데비안 9 업데이트: 9.2 나옴

2017년 10월 07일

데비안 프로젝트는 안정 배포본 데비안9 (codename stretch의 두번쩨 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 이슈에 대한 수정을 추가했으며, 심각한 이슈에 대한 조정을 따릅니다. 보안권고는 이미 별도로 게시했으며 사용가능한 곳에 참조됩니다.

포인트 릴리스는 데비안 9의 새 버전을 구성하지 않고 포함된 패키지 일부만 업데이트함을 주의하세요. 기존 stretch 매체를 던저 버릴 필요는 없습니다. 설치 후, 패키지는 최신 데비안 미러를 써서 현재 버전으로 업그레이드 될 수 있습니다.

security.debian.org 에서 업데이트를 자주 설치하는 사용자는 많은 패키지를 업데이트하지 않을 것이며, 대부분 그 업데이트는 포인트 릴리스에 포함되었습니다.

새 설치 이미지는 일반 위치에서 곧 가능하게 될 겁니다.

기존 설치를 이 리비전으로 업그레이드하는 것이 데비안의 많은 HTTP 미러 중 하나에 있는 패키지 관리시스템에서 수행될 수 있습니다. 포괄적 미러 목록이 아래에 가능합니다:

https://www.debian.org/mirror/list

이 포인트 릴리스의 특수한 경우로, apt-get 도구를 써서 업그레이드하는 사람들은 dist-upgrade 명령을 써서 최신 커널 패키지로 업데이트 할 필요가 있습니다. aptaptitude 처럼 다른 도구를 사용하는 사용자는 upgrade 명령을 사용해야 합니다.

여러가지 버그 고침

포인트 릴리스를 준비하는 동안 관리감독으로 인해, base-files 패키지에 대한 일반적 업데이트는 불행히도 포함되지 않았습니다. 업데이트 된 패키지는 가까운 미래에 stretch-updates 를 통해 가능하게 될 겁니다.

이 안정 업데이트는 아래 패키지에 중요한 수정을 더합니다:

패키지 까닭
apt Fix issues in apt-daily-upgrade; fix a possible crash in the mirror method
at-spi2-core Fix crash on switching windows
bareos Fix permissions of bareos-dir logrotate config on upgrade; fix file corruption when using SHA1 signature
bind9 Import support for DNSSEC KSK-2017
bridge-utils Fix a problem with some vlan interfaces not being created
caja Fix excessive CPU use while loading background image
chrony Do not pass 'burst' command to chronyc
cross-gcc Fix outdated support for gcc 6.3.0-18
cvxopt Remove the unneccessary and non-working compatibility layer for lpx_main()
db5.3 Do not access DB_CONFIG when db_home is not set [CVE-2017-10140]
dbus New upstream stable release
debian-edu-doc Merge stretch related documentation and translation updates; update Debian Edu Stretch manual from the wiki; replace existing boot menu screenshots with recent ones from the wiki
debian-installer Update Linux kernel ABI to 4
debian-installer-netboot-images Rebuild against proposed-updates
desktop-base Fix XML syntax errors in gnome wallpaper description files making Joy wallpapers unavailable by default; ensure postinst doesn’t fail on upgrade even when an incomplete theme pack is active
dns-root-data Update root.hints to 2017072601 version; change the state of KSK-2017 to VALID
dnsdist Security fixes [CVE-2016-7069 CVE-2017-7557]
dnsviz Cherry-pick upstream fixes related to root.hints and root.keys changes
dose3 Fix versioned provides support - packages that provide the same virtual package in different versions, or that provide the same versioned virtual package as a real package, are co-installable
ecl Add missing dependency on libffi-dev
erlang-p1-tls Fix ECDH curves
evolution Fix hang on right click in composer window
expect Properly check for EOF, to avoid losing input
fife Fix memory leak
flatpak New upstream stable release; prevent deploying files with inappropriate permissions; restore compatibility with libostree 2017.7
freerdp Enable TLS >= 1.1 support
gnome-exe-thumbnailer Switch to msitools' msiinfo for ProductVersion fetching, replacing the insecure VBScript-based parsing [CVE-2017-11421]; fix unreadable white-on-white text on version labels
gnupg2 Fix dirmngr issues with broken reverse DNS, assertion when using tofu-default-policy ask, multiple issues with scdaemon, avoid spurious warnings when sharing a keybox with gpg >= 2.1.20
gnutls28 Fix OCSP verification errors, especially with ECDSA signatures
gosa-plugin-mailaddress Fix parent constructor calls, for compatibility with PHP7
gsoap Fix integer overflow via large XML document [CVE-2017-9765]
haveged Start haveged.service after systemd-tmpfiles-setup.service has been run
ipsec-tools Security fix [CVE-2016-10396]
irssi Fix null pointer dereference [CVE-2017-10965], use-after-free condition for nicklist [CVE-2017-10966]
kanatest Remove DISABLE_DEPRECATED flags, they cause implicit pointer conversion and thus a segmentation fault on startup
kdepim Fix send Later with Delay bypasses OpenPGP [CVE-2017-9604]
kf5-messagelib Fix send Later with Delay bypasses OpenPGP [CVE-2017-9604]
krb5 Fix security issue where remote authenticated attackers can crash the KDC [CVE-2017-11368]; fix startup if getaddrinfo() returns a wildcard v6 address and handling of explicitly specified v4 wildcard address; fix SRV lookups to respect udp_preference_limit
lava-tool Add missing dependency on python-simplejson
librsb Fix a few severe bugs leading to numerically wrong results
libselinux Rebuild with new sbuild to fix changelog date
libsolv Fix dependencies on Python 3 modules
libwpd Fix denial of service issue [CVE-2017-14226]
linux New upstream stable version
linux-latest Update to 4.9.0-4
lzma Rebuild with new sbuild to fix changelog date
mailman Fix broken dependencies in contrib/SpamAssassin.py
mate-power-manager Don't abort on unknown DBus signal name
mate-themes Fix font colour of URL bar in Google Chrome
mate-tweak Add missing dependency on python3-gi
ncurses Fix various crash bugs in the tic library and the tic binary [CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13734 CVE-2017-13733]
nettle Rebuild with new sbuild to fix changelog date
node-brace-expansion Fix regular expression denial of service issue
node-dateformat Set TZ=UTC for tests to fix build failure
ntp Build and install /usr/bin/sntp
nvidia-graphics-drivers New upstream long lived branch release 375.82 - security fixes [CVE-2017-6257 CVE-2017-6259], add support for the following GPUs: GeForce GTX 1080 with Max-Q Design, GeForce GTX 1070 with Max-Q Design, GeForce GTX 1060 with Max-Q Design; nvidia-kernel-dkms: Honor parallel setting from dkms
open-vm-tools Randomly generate temporary directory name [CVE-2015-5191]
opendkim Start as root and drop privileges in opendkim for proper key file ownership
openldap Relax the dependency of libldap-2.4-2 on libldap-common to also permit later versions; fix upgrade failure when olcSuffix contains a backslash; avoid reading the value of the LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory; fix potential endless replication loop in a multi-master delta-syncrepl scenario with 3 or more nodes; fix memory corruption caused by calling sasl_client_init() multiple times and possibly concurrently
openvpn Fix broken reconnects due to wrong push digest calculation
osinfo-db Update distribution information
pcb-rnd Fix execution of code via a maliciously formed design file
postfix New upstream stable version - send single character variable names to milters without {}; prevent MIME downgrade of Postfix-generated message/delivery status; work around Berkeley DB attempting to read settings from DB_CONFIG file
python-pampy Fix dependencies on Python 3 modules
request-tracker4 Fix regression in previous security release where incorrect SHA256 passwords could trigger an error
ruby-gnome2 ruby-{gdk3,gtksourceview2,pango,poppler}: Add missing dependencies
samba Ensure SMB signing enforced [CVE-2017-12150]; keep required encryption across SMB3 DFS redirects [CVE-2017-12151]; fix server memory information leak over SMB1 [CVE-2017-12163]; new upstream release; fix libpam-winbind.prerm to be multiarch-safe; add missing logrotate for /var/log/samba/log.samba; fix outdated DNS Root servers; fix Non-kerberos logins fails on winbind 4.X when krb5_auth is configured in PAM
smplayer Fix connections to YouTube
speech-dispatcher Make spd-conf work again
suricata Limit the number of recursive calls in the DER/ASN.1 decoder to avoid stack overflows
swift New upstream stable release
tbdialout Include leading plus symbol when using tel: URI scheme
tiny-initramfs Add missing dependency on cpio
topal Fix misuse of sed character class syntax
torsocks Fix check_addr() to return either 0 or 1
trace-cmd Fix segfault while processing certain trace files
unbound Fix install of trust anchor when two anchors are present; depend on dns-root-data (>= 2017072601~) for KSK-2017
unknown-horizons Fix memory leak
up-imapproxy Correct systemd service file
vim Fix several crashes / illegal memory accesses [CVE-2017-11109]
waagent New upstream release, with support for Azure Stack
webkit2gtk Upstream security and bugfix release [CVE-2017-2538 CVE-2017-7052 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064]
whois Fix whois referrals for .com, .net, .jobs, .bz, .cc and .tv; add several new Indian TLD servers; update the list of gTLDs
wrk Fix build failures
xfonts-ayu Fix generation of bold and italic fonts
xkeyboard-config Move Indic layouts back to the main layout list, enabling their use again
yadm Fix race condition which could allow access to private PGP and SSH keys [CVE-2017-11353]

보안 업데이트

이 리비전은 아래 보안 업데이트를 안정 릴리스에 더했습니다. 보안 팀은 이미 각 업데이트에 대한 자문을 발표했습니다:

자문 ID 패키지
DSA-3881 firefox-esr
DSA-3898 expat
DSA-3904 bind9
DSA-3909 samba
DSA-3913 apache2
DSA-3914 imagemagick
DSA-3915 ruby-mixlib-archive
DSA-3916 atril
DSA-3917 catdoc
DSA-3919 openjdk-8
DSA-3920 qemu
DSA-3921 enigmail
DSA-3923 freerdp
DSA-3924 varnish
DSA-3925 qemu
DSA-3926 chromium-browser
DSA-3927 linux
DSA-3928 firefox-esr
DSA-3929 libsoup2.4
DSA-3930 freeradius
DSA-3931 ruby-rack-cors
DSA-3932 subversion
DSA-3934 git
DSA-3936 postgresql-9.6
DSA-3938 libgd2
DSA-3940 cvs
DSA-3941 iortcw
DSA-3942 supervisor
DSA-3946 libmspack
DSA-3947 newsbeuter
DSA-3948 ioquake3
DSA-3949 augeas
DSA-3950 libraw
DSA-3952 libxml2
DSA-3953 aodh
DSA-3955 mariadb-10.1
DSA-3956 connman
DSA-3957 ffmpeg
DSA-3958 fontforge
DSA-3959 libgcrypt20
DSA-3961 libgd2
DSA-3962 strongswan
DSA-3963 mercurial
DSA-3964 asterisk
DSA-3965 file
DSA-3966 ruby2.3
DSA-3967 mbedtls
DSA-3968 icedove
DSA-3969 xen
DSA-3970 emacs24
DSA-3971 tcpdump
DSA-3972 bluez
DSA-3973 wordpress-shibboleth
DSA-3974 tomcat8
DSA-3975 emacs25
DSA-3976 freexl
DSA-3977 newsbeuter
DSA-3978 gdk-pixbuf
DSA-3979 pyjwt
DSA-3980 apache2
DSA-3982 perl
DSA-3984 git
DSA-3985 chromium-browser
DSA-3986 ghostscript
DSA-3987 firefox-esr
DSA-3988 libidn2-0

없어진 패키지

아래 패키지는 우리의 통제를 넘는 상황으로 없어졌습니다:

패키지 까닭
clapack Outdated and unmaintained fork of lapack

데비안 설치관리자

설치관리자는 포인트 릴리스에 의해 고쳐 내용을 포함하도록 업데이트 되었습니다.

URL

이 리비전으로 변경된 패키지 목록:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

현재 안정 배포본:

http://ftp.debian.org/debian/dists/stable/

안정 배포본에 대해 제안된 업데이트:

http://ftp.debian.org/debian/dists/proposed-updates

안정 배포본 정보(릴리스 노트, 정오표 등):

https://www.debian.org/releases/stable/

보안 알림과 정보:

https://security.debian.org/

데비안에 대하여

데비안 프로젝트는 시간과 노력을 봉사하여 완전히 자유 운영 체제 데비안을 만들려고 하는 자유 소프트웨어 개발자 협회입니다.

연락 정보

좀 더 자세한 정보를 위해, 데비안 웹 페이지 https://www.debian.org/ 를 방문하고, 메일을 <press@debian.org> 에 보내거나, 안정 릴리스 팀 <debian-release@lists.debian.org> 에 문의하세요.