许多 FTP 或 HTTP 镜像之一,通常可以进行此修订。全面的镜像列表可在以下网址获得:
杂项错误修正
此稳定版更新为以下软件包添加了一些重要修正:
| 包 | 原因 |
|---|---|
| activemq | Fix DoS in activemq-core via shutdown command [CVE-2015-7559] |
| apf-firewall | 添加对内核 >= 3.X 的兼容 |
| apt-xapian-index | 删除对 update-python-modules 的调用 |
| base-files | 为更新发布升级 |
| binutils | Apply patch from upstream to fix gold on arm64 |
| ca-certificates | Update-ca-certificates: update local certificates directory when calling --fresh; support running without hooks |
| commons-daemon | 修复 ppc64el 支持 |
| crafty | 不生成 CPU 特定代码 |
| debian-edu-doc | 更新翻译 |
| debian-installer | 为更新发布重编译 |
| debian-installer-netboot-images | 为更新发布重编译 |
| dropbear | Fix command restriction bypass in authorized_keys [CVE-2016-3116], format string injection [CVE-2016-7406] and arbitrary code execution issues [CVE-2016-7407 CVE-2016-7408] |
| erlang | Fix heap overflow vulnerability in regular expression parsing [CVE-2016-10253] |
| glibc | 修正 PowerPC sqrt 不准确 |
| gnome-media | 添加缺失的 Breaks: gnome-media-common, libgnome-media-dev, libgnome-media0 以匹配 Replaces |
| gnome-screenshot | 使用破折号作为时间格式分隔符 |
| gnome-settings-daemon | 使用破折号作为时间格式分隔符 |
| gnutls28 | Fix truncation issue in PKCS#12 password encoding; fix double free in certificate information printing [CVE-2017-5334]; fix memory leak in server side error path; fix memory leaks and an infinite loop in OpenPGP certificate parsing [CVE-2017-5335 CVE-2017-5336 CVE-2017-5337]; fix integer overflow in OpenPGP certificate parsing [CVE-2017-7869]; fix read past the end of buffer in OpenPGP certificate parsing; fix crashes in OpenPGP certificate parsing, related to private key parsing [GNUTLS-SA-2017-3B]; fix possible OOM in OpenPGP certificate parsing [GNUTLS-SA-2017-3C] |
| groovy | 修正通过构造序列化对象远程代码执行的漏洞 [CVE-2016-6814] |
| groovy2 | 修正通过构造序列化对象远程代码执行的漏洞 [CVE-2016-6814] |
| guile-2.0 | Fix REPL server vulnerability [CVE-2016-8606], mkdir umask-related vulnerability [CVE-2016-8605] |
| initramfs-tools | Include drivers for all keyboards when MODULES=dep; include most USB host drivers and all bus driver modules; remove code that prunes 'broken' symlinks and sometimes /etc/mtab; add all I2C bus and mux drivers when MODULES=most; stop force-loading drivers found through sysfs when MODULES=dep |
| installation-guide | Fix instructions for creating syslinux.cfg to work with syslinux 5 |
| irqbalance | Only warn once for affinity hint subset empty irqs |
| kup | Backport changes needed to work with kernel.org in future |
| libdatetime-timezone-perl | 数据更新至 2017b |
| libindicate | libindicate-gtk3-dev:依赖于 libindicate-gtk3-3 而不是 libindicate-gtk3 |
| libmateweather | 将 Rangoon 时区重命名为 Yangon(根据 tzdata 2016g 更改) |
| libvirt | 改善 qemu v2.6+ 兼容性 |
| libvorbisidec | 添加 libogg-dev 依赖到 libvorbisidec-dev |
| libxslt | 为 xsltAddTextString 检查整数溢出 [CVE-2017-5029] |
| linux | Update to new stable release 3.16.43; mm/huge_memory.c: fix up mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thpbackport |
| logback | Don't deserialize data from untrusted sockets [CVE-2017-5929] |
| lxc | Ensure target netns is caller-owned [CVE-2017-5985] |
| minicom | 修正 vt100.c 里的超限写入 [CVE-2017-7467] |
| modsecurity-crs | 修正 modsecurity_crs_16_session_hijacking.conf 中的拼写错误 |
| mongodb | 修正 .dbshell 的权限 [CVE-2016-6494];redact key and nonce from auth attempt logs |
| ndisc6 | Use upstream default merge hook when resolvconf is not available |
| ndoutils | Postrm purge: 在调用前检查 ucf 存在 |
| nvidia-graphics-drivers | New upstream version (340.102) containing security fixes [CVE-2017-0309 CVE-2017-0310 CVE-2017-0311 CVE-2017-0318 CVE-2017-0321]; fix module build on Linux 4.10 and newer |
| nvidia-graphics-drivers-legacy-304xx | New upstream version (304.135) containing security fixes [CVE-2017-0309 CVE-2017-0310 CVE-2017-0311 CVE-2017-0318 CVE-2017-0321]; fix module build on Linux 4.10 and newer |
| nvidia-graphics-modules | 用 nvidia-kernel-source 340.102 重编译 |
| openchange | 修正用 samba 4.2 编译时的错误 |
| openmpi | libopenmpi1.6: Fix two incorrect soname links, Use versioned Conflicts: libopenmpi2 (<< 1.6) to not interfere with upgrades to stretch |
| plv8 | 检查调用函数的权限 |
| postfix | Fix build failure with Linux 4.x kernels; add delmap to .prerm for all packages that contain map data types exposed through external .so files so that upgrades to stretch (where the associated files have moved) will be functional |
| postgresql-9.4 | 新上游版本 |
| python-cryptography | Fix HKDF issue with small key sizes [CVE-2016-9243]; fix build failure due to SSL2 method detection |
| radare2 | 修正拒绝服务漏洞 [CVE-2017-6197] |
| sane-backends | 修正安全问题 [CVE-2017-6318] |
| sendmail | Only touch files as smmsp:smmsp in /var/run/sendmail/stampdir to avoid possible privilege escalation; use lockfile-create (from lockfile-progs) instead of touch to manage the cronjob lockfiles; sendmail-base: Add Depends: netbase for /etc/services |
| sitesummary | 修正包 pre-removal 脚本 |
| smemstat | Fix null pointer dereference when UID can't be read |
| spip | Fix multiple cross-site scripting issues, server side request forgery attacks [CVE-2016-7999], directory traversal [CVE-2016-7982], arbitrary code execution [CVE-2016-7998], cross-site request forgery [CVE-2016-7980], cross-site scripting vulnerabilities [CVE-2016-7981 CVE-2016-9997 CVE-2016-9998 CVE-2016-9152] |
| sus | 为 SUSv4 TC2 更新 |
| synergy | 修正当 synergyc 启动时的崩溃 |
| systemd | Fix boolean properties retrieved via sd-bus on big-endian architectures; systemctl: Add is-enabled support for SysV init scripts; if the start command vanishes during runtime don't hit an assert; if an automount unit is masked, don't react to activation |
| transmissionrpc | 添加缺失的 Python 模块依赖到 python-six |
| tzdata | Update included data to 2017b; enable partial translations of debconf templates |
| unzip | 修正 unzip [CVE-2014-9913] 和 zipinfo [CVE-2016-9844] 里的缓冲区溢出 |
| uwsgi | 修正以最近的 glibc 构建失败问题 |
| vim | Fix buffer overflows when reading corrupted undo files [CVE-2017-6349 CVE-2017-6350] |
| vlc | 新上游版本 |
| webissues-server | postrm purge:在调用前检查 ucf 存在 |
| wget | 修正 URL 主机部分的 CRLF 注入 [CVE-2017-6508] |
| xmobar | 更新天气预报 feed URL |
| xshisen | 修正启动时的频繁段错误 |
| yara | 修正多个安全问题 [CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924] |
安全更新
此修订版将以下安全更新添加到了稳定版本。安全小组已经分别为这些更新发布了通告:
已删除的软件包
由于我们无法控制的情况,以下软件包已被删除:
| 包 | 原因 |
|---|---|
| cgiemail | RC-buggy,不再维护 |
| grive | 由于 Google API 更改而损坏 |
| libapache2-authenntlm-perl | 由于 Apache 2.4 而损坏 |
| libwww-dict-leo-org-perl | 由于上游更改而损坏 |
| live-f1 | 由于第三方更改而损坏 |
| owncloud | 不受支持 |
| owncloud-apps | 不受支持 |
Debian 安装程序
安装程序已经更新,以配合发布时包含在稳定版本中的修正内容。
URL
此修订版中更改软件包的完整列表:
当前稳定发行版:
拟议的稳定发行版更新:
稳定发行版信息(发行说明,勘误表等):
安全公告及信息:
关于 Debian
Debian 项目是一个自由软件开发者组织,为制作完全免费的 Debian 操作系统而自愿贡献时间和精力。
联系信息
更多信息,请访问 Debian 主页 https://www.debian.org/,发送邮件至 <press@debian.org>,或联系稳定版本团队 <debian-release@lists.debian.org>。