데비안 9 업데이트 : 9.4 나옴

2018년 3월 10일

데비안 프로젝트는 안정 배포 데비안 9 (코드명 stretch)의 4번째 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 이슈에 대한 수정을 더하고, 심각한 문제에 대한 조정을 따릅니다. 보안 권고는 이미 별도로 알려졌으며 가능한 곳에 참조됩니다.

포인트 릴리스는 데비안 9의 새 버전을 구성하지 않으며 다만 포함된 패키지의 일부만 업데이트함을 주의하세요. 옛 stretch 매체를 던져버릴 필요는 없습니다. 설치 후에, 패키지는 최신 데비안 미러를 써서 현재 버전으로 업그레이드 될 수 있습니다.

security.debian.org 로 부터 업데이트를 자주 설치하는 사람은 많은 패키지를 업데이트할 필요 없으며, 그런 업데이트 대부분의이 포인트 릴리스에 포함되었습니다.

새 설치 이미지는 정규 위치에서 곧 사용가능할 겁니다.

기존 설치를 이 리비전으로 업그레이드 하는 것은 데비안의 많은 http 미러에서 패키지 관리 시스템을 가리킴으로써 가능합니다. 포괄적인 미러 목록은 아래에서 가능합니다:

https://www.debian.org/mirror/list

기타 버그 고침

이 안정 업데이트는 몇 중요한 수정을 아래 패키지에 더함:

패키지 까닭
acme-tiny Fix outdated version of the subscriber agreement
activity-log-manager Add missing dependency on python-zeitgeist
agenda.app Fix creation of tasks and appointments
apparmor Move the features file to /usr/share/apparmor-features; pin the AppArmor feature set to Stretch's kernel
auto-apt-proxy Move apt configuration away on removal, and put it back on reinstalls
bareos Fix backups failing with No Volume name given
base-files Update for the point release
cappuccino Add missing dependency on gir1.2-gtk-3.0
cerealizer Fix Python3 dependencies
clamav New upstream release; security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]
cron Properly transition system jobs to system_cronjob_t SELinux context and stop relying on refpolicy specific identifiers
cups Fix execution of arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding [CVE-2017-18190]
dbus New upstream release; raise file descriptor limit sooner, fixing a regression in local DoS fix
debian-edu-config Pre-configure Chromium Webbrowser system-wide to auto-detect the http proxy settings via WPAD; allow joining of Windows 10 clients to the Samba NT4-style domain
debian-installer Bump Linux kernel version from 4.9.0-4 to 4.9.0-6
debian-installer-netboot-images Update to 20170615+deb9u3 images, from stretch-proposed-updates
directfb Fix architecture-based filter to actually install drivers
dpdk Update to new stable point release
espeakup udeb: fix case where card 0 does not have an id or where cards have non-contiguous indexes; use English by default; use card id in installed system to avoid issues with card detection ordering
exam Fix Python3 dependencies
flatpak New upstream release; fix a D-Bus filtering bypass in flatpak-dbus-proxy; ignore unrecognised permission strings, instead of failing; do not allow legacy eavesdropping on the D-Bus session bus
fuse-zip Fix writeback fail with libzip 1.0
glade Fix possible infinite loop
glibc Do not update /etc/nsswitch.conf when its content already matches the default; debian/script.in/nohwcap.sh: always check for all optimized packages as multiarch allows one to install foreign architectures; avoid use-after-free read access in clntudp_call [CVE-2017-12133]; define collation for Malayalam chillu characters and correct collation of U+0D36 and U+0D37 Malayalam characters; fix invalid cast in group merging affecting ppc64 and s390x; fix compatibility with Intel C++ __regcall calling convention; install the libc-otherbuild postinst and postrm in the libc6-i686 transitional package, to make sure /etc/ld.so.nohwcap is correctly removed after an upgrade
global Gozilla: quote URLs before passing them to BROWSER [CVE-2017-17531]
gnumail Stop linking to OpenSSL
golang-github-go-ldap-ldap Require explicit intention for empty password
gosa-plugin-pwreset Fix deprecated constructor call
grilo-plugins Fix Radio France source
hdf5 Fix javahelper invocation
inputlirc Include input-event-codes.h instead of input.h, fixing build failure
intercal Recompile with PIE
java-atk-wrapper Fix iterator initialization; fix missing reference for children
kildclient Drop support for user-defined browsers [CVE-2017-17511]
libdate-holidays-de-perl Mark Reformation Day as a holiday in Hamburg and Schleswig-Holstein from 2018 onwards
libdatetime-timezone-perl New upstream version
libhibernate-validator-java Fix potential privilege escalation by circumventing security manager permissions [CVE-2017-7536]
libperlx-assert-perl Add missing dependencies on libkeyword-simple-perl, libdevel-declare-perl
libreoffice Let FunctionAccess execute WEBSERVICE; use the right error code on WEBSERVICE() failures
libvhdi Add missing Python3 dependency
libvirt QEMU: shared disks with cache=directsync should be safe for migration; avoid denial of service reading from QEMU monitor [CVE-2018-5748]
linux New upstream version
lxc Fix the creation of testing and unstable containers by including iproute2 rather than iproute
mapproxy Fix Cross Site Scripting (XSS) issue in demo service [CVE-2017-1000426]
mosquitto Fix persistence file being world-readable [CVE-2017-9868]
mpi4py Support current version of libmpi
ncurses Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879]
needrestart Fix switching to list mode if debconf is run non-interactively
ntp Increase stack size to at least 32kB
nvidia-graphics-drivers-legacy-304xx New upstream release
nvidia-graphics-drivers-legacy-340xx New upstream release
nvidia-modprobe New upstream release; run setuid(0) before forking modprobe to preserve privileges through shell invocations and recursive modprobe calls
nvidia-persistenced New upstream release
nvidia-settings New upstream release; fix a bug that prevented changes to stereo eye assignment from getting applied from the nvidia-settings control panel
nvidia-xconfig New upstream release; fix a regression that prevented nvidia-xconfig from querying some GPUs, e.g. when running `nvidia-xconfig -a`
ocfs2-tools Migrate from using rcS to standard runlevels
opendmarc Update opendmarc service file so changes in opendmarc.conf are used
openssh Fix in read-only mode, sftp-server was incorrectly permitting creation of zero-length files [CVE-2017-15906]
osinfo-db Update included data
pdns-recursor Rebuild against publicsuffix 20171028.2055-0+deb9u1
postfix New upstream bugfix release; don't log warnings that some restriction returns OK, when the access map DISCARD feature is in effect; add missing dynamicmaps support in the Postfix sendmail command; fix sending to some sites with TLSA 2 X X records
postgresql-9.6 New upstream version
publicsuffix Update included data
python-evtx Fix missing Python3 dependency
python-hacking Fix Python3 dependencies
python-hkdf Fix Python3 dependencies
python-mimeparse Fix Python3 dependencies
python-pyperclip Fix Python3 dependencies
python-spake2 Fix Python3 dependencies
qtpass Fix insecure built-in password generator [CVE-2017-18021]
quota Prevent quotacheck from running into an endless loop
reportbug Don't send mail to secure-testing-team@lists.alioth.debian.org any more
rpy Rebuild against r-base 3.3
ruby-redis-store Allow unsafe objects to be loaded from redis [CVE-2017-1000248]
salt Fix directory traversal vulnerability on salt-master via crafted minion IDs [CVE-2017-12791], directory traversal vulnerability in minion id validation in SaltStack [CVE-2017-14695], remote Denial of Service with a specially crafted authentication request [CVE-2017-14696]; check if data[return] is dict type
slic3r Patch use lib line in all installed binaries; workaround missing GL_MULTISAMPLE macro; fix importing binary STLs on big-endian architectures
soundtouch Security fixes [CVE-2017-9258 CVE-2017-9259 CVE-2017-9260]
systemd networkd: Handle MTU field in IPv6 RA; add a linker script to help prevent symbol collisions, particularly with PAM modules; resolved: Fix loop on packets with pseudo dns types [CVE-2017-15908]; machinectl: Don't output No machines. with --no-legend option
tzdata New upstream version
ust Fix loading of Python agent library
uwsgi Fix stack-based buffer overflow in uwsgi_expand_path function [CVE-2018-6758]
vagrant Download boxes from app.vagrantcloud.com instead of the deprecated atlas.hashicorp.com
vdirsyncer Fix discovery of Google contacts
virt-what Unbreak virt detection on arm/aarch64
w3m Fix stack overflow [CVE-2018-6196], null deref [CVE-2018-6197], /tmp file races [CVE-2018-6198]
waagent New upstream version
webkit2gtk New upstream stable release
xchain Fix dependency on wish
xrdp Fix security issue [CVE-2017-16927]; fix high CPU load on ssl_tls_accept

보안 업데이트

이 리비전은 아래 보안 업데이트를 안정 릴리스에 더합니다. 보안 팀은 이미 이 업데이트 각각에 대한 경보를 이미 냈습니다:

경보 ID 패키지
DSA-4054 tor
DSA-4055 heimdal
DSA-4056 nova
DSA-4057 erlang
DSA-4058 optipng
DSA-4059 libxcursor
DSA-4060 wireshark
DSA-4061 thunderbird
DSA-4062 firefox-esr
DSA-4063 pdns-recursor
DSA-4065 openssl1.0
DSA-4066 otrs2
DSA-4067 openafs
DSA-4068 rsync
DSA-4069 otrs2
DSA-4070 enigmail
DSA-4071 sensible-utils
DSA-4072 bouncycastle
DSA-4073 linux
DSA-4075 thunderbird
DSA-4076 asterisk
DSA-4077 gimp
DSA-4078 linux
DSA-4078 linux-latest
DSA-4079 poppler
DSA-4080 php7.0
DSA-4083 poco
DSA-4084 gifsicle
DSA-4086 libxml2
DSA-4087 transmission
DSA-4088 gdk-pixbuf
DSA-4089 bind9
DSA-4090 wordpress
DSA-4092 awstats
DSA-4093 openocd
DSA-4094 smarty3
DSA-4095 gcab
DSA-4096 firefox-esr
DSA-4097 poppler
DSA-4098 curl
DSA-4099 ffmpeg
DSA-4100 tiff
DSA-4101 wireshark
DSA-4102 thunderbird
DSA-4104 p7zip
DSA-4105 mpv
DSA-4106 libtasn1-6
DSA-4107 django-anymail
DSA-4108 mailman
DSA-4109 ruby-omniauth
DSA-4110 exim4
DSA-4111 libreoffice
DSA-4112 xen
DSA-4114 jackson-databind
DSA-4115 quagga
DSA-4116 plasma-workspace
DSA-4118 tomcat-native
DSA-4120 linux-latest
DSA-4120 linux
DSA-4121 gcc-6
DSA-4122 squid3
DSA-4123 drupal7
DSA-4124 lucene-solr
DSA-4125 wavpack
DSA-4126 xmltooling
DSA-4127 simplesamlphp
DSA-4128 trafficserver
DSA-4129 freexl
DSA-4130 dovecot
DSA-4131 xen
DSA-4132 libvpx

없어진 패키지

아래 패키지들은 우리의 통제를 넘어서 없어졌습니다:

패키지 까닭
dolibarr Too much work to maintain it properly in Debian
electrum Security issues; broken due to upstream changes
jirc Broken with stretch's libpoe-filter-xml-perl
pgmodeler Incompatible with stretch's Postgresql
seelablet Abandoned upstream; broken

데비안 설치프로그램

설치프로그램은 안정본에 통합된 수정을 포인트 릴리스에 의해 포함하도록 업데이트 되었습니다.

URLs

이 리비전으로 바뀐 패키지 전체 목록 :

http://ftp.debian.org/debian/dists/stretch/ChangeLog

현재 안정 배포:

http://ftp.debian.org/debian/dists/stable/

안정 배포에 제안된 업데이트:

http://ftp.debian.org/debian/dists/proposed-updates

안정 배포 정보(릴리스 노트, 정오표 등.):

https://www.debian.org/releases/stable/

보안 알림과 정보:

https://security.debian.org/

데비안에 대해

데비안 프로젝트는 완전히 자유로운 운영체제 데비안을 만들기 위해 그들의 시간과 노력을 자원한 자유 소프트웨어 개발자 모임입니다.

연락처 정보

더 많은 정보를 위하여, 데비안 웹 페이지 https://www.debian.org/ 를 방문하거나, <press@debian.org> 에 메일 보내거나, 안정 릴리스 팀 <debian-release@lists.debian.org>.에 문의하세요.