Debian 9 更新:9.3 發佈
2017年12月09日
Debian 項目很高興地宣佈 Debian 9 穩定版本的第三次更新(代號stretch
)。此次小版本更新主要添加了對安全問題的修正補丁,以及為一些嚴重問題所作的調整。
安全建議已單獨發佈,並會在適當的情況下予以引用。
請注意,此更新並不是 Debian 9 的新版本,其僅更新了所包含的一些套件。沒有必要丟棄舊的stretch
的安裝介質。在安裝之後,只需使用最新的 Debian
映射站台更新舊的套件即可。
經常從 security.debian.org 安裝更新的使用者將不必更新許多套件,因本更新中包含了 security.debian.org 的大多數更新。
新的安裝映射站台即將於常規的位置予以提供。
透過將套件管理系統指向 Debian 的許多 HTTP 映射站台之一,您可以將已有的系統升級至本次更新版本。詳盡的映射站台列表可以在以下網址處獲得:
雜項錯誤修正
此穩定版更新為以下套件添加了一些重要的修正:
套件 | 原因 |
---|---|
abiword | Fix flickering |
base-files | 為小版本更新提供文件 |
berusky | Fix startup crash with certain video card configurations |
charmtimetracker | 補充缺失的二進制依賴 libqt5sql5-sqlite |
corebird | 將推文最大長度增加到 280 字符 |
dbus | When parsing dbus-daemon configuration, don't delay startup if high-quality entropy is not yet available; when using the Monitoring interface, match message filters that specify a destination correctly; increase listen() backlog of AF_UNIX sockets to the maximum possible, minimizing failed connections under heavy load |
debian-edu-doc | Merge stretch related documentation and translation updates from unstable and the wiki; documentation/common/edu.css.xml: improve HTML manual readability |
debian-installer | 為小版本更新重新構建 |
dehydrated | Update subscriber license agreement URL |
doit | Add Breaks: nikola (<< 7.6.0-1~) to ensure its removal on upgrades from jessie |
eclipse-titan | Rebuild against current stretch GCC |
fig2dev | Add input sanitisation on FIG files [CVE-2017-16899]; sanitize input of fill patterns |
flickcurl | Fix oauth token fetching; prevent double free corruption during authentication |
flightgear | Prevent malicious add-ons from overriding arbitrary files [CVE-2017-13709] |
ganeti | Backport upstream support for non-DSA SSH keys; fix failover from dead nodes when using extstorage; fix instance import/export/move with current socat versions |
gdm3 | Backport several patches to fix XDMCP support |
getmail4 | Fix issue related to malformed fingerprints |
grok | Fix pointer aliasing bug; libgrok-dev: add missing dependencies on libgrok1 and libtokyocabinet-dev |
gunicorn | Drop unnecessary Pre-Dependson dpkg-dev which was causing gunicorn and python-gunicorn to bring in a compiler as a dependency |
icu | Fix double free in createMetazoneMappings() [CVE-2017-14952] |
inn2 | [i386] Rebuild to pick up correct path to gzip binary |
iproute2 | Fix segfault in tcwith iptables 1.6 |
jdcal | 修復 Python3 依賴 |
kde-gtk-config | Fix preview buttons in KDE-GTK-config UI |
lasi | liblasi-dev: add missing dependencies on libpango1.0-dev and libfreetype6-dev |
libdatetime-timezone-perl | 更新包含的數據 |
libdbd-firebird-perl | Fix fetching of decimal(x,y) values between -1 and 0 |
libdbi | Re-enable error handler call in dbi_result_next_row() |
liblog-log4perl-perl | Work around Perl 5.24 no longer allowing syswrite and utf8 together |
liblouis | Fix buffer overflow and use-after-free issues [CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744] |
libmpd | libmpd-dev: Add the missing dependency on libglib2.0-dev |
libofx | 安全修復 [CVE-2017-2816 CVE-2017-14731] |
libxkbcommon | libxkbcommon-x11-dev: add missing dependency on libxkbcommon-dev |
libxsettings-client | 添加缺失的 libxsettings-client-dev -> libxsettings-dev 依賴 |
linux | xen/time: do not decrease steal time after live migration on xen; new stable kernel version 4.9.65 |
live-config | Configure autologin for KDE / Plasma live images |
lxc | Don't hardcode list of valid Debian releases, allowing the creation of containers for stable, buster, testing and unstable; don't insert C.* locales into /etc/locale.gen |
mongodb | Fix segfault/FTBFS on ARM64 with 48-bit virtual addresses, spidermonkey GC segfault when built with GCC 6; mongodb.service: start after network.target |
openssh | Test configuration before starting or reloading sshd under systemd; adjust compatibility patterns for WinSCP to correctly identify versions that implement only the legacy DH group exchange scheme; make --before the hostname terminate argument processing after the hostname too |
pdns | Fix incorrect qname casing in NSEC3 generation; add missing check on API operations [CVE-2017-15091] |
pdns-recursor | Security fixes: insufficient validation of DNSSEC signatures [CVE-2017-15090]; Cross-Site Scripting in the web interface [CVE-2017-15092]; configuration file injection in the API [CVE-2017-15093]; memory leak in DNSSEC parsing [CVE-2017-15094] |
postgresql-9.6 | 上游新的問題修復版本 |
publicsuffix | 更新包含的數據 |
pyosmium | Upstream bugfix release: handler functions not called when using replication service or when using Reader instead of file |
python-diff-match-patch | Add missing python3 dependency on Python 3 package |
python-inflect | 修復 Python 3 依賴 |
python-tablib | 安全地加載 YAML [CVE-2017-2810] |
python2.7 | Fix integer overflow in PyString_DecodeEscape [CVE-2017-1000158]; support all groups in TLS communication |
qtcurve | Fix crashes by using strncmp() instead of memcmp() |
ruby-httparty | Relax dependency version in gem dependency on json |
ruby-ox | Avoid crash with invalid XML passed to Oj.parse_obj() [CVE-2017-15928] |
ruby-pygments.rb | Avoid closing too many files when mentos starts, which can cause build failures in other packages on slower systems |
schroot | Fix bash completion file; add systemd service file with Type=oneshot to avoid timeout issues with too many open sessions |
simutrans | Enable sound for simutrans again. Switch from SDL to mixer_sdl backend |
sitesummary | Adjust nagios kernel version checking module to work with 4.x kernels |
slic3r | Fix missing dependency on perlapi-* |
spamassassin | Disable bb.barracudacentral.org; update the systemd unit file to use the same pid file as was used in the sysvinit script; update systemd unit dependencies to include network and syslog; fix inappropriate invocation of invoke-rc.d in cron script |
sqldeveloper-package | 修復構建失敗問題 |
sqlite3 | Fix heap-based buffer over-read via undersized RTree blobs [CVE-2017-10989] |
syslinux | Fix btrfs logical to physical block address mapping; fix boot problem for old BIOS firmware by correct C/H/S order; support ext4 64bit feature |
tdbcodbc | 修復 ODBC 庫搜尋中的問題 |
tor | Add Bastetdirectory authority; fix a timing-based assertion failure; update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 country database |
tzdata | 新上游版本 |
udftools | Fix path to pktsetup in udftools init script |
weechat | logger: call strftime before replacing buffer local variables[CVE-2017-14727] |
xml2 | 修復處理 UTF-8 文件時文件損壞問題,更新 2csv 工具的使用幫助字符串 |
xrdp | 修復在 SSL 斷線時的高 CPU 負載問題 |
zsh | 重構建以為 zsh-static 更新庫 |
安全更新
此修訂版本將以下安全更新添加到了穩定發行版本中。安全團隊已經分別為這些更新發布了通告:
已刪除的套件
由於我們無法控制的情況,以下套件已被刪除:
套件 | 原因 |
---|---|
libnet-ping-external-perl | 無人維護,存在安全問題 |
Debian 安裝器
安裝器已經更新,以配合發佈時包含在穩定版本中的修正內容。
鏈接
此修訂版本中有更改的套件的完整列表:
當前穩定發行版:
擬議的穩定發行版更新:
穩定發行版信息(發行說明,勘誤等):
安全公告及信息:
關於 Debian
Debian 項目是一個自由軟體開發者組織,這些志願者為製作完全自由免費的 Debian 作業系統而自願貢獻時間和精力。
聯繫信息
更多信息,請訪問 Debian 主頁 https://www.debian.org/,發送郵件至 <press@debian.org>,或聯繫穩定版本發佈團隊 <debian-release@lists.debian.org>。