데비안 8 업데이트: 8.11 나옴

2018년 6월 23일

데비안 프로젝트는 옛 안정 배포 데비안 8 (코드명 jessie) 11번째(그리고 마지막) 업데이트 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 문제에 따른 조정과 심각한 보안 이슈 수정을 더했습니다. 보안 권고는 이미 별도로 게시했으며 가능한 경우 참조됩니다.

이 포인트 릴리스 이후, 데비안의 보안 및 릴리스 팀은 데비안 8 업데이트를 만들지 않을 겁니다. 보안 지원을 받기를 계속하기를 바라는 사용자는 데비안 9로 업그레이드 하거나, https://wiki.debian.org/LTS에서 LTS에서 지원되는 아키텍처와 패키지의 부분집합에 대한 상세를 봐야 할 겁니다.

The packages for some architectures for DSA 3746, DSA 3944, DSA 3968, DSA 4010, DSA 4014, DSA 4061, DSA 4075, DSA 4102, DSA 4155, DSA 4209 and DSA 4218 are not included in this point release for technical reasons. All other security updates released during the lifetime of "jessie" that have not previously been part of a point release are included in this update.

포인트 릴리스는 데비안 8의 새 버전을 구성하지 않으며 다만 포함된 패키지의 일부만 업데이트함을 주의하세요. 옛 jessie 매체를 던져버릴 필요는 없습니다. 설치 후에, 패키지는 최신 데비안 미러를 써서 현재 버전으로 업그레이드 될 수 있습니다.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.

새 설치 이미지는 일반적 위치에서 곧 가능할 겁니다.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

기타 버그 고침

이 옛 안정 업데이트는 몇 중요한 수정을 아래 패키지에 더했습니다:

Package Reason
adminer Don't allow connections to privileged ports [CVE-2018-7667]
base-files Update for the point release
blktrace Fix buffer overflow in btt [CVE-2018-10689]
bwm-ng Explicitly build without libstatgrab support
clamav Security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]; fix temporary file cleanup issue; new upstream release; new upstream version
debian-installer Rebuild for the point release
debian-installer-netboot-images Rebuild for the point release
debian-security-support Update package data
dh-make-perl Support Contents file without header
dns-root-data Update IANA DNSSEC files to 2017-02-02 versions
faad2 Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]
file Avoid reading past the end of a buffer [CVE-2018-10360]
ghostscript Fix segfault with fuzzing file in gxht_thresh_image_init; fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194]
intel-microcode Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]
lame Fix security issues by switching to use I/O routines from sndfile [CVE-2017-15018 CVE-2017-15045 CVE-2017-15046 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872]
libdatetime-timezone-perl Update included data
libextractor Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]
libipc-run-perl Fix memory leak
linux New upstream stable release
mactelnet Security fix [CVE-2016-7115]
ncurses Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879]
nvidia-graphics-drivers New upstream version
nvidia-graphics-drivers-legacy-304xx Update to latest driver
openafs Fix kernel module build against linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes
openldap Fix upgrade failure when olcSuffix contains a backslash; fix memory corruption caused by calling sasl_client_init() multiple times
patch Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]
postgresql-9.4 New upstream release
psensor Fix directory traversal issue [CVE-2014-10073]
python-mimeparse Fix python3-mimeparse's dependencies
rar Strip statically linked rar and install the dynamically linked version instead
reportbug Stop CCing secure-testing-team@lists.alioth.debian.org
sam2p Fix multiple invalid frees and buffer-overflow vulnerabilities [CVE-2018-7487 CVE-2018-7551 CVE-2018-7552 CVE-2018-7553 CVE-2018-7554]
slurm-llnl Fix upgrade issue from wheezy
soundtouch Security fixes [CVE-2017-9258 CVE-2017-9259 CVE-2017-9260]
subversion Fix crashes with Perl bindings, commonly seen when using git-svn
tzdata Update included data
user-mode-linux Rebuild against current jessie kernel
virtualbox-guest-additions-iso Fix multiple security issues [CVE-2016-0592 CVE-2016-0495 CVE-2015-8104 CVE-2015-7183 CVE-2015-5307 CVE-2015-7183 CVE-2015-4813 CVE-2015-4896 CVE-2015-3456]
xerces-c Fix Denial of Service via external DTD reference [CVE-2017-12627]
zsh Rebuild against libraries currently in jessie

보안 업데이트

이 리비전은 아래 보안 업데이트를 안정 릴리스에 더합니다. 보안 팀은 이미 이 업데이트 각각에 대한 경보를 이미 냈습니다:

Advisory ID Package
DSA-3707 openjdk-7
DSA-3708 mat
DSA-3746 graphicsmagick
DSA-3782 openjdk-7
DSA-3832 openoffice.org-dictionaries
DSA-3858 openjdk-7
DSA-3923 freerdp
DSA-3944 mariadb-10.0
DSA-3954 openjdk-7
DSA-3968 icedove
DSA-4010 git-annex
DSA-4014 thunderbird
DSA-4048 openjdk-7
DSA-4054 tor
DSA-4057 erlang
DSA-4058 optipng
DSA-4059 libxcursor
DSA-4060 wireshark
DSA-4061 thunderbird
DSA-4062 firefox-esr
DSA-4066 otrs2
DSA-4067 openafs
DSA-4068 rsync
DSA-4069 otrs2
DSA-4070 enigmail
DSA-4071 sensible-utils
DSA-4075 thunderbird
DSA-4076 asterisk
DSA-4077 gimp
DSA-4079 poppler
DSA-4081 php5
DSA-4082 linux
DSA-4082 linux-latest
DSA-4083 poco
DSA-4084 gifsicle
DSA-4085 xmltooling
DSA-4086 libxml2
DSA-4087 transmission
DSA-4088 gdk-pixbuf
DSA-4089 bind9
DSA-4090 wordpress
DSA-4091 mysql-5.5
DSA-4092 awstats
DSA-4093 openocd
DSA-4094 smarty3
DSA-4096 firefox-esr
DSA-4097 poppler
DSA-4098 curl
DSA-4100 tiff
DSA-4101 wireshark
DSA-4102 thunderbird
DSA-4104 p7zip
DSA-4108 mailman
DSA-4109 ruby-omniauth
DSA-4110 exim4
DSA-4111 libreoffice
DSA-4114 jackson-databind
DSA-4115 quagga
DSA-4117 gcc-4.9
DSA-4118 tomcat-native
DSA-4119 libav
DSA-4122 squid3
DSA-4123 drupal7
DSA-4124 lucene-solr
DSA-4126 xmltooling
DSA-4127 simplesamlphp
DSA-4129 freexl
DSA-4130 dovecot
DSA-4132 libvpx
DSA-4133 isc-dhcp
DSA-4136 curl
DSA-4137 libvirt
DSA-4139 firefox-esr
DSA-4140 libvorbis
DSA-4141 libvorbisidec
DSA-4142 uwsgi
DSA-4143 firefox-esr
DSA-4146 plexus-utils
DSA-4147 polarssl
DSA-4148 kamailio
DSA-4149 plexus-utils2
DSA-4150 icu
DSA-4151 librelp
DSA-4152 mupdf
DSA-4153 firefox-esr
DSA-4154 net-snmp
DSA-4155 thunderbird
DSA-4156 drupal7
DSA-4157 openssl
DSA-4161 python-django
DSA-4163 beep
DSA-4164 apache2
DSA-4165 ldap-account-manager
DSA-4167 sharutils
DSA-4168 squirrelmail
DSA-4172 perl
DSA-4175 freeplane
DSA-4176 mysql-5.5
DSA-4177 libsdl2-image
DSA-4178 libreoffice
DSA-4179 linux-tools
DSA-4180 drupal7
DSA-4184 sdl-image1.2
DSA-4186 gunicorn
DSA-4187 linux-latest
DSA-4187 linux
DSA-4189 quassel
DSA-4190 jackson-databind
DSA-4192 libmad
DSA-4193 wordpress
DSA-4194 lucene-solr
DSA-4195 wget
DSA-4196 linux
DSA-4199 firefox-esr
DSA-4202 curl
DSA-4204 imagemagick
DSA-4208 procps
DSA-4209 thunderbird
DSA-4211 xdg-utils
DSA-4212 git
DSA-4214 zookeeper
DSA-4215 batik
DSA-4216 prosody
DSA-4217 wireshark
DSA-4218 memcached
DSA-4220 firefox-esr
DSA-4221 libvncserver
DSA-4222 gnupg2
DSA-4224 gnupg
DSA-4225 openjdk-7
DSA-4226 perl
DSA-4227 plexus-archiver
DSA-4228 spip
DSA-4229 strongswan

없앤 패키지

아래 패키지들은 우리의 통제를 넘어서 없어졌습니다:

Package Reason
dolibarr Too much work to maintain it properly in Debian
electrum No longer able to connect to the network
jirc Broken with jessie's libpoe-filter-xml-perl
nvidia-graphics-modules License problem; incompatible with current kernel ABI
openstreetmap-client Broken
redmine No longer security supported
redmine-plugin-pretend Depends on redmine
redmine-plugin-recaptcha Depends on redmine
redmine-recaptcha Depends on redmine
youtube-dl Incompatible YouTube API changes

Debian Installer

The installer has been updated to include the fixes incorporated into oldstable by the point release.

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/jessie/ChangeLog

The current oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable/

Proposed updates to the oldstable distribution:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates

oldstable distribution information (release notes, errata etc.):

https://www.debian.org/releases/oldstable/

Security announcements and information:

https://security.debian.org/

About Debian

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

Contact Information

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.