데비안 9 업데이트: 9.5 나옴

2018년 7월 14일

데비안 프로젝트는 안정 배포 데비안 9 (코드명 stretch)의 5번째 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 이슈에 수정을 더하고, 심각한 문제에 대한 조정을 따릅니다. 보안 권고는 이미 따로 알렸으며 가능한 곳에서 참조됩니다.

포인트 릴리스는 데비안 9의 새 버전을 구성하지 않으며 포함된 패키지 일부만 업데이트함을 주의하세요. 옛 stretch 미디어를 던져버릴 필요는 없습니다. 설치 후, 패키지는 최신 데비안 미러를 써서 업그레이드 될 수 있습니다.

security.debian.org로 부터 업데이트를 자주 설치하는 사람은 많은 패키지를 업데이트할 필요 없으며, 그런 업데이트 대부분이 포인트 릴리스에 들어있습니다.

새 설치 이미지는 정규 위치에서 곧 사용가능할 겁니다.

기존 설치를 이 리비전으로 업그레이드 하는 것은 데비안의 많은 http 미러에서 패키지 관리 시스템을 가리킴으로써 가능합니다. 포괄적인 미러 목록은 아래에서 가능합니다:

https://www.debian.org/mirror/list

기타 버그 고침

This stable update adds a few important corrections to the following packages:

Package Reason
2ping Add missing dependency on python-pkg-resources
abiword Resolve binary file conflict between abiword-dbgsym and abiword-plugin-grammar-dbgsym
adminer Don't allow connections to privileged ports [CVE-2018-7667]
animals Fix incorrect file permissions that made the game unusable
apache2 Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33, fixing segfaults, high memory usage and potential crash [CVE-2018-1302]; make the apache-htcacheclean init script actually use /etc/default/apache-htcacheclean for its config
auto-complete-el Add upstream fix for emacs25; adjust the emacs dependencies to the emacs versions in stretch; set auto-complete-el.emacsen-compat to silence installation warning
awffull Do not use removed options in /etc/cron.daily/awffull
ax25-tools Avoid segmentation fault at runtime
base-files Update for the point release
blktrace Fix buffer overflow in btt [CVE-2018-10689]
ca-certificates Update Mozilla CA bundle to version 2.22; bug fixes
camo Add missing dependency on openssl
cffi Add missing files for cffi-libffi and cffi-toolchain; add several missing dependencies
check-postgres Update testsuite to handle pg_get_indexdef() now always including the schema name
clamav New upstream version; don't fail on recently removed config options
clustershell Add missing dependency on python-pkg-resources
debian-installer Update for -7 kernel ABI
debian-installer-netboot-images Rebuild for the point release
debian-security-support Update included data
dehydrated Fix failure to create fullchain.pem
devscripts uscan: fix the new package version regex for filenamemangle; debsign: fix bash completion; bts: support the new ftbfs tag; uscan: support HTTPS in the sf.net redirector; debcheckout: support salsa.debian.org; debdiff: sort shlibs files before comparing, reducing diff noise; uscan: actually support --copy
disc-cover Fix perl error when running disc-cover
discover Use correct type for the length parameter of the getline() call
django-xmlrpc Fix python3 dependencies
dosbox Fix crashes with core=dynamic
dpdk New upstream stable update
dpkg Fix integer overflow in deb(5) format version parser; fix directory traversal with dpkg-deb --raw-extract; add support for riscv64 CPU; do not normalize args past a passthrough stop word in Dpkg::Getopt; parse start-stop-daemon usernames and groupnames starting with digits correctly; always use the binary version for the .buildinfo filename
dput-ng Add jessie-backports-sloppy and stretch-backports targets; include 'testing' in the rm-managed suites and 'oldstable' in protected distributions; add ports-master profile; FTP: parse and use optional [:port] part for fqdn
elastix Rebuild with ITK that has been built with gcc 6
email2trac Fix detection of Trac 1.2
faad2 Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]
faker Add missing dependency on python-ipaddress
fastkml Add missing dependency on pkg-resources
file Avoid reading past the end of buffer [CVE-2018-10360]
freedink-dfarc Fix directory traversal in D-Mod extractor [CVE-2018-0496]
ganeti Properly verify SSL certificates during VM export
ghostscript Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194]
git-annex Security fixes [CVE-2018-10857 CVE-2018-10859]
glx-alternatives New upstream version
gridengine Use correct paths to qmon pixmaps; fix FTBFS on armhf
intel-microcode Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]
jdresolve Fix incompatibility with libnet-dns-perl in Debian 8 and later
libb64 Rebuild with PIE
libdate-holidays-de-perl Mark Reformation Day as a holiday in Niedersachsen and Bremen
libdatetime-timezone-perl Update included data
libextractor Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]
libipc-run-perl Fix memory leak
liblouis Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]
libosmium Output coordinate with value of -2^31 correctly; fix buffers larger than 2^32 bytes
linux New upstream stable release 4.9.110
linux-latest Update to -7 kernel ABI
llvm-toolchain-4.0 New package for rust backports; fix build on s390x
local-apt-repository Stop breaking apt when the package is removed but not purged
loook Fix handling of password protected files
miniupnpd Fix DoS [CVE-2017-1000494]
nss-pam-ldapd Increase size of hostname buffer
nvidia-graphics-drivers New upstream version
obfsproxy Don't install the broken AppArmor profile
openldap Fix an out-of-sync issue with delta-syncrepl replication in multi-master environments; really fix upgrades when the config contains backslash-escaped special characters
openstack-debian-images Set CloudStack after OpenStack in the datasource_list, to avoid a 120s delay in cloud-init when booting a machine in an OpenStack cloud
patch Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]
piglit Fix missing dependency on python-mako
postgresql-9.6 New upstream release
postgresql-common Prevent upgrading/removing server packages from stopping other major version clusters when running systemd
psad Add missing dependencies on net-tools and iproute2
pysurfer Add missing dependency on python-matplotlib
python-cluster Add missing dependency on pkg-resources
python-pyorick Fix import failure by adding missing dependency on python3-numpy
python-scruffy Add missing dependencies on pkg-resources
r-cran-mi Add missing dependency on r-cran-arm
redis Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service files
reportbug Notify the security team or LTS team about a possible regression if reporting a bug against a package containing a security fix
rustc New upstream release to support Firefox ESR
salt Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]
shared-mime-info Switch dpkg trigger to noawait, fixing upgrade issues from jessie
showq Fix prefix, so application actually works
source-highlight Fix dependency on libboost-regex-dev
starplot Fix startup crash
subversion Reject commits which would introduce hash collisions with existing data, thus addressing the SHA1/shattered issue
sus Update to new version, technically identical to SUSv4 + TC1 + TC2
systemd networkd-ndisc: Handle missing MTU gracefully; allow RemoveIPC= to be set in the unit file not only via D-Bus; nspawn: Add missing -E to getopt_long'; login: Respect --no-wall when cancelling a shutdown request
tclreadline Fix shared library build on ppc64el
thefuck Add missing dependency on pkg-resources
tinyproxy Do not stop listening after SIGHUP; fix configuration file path; add missing dependency on adduser
tlslite-ng Verify MAC even if the padding is 1 byte long
tzdata New upstream release
unison Rebuild with stretch's ocaml
variety Fix shell injection on deleting files to trash; fix shell injection in filter and clock with specially crafted filenames; harden ImageMagick calls against potential shell injection
xapian-core Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]
xerces-c Fix Denial of Service via external DTD reference [CVE-2017-12627]; fix a regression that forced gcc to use SSE2, even on platforms that do not support it
xrdp Fix off-by-one error which could lead to crashes

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID Package
DSA-4010 git-annex
DSA-4064 chromium-browser
DSA-4113 libvorbis
DSA-4133 isc-dhcp
DSA-4134 util-linux
DSA-4135 samba
DSA-4136 curl
DSA-4137 libvirt
DSA-4138 mbedtls
DSA-4139 firefox-esr
DSA-4140 libvorbis
DSA-4141 libvorbisidec
DSA-4142 uwsgi
DSA-4143 firefox-esr
DSA-4144 openjdk-8
DSA-4145 gitlab
DSA-4146 plexus-utils
DSA-4148 kamailio
DSA-4150 icu
DSA-4151 librelp
DSA-4152 mupdf
DSA-4153 firefox-esr
DSA-4155 thunderbird
DSA-4156 drupal7
DSA-4157 openssl
DSA-4158 openssl1.0
DSA-4159 remctl
DSA-4160 libevt
DSA-4161 python-django
DSA-4162 irssi
DSA-4163 beep
DSA-4164 apache2
DSA-4165 ldap-account-manager
DSA-4167 sharutils
DSA-4169 pcs
DSA-4170 pjproject
DSA-4171 ruby-loofah
DSA-4172 perl
DSA-4173 r-cran-readxl
DSA-4174 corosync
DSA-4175 freeplane
DSA-4177 libsdl2-image
DSA-4178 libreoffice
DSA-4180 drupal7
DSA-4181 roundcube
DSA-4183 tor
DSA-4184 sdl-image1.2
DSA-4185 openjdk-8
DSA-4188 linux
DSA-4189 quassel
DSA-4190 jackson-databind
DSA-4191 redmine
DSA-4192 libmad
DSA-4193 wordpress
DSA-4194 lucene-solr
DSA-4195 wget
DSA-4196 linux
DSA-4197 wavpack
DSA-4198 prosody
DSA-4199 firefox-esr
DSA-4200 kwallet-pam
DSA-4201 xen
DSA-4202 curl
DSA-4203 vlc
DSA-4203 phonon-backend-vlc
DSA-4203 goldencheetah
DSA-4206 gitlab
DSA-4206 ruby-omniauth-auth0
DSA-4207 packagekit
DSA-4208 procps
DSA-4209 thunderbird
DSA-4210 xen
DSA-4211 xdg-utils
DSA-4212 git
DSA-4213 qemu
DSA-4214 zookeeper
DSA-4215 batik
DSA-4216 prosody
DSA-4217 wireshark
DSA-4218 memcached
DSA-4219 jruby
DSA-4220 firefox-esr
DSA-4221 libvncserver
DSA-4222 gnupg2
DSA-4223 gnupg1
DSA-4226 perl
DSA-4227 plexus-archiver
DSA-4228 spip
DSA-4229 strongswan
DSA-4230 redis
DSA-4231 libgcrypt20
DSA-4232 xen
DSA-4233 bouncycastle
DSA-4234 lava-server
DSA-4235 firefox-esr
DSA-4236 xen
DSA-4238 exiv2
DSA-4239 gosa
DSA-4240 php7.0
DSA-4241 libsoup2.4

없앤 패키지

The following packages were removed due to circumstances beyond our control:

Package Reason
libnet-whois-perl Broken
mlbviewer No longer works due to content provider changes
python-uniconvertor Unusable; requires unpackaged dependency
singularity-container Not security supportable
undertow Unsupportable; several security issues; alternatives exist
visionegg Unusable; requires no longer available numpy.oldnumeric

Debian Installer

The installer has been updated to include the fixes incorporated into stable by the point release.

URLs

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/

Security announcements and information:

https://security.debian.org/

데비안에 대해

데비안 프로젝트는 완전히 자유로운 운영체제 데비안을 만들기 위해 그들의 시간과 노력을 자원한 자유 소프트웨어 개발자 모임입니다.

연락처 정보

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.