주의: 이 번역은 원문보다 오래되었습니다.
데비안 9 업데이트: 9.5 릴리스
2018년 7월 14일
데비안 프로젝트는 안정 배포 데비안 9 (코드명 stretch
)의 5번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 주로 보안 이슈에 수정 및 심각한 문제에 대한 조정을 추가합니다.
보안 권고는 이미 따로 알렸으며 가능한 곳에서 참조됩니다.
포인트 릴리스는 데비안
9의 새 버전을 구성하지 않으며 포함된 패키지 일부만 업데이트함을 주의하세요.
옛 stretch
미디어를 던져버릴 필요는 없습니다.
설치 후, 패키지는 최신 데비안 미러를 써서 업그레이드 될 수 있습니다.
security.debian.org로 부터 업데이트를 자주 설치하는 사람은 많은 패키지를 업데이트할 필요 없으며, 그런 업데이트 대부분이 포인트 릴리스에 들어있습니다.
새 설치 이미지는 정규 위치에서 곧 사용 가능할 겁니다.
기존 설치를 이 리비전으로 업그레이드 하는 것은 데비안의 많은 http 미러에서 패키지 관리 시스템을 가리킴으로써 가능합니다. 포괄적인 미러 목록은 아래에서 가능합니다:
기타 버그 수정
This stable update adds a few important corrections to the following packages:
Package | Reason |
---|---|
2ping | Add missing dependency on python-pkg-resources |
abiword | Resolve binary file conflict between abiword-dbgsym and abiword-plugin-grammar-dbgsym |
adminer | Don't allow connections to privileged ports [CVE-2018-7667] |
animals | Fix incorrect file permissions that made the game unusable |
apache2 | Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33, fixing segfaults, high memory usage and potential crash [CVE-2018-1302]; make the apache-htcacheclean init script actually use /etc/default/apache-htcacheclean for its config |
auto-complete-el | Add upstream fix for emacs25; adjust the emacs dependencies to the emacs versions in stretch; set auto-complete-el.emacsen-compat to silence installation warning |
awffull | Do not use removed options in /etc/cron.daily/awffull |
ax25-tools | Avoid segmentation fault at runtime |
base-files | Update for the point release |
blktrace | Fix buffer overflow in btt [CVE-2018-10689] |
ca-certificates | Update Mozilla CA bundle to version 2.22; bug fixes |
camo | Add missing dependency on openssl |
cffi | Add missing files for cffi-libffi and cffi-toolchain; add several missing dependencies |
check-postgres | Update testsuite to handle pg_get_indexdef() now always including the schema name |
clamav | New upstream version; don't fail on recently removed config options |
clustershell | Add missing dependency on python-pkg-resources |
debian-installer | Update for -7 kernel ABI |
debian-installer-netboot-images | Rebuild for the point release |
debian-security-support | Update included data |
dehydrated | Fix failure to create fullchain.pem |
devscripts | uscan: fix the new package version regex for filenamemangle; debsign: fix bash completion; bts: support the new ftbfstag; uscan: support HTTPS in the sf.net redirector; debcheckout: support salsa.debian.org; debdiff: sort shlibs files before comparing, reducing diff noise; uscan: actually support --copy |
disc-cover | Fix perl error when running disc-cover |
discover | Use correct type for the length parameter of the getline() call |
django-xmlrpc | Fix python3 dependencies |
dosbox | Fix crashes with core=dynamic |
dpdk | New upstream stable update |
dpkg | Fix integer overflow in deb(5) format version parser; fix directory traversal with dpkg-deb --raw-extract; add support for riscv64 CPU; do not normalize args past a passthrough stop word in Dpkg::Getopt; parse start-stop-daemon usernames and groupnames starting with digits correctly; always use the binary version for the .buildinfo filename |
dput-ng | Add jessie-backports-sloppy and stretch-backports targets; include 'testing' in the rm-managed suites and 'oldstable' in protected distributions; add ports-master profile; FTP: parse and use optional [:port] part for fqdn |
elastix | Rebuild with ITK that has been built with gcc 6 |
email2trac | Fix detection of Trac 1.2 |
faad2 | Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257] |
faker | Add missing dependency on python-ipaddress |
fastkml | Add missing dependency on pkg-resources |
file | Avoid reading past the end of buffer [CVE-2018-10360] |
freedink-dfarc | Fix directory traversal in D-Mod extractor [CVE-2018-0496] |
ganeti | Properly verify SSL certificates during VM export |
ghostscript | Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194] |
git-annex | Security fixes [CVE-2018-10857 CVE-2018-10859] |
glx-alternatives | New upstream version |
gridengine | Use correct paths to qmon pixmaps; fix FTBFS on armhf |
intel-microcode | Update included microcode, including fixes for Spectre v2 [CVE-2017-5715] |
jdresolve | Fix incompatibility with libnet-dns-perl in Debian 8 and later |
libb64 | Rebuild with PIE |
libdate-holidays-de-perl | Mark Reformation Day as a holiday in Niedersachsen and Bremen |
libdatetime-timezone-perl | Update included data |
libextractor | Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440] |
libipc-run-perl | Fix memory leak |
liblouis | Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085] |
libosmium | Output coordinate with value of -2^31 correctly; fix buffers larger than 2^32 bytes |
linux | New upstream stable release 4.9.110 |
linux-latest | Update to -7 kernel ABI |
llvm-toolchain-4.0 | New package for rust backports; fix build on s390x |
local-apt-repository | Stop breaking apt when the package is removed but not purged |
loook | Fix handling of password protected files |
miniupnpd | Fix DoS [CVE-2017-1000494] |
nss-pam-ldapd | Increase size of hostname buffer |
nvidia-graphics-drivers | New upstream version |
obfsproxy | Don't install the broken AppArmor profile |
openldap | Fix an out-of-sync issue with delta-syncrepl replication in multi-master environments; really fix upgrades when the config contains backslash-escaped special characters |
openstack-debian-images | Set CloudStack after OpenStack in the datasource_list, to avoid a 120s delay in cloud-init when booting a machine in an OpenStack cloud |
patch | Fix arbitrary command execution in ed-style patches [CVE-2018-1000156] |
piglit | Fix missing dependency on python-mako |
postgresql-9.6 | New upstream release |
postgresql-common | Prevent upgrading/removing server packages from stopping other major version clusters when running systemd |
psad | Add missing dependencies on net-tools and iproute2 |
pysurfer | Add missing dependency on python-matplotlib |
python-cluster | Add missing dependency on pkg-resources |
python-pyorick | Fix import failure by adding missing dependency on python3-numpy |
python-scruffy | Add missing dependencies on pkg-resources |
r-cran-mi | Add missing dependency on r-cran-arm |
redis | Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service files |
reportbug | Notify the security team or LTS team about a possible regression if reporting a bug against a package containing a security fix |
rustc | New upstream release to support Firefox ESR |
salt | Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions[CVE-2017-8109] |
shared-mime-info | Switch dpkg trigger to noawait, fixing upgrade issues from jessie |
showq | Fix prefix, so application actually works |
source-highlight | Fix dependency on libboost-regex-dev |
starplot | Fix startup crash |
subversion | Reject commits which would introduce hash collisions with existing data, thus addressing the SHA1/shattered issue |
sus | Update to new version, technically identical to SUSv4 + TC1 + TC2 |
systemd | networkd-ndisc: Handle missing MTU gracefully; allow RemoveIPC= to be set in the unit file not only via D-Bus; nspawn: Add missing -E to getopt_long'; login: Respect --no-wall when cancelling a shutdown request |
tclreadline | Fix shared library build on ppc64el |
thefuck | Add missing dependency on pkg-resources |
tinyproxy | Do not stop listening after SIGHUP; fix configuration file path; add missing dependency on adduser |
tlslite-ng | Verify MAC even if the padding is 1 byte long |
tzdata | New upstream release |
unison | Rebuild with stretch's ocaml |
variety | Fix shell injection on deleting files to trash; fix shell injection in filter and clock with specially crafted filenames; harden ImageMagick calls against potential shell injection |
xapian-core | Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499] |
xerces-c | Fix Denial of Service via external DTD reference [CVE-2017-12627]; fix a regression that forced gcc to use SSE2, even on platforms that do not support it |
xrdp | Fix off-by-one error which could lead to crashes |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
삭제된 패키지
The following packages were removed due to circumstances beyond our control:
Package | Reason |
---|---|
libnet-whois-perl | Broken |
mlbviewer | No longer works due to content provider changes |
python-uniconvertor | Unusable; requires unpackaged dependency |
singularity-container | Not security supportable |
undertow | Unsupportable; several security issues; alternatives exist |
visionegg | Unusable; requires no longer available numpy.oldnumeric |
Debian Installer
The installer has been updated to include the fixes incorporated into stable by the point release.
URLs
The complete lists of packages that have changed with this revision:
The current stable distribution:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
데비안에 대해
데비안 프로젝트는 완전히 자유로운 운영체제 데비안을 만들기 위해 그들의 시간과 노력을 자원한 자유 소프트웨어 개발자 모임입니다.
연락처 정보
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.