데비안 9 업데이트: 9.6 나옴

2018년 11월 10일

데비안 프로젝트는 데비안 9 (코드명 stretch)의 6번째 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 심각한 문제에 대한 조정을 따른 보안 이슈의 수정을 더합니다. 보안 권고는 이미 별도로 게시되었으며 사용 가능한 경우 참조됩니다.

포인트 릴리스는 새로운 버전의 데비안 9를 구성하는 것이 아니며 포함된 일부 패키지만 업데이트 한다는 점에 유의하십시오. 옛 stretch 미디어를 던져버릴 필요는 없습니다. 설치 후, 패키지를 최신 데비안 미러를 통해 현재 버전으로 업그레이드 할 수 있습니다.

security.debian.org에서 자주 업데이트를 설치하는 사람들은 많은 패키지를 업데이트하고, 대부분의 그러한 업데이트는 포인트 릴리스에 포함되어 있습니다.

새 설치 이미지는 곧 정규 위치에서 가능할 겁니다.

데비안의 많은 HTTP 미러 중 하나에서 패키지 관리 시스템을 가리킴으로써 기존 설치를 이 개정판으로 업그레이드 할 수 있습니다. 미러의 포괄적 목록은 아래에서 가능합니다:

https://www.debian.org/mirror/list

여러가지 버그 고침

이 안정 업데이트는 몇 중요한 수정을 아래 패키지에 더합니다:

패키지 까닭
accerciser Fix accessing items without a compositor; fix Python console; add missing dependency on python3-xlib
apache2 mod_http2: Fix DoS by worker exhaustion [CVE-2018-1333] and by continuous SETTINGS [CVE-2018-11763]; mod_proxy_fcgi: Fix segfault
base-files Update /etc/debian_version for the point release
brltty Fix polkit authentication
canna Fix file conflict between canna-dbgsym and canna-utils-dbgsym
cargo New package to support Firefox ESR60 build
clamav New upstream release; fix HWP integer overflow, infinite loop vulnerability [CVE-2018-0360]; fix PDF object length check issue, unreasonably long time to parse relatively small file [CVE-2018-0361]; new upstream version; fix Denial-of-Service issue [CVE-2018-15378]; fix infinite loop in dpkg-reconfigure
confuse Fix an out of bound read in trim_whitespace [CVE-2018-14447]
debian-installer Update for -8 kernel ABI
debian-installer-netboot-images Rebuild for the point release
dnsmasq trust-anchors.conf: include latest DNS trust anchor KSK-2017
dom4j Fix XML injection attack [CVE-2018-1000632]; compile with source/target 1.5 to fix a compilation issue with String.format
dpdk New upstream stable release
dropbear Fix user enumeration vulnerability [CVE-2018-15599]
easytag Fix OGG corruption
enigmail Add compatibility with newer Thunderbird versions
espeakup espeakup.service: Automatically load speakup_soft on daemon startup
fastforward Fix segfaults on 64-bit architectures
firetray Add compatibility with newer Thunderbird versions
firmware-nonfree Fix security issues in Broadcom wifi firmware [CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081]; re-add transitional packages for firmware-{adi,ralink}
fofix-dfsg Fix error at startup
fuse Whitelist autofs and FAT as valid mountpoint filesystems
ganeti Properly verify SSL certificates during VM export; sign generated certificates using SHA256 instead of SHA1; make bash completions autoloadable
globus-gsi-credential Fix issue with voms proxy and openssl 1.1
gnupg2 Security fixes; backport functionality required for new enigmail
gnutls28 Fix security issues [CVE-2018-10844 CVE-2018-10845]
gphoto2-cffi Make python3-gphoto2cffi work again
grub2 grub-mknetdir: Add support for ARM64 EFI; change the default TSC calibration method to pmtimer on EFI systems
hdparm Only enable APM on disks that advertise it
https-everywhere Backport new upstream version, for compatibility with Firefox ESR 60
i3-wm Fix crash upon restart when using marks
iipimage Fix Apache configuration
jhead Fix security issues [CVE-2018-17088 CVE-2018-16554]
lastpass-cli Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect changes in hosted Lastpass.com service
ldap2zone Fix endless loop checking zone serial
libcgroup Fix world-accessible (and writeable) log files [CVE-2018-14348]
libclamunrar New upstream release
libdap Fix libdap-doc contents
libdatetime-timezone-perl Update included data
libgd2 Bmp: check return value in gdImageBmpPtr [CVE-2018-1000222]; fix potential infinite loop in gdImageCreateFromGifCtx [CVE-2018-5711]
libmail-deliverystatus-bounceparser-perl Remove non-distributable sample spam and viruses
libmspack Fix out-of-bounds write [CVE-2018-18584] and acceptance of blank filenames [CVE-2018-18585]
libopenmpt Fix up11: Out-of-bounds read loading IT / MO3 files with many pattern loops [CVE-2018-10017]
libseccomp Add support for Linux 4.9 syscalls: preadv2, pwritev2, pkey_mprotect, pkey_alloc and pkey_free; add support for statx
libtirpc rendezvous_request: check the makefd_xprt return value [CVE-2018-14622]
libx11 Fix several security isses [CVE-2018-14598 CVE-2018-14599 CVE-2018-14600]
libxcursor Fix a denial of service or potentially code execution via a one-byte heap overflow [CVE-2015-9262]
libxml-stream-perl Provide a default CA path
libxml-structured-perl Add missing build and runtime dependency on libxml-parser-perl
linux Xen: Fix boot regression in PV domains; xen-netfront: Fix regressions; ext4: fix false negatives *and* false positives in ext4_check_descriptors(); udeb: Add virtio_console to virtio-modules; cdc_ncm: avoid padding beyond end of skb; revert sit: reload iphdr in ipip6_rcv; new upstream release
lxcfs Revert uptime virtualization, fixing process start times
magicmaze Depend on fonts-isabella now that ttf-isabella is a virtual package
mailman Fix arbitrary text injection vulnerability in Mailman CGIs [CVE-2018-13796]
multipath-tools Avoid deadlock in udev triggers
nagstamon Address IcingaWeb2 Basic auth issue
network-manager libnm: Fix accessing enabled and metered properties; fix out-of-bounds heap write in dhcpv6 option handling [CVE-2018-15688] and various other issues in the sd-network based dhcp=internal plugin
network-manager-applet libnma/pygobject: libnma/NMA must use libnm/NM instead of legacy libraries
ola Fix typo in /etc/init.d/rdm_test_server; fix filename for jquery in rdm test server static HTML files
opensc Fix unbounded recursion and several out-of-bounds reads or writes [CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16424 CVE-2018-16425 CVE-2018-16426 CVE-2018-16427]
pkgsel Install new dependencies when safe-upgrade (default) is selected
publicsuffix Update included data
python-django Default to supporting Spatialite >= 4.2
python-imaplib2 Install the correct module for Python 3; don't use TIMEOUT_MAX
rustc Enable building on further architectures: arm64, armel, armhf, i386, ppc64el, s390x
sddm Honour PAM's ambient supplemental groups; add missing utmp/wtmp/btmp handling
serf Fix NULL pointer dereference
soundconverter Fix opus vbr setting
spamassassin New upstream release; fix denial of service [CVE-2017-15705], remote code execution [CVE-2018-11780], code injection [CVE-2018-11781] and unsafe usage of . in @INC [CVE-2016-1238]; fix spamd service management on package upgrades
spice-gtk Fix flexible array buffer overflow [CVE-2018-10873]
sqlcipher Avoid a crash when opening a file
subversion Fix a regression introduced in the fixes for SHA1 collisions, where commits would incorrectly fail with a Filesystem is corrupt error if the delta length is a multiple of 16K
systemd networkd: Do not fail manager_connect_bus() if dbus is not active yet; dhcp6: Make sure we have enough space for the DHCP6 option header [CVE-2018-15688]
systraq Invert logic in order to exit successfully in case /e/s/Makefile is missing
tomcat-native Fix OSCP responder issue that made it possible for users to authenticate with revoked certificates when using mutual TLS [CVE-2018-8019 CVE-2018-8020]
tor Directory authority changes: retire Bifroest bridge authority, in favour of Serge; add an IPv6 address for the dannenberg directory authority
tzdata New upstream release
ublock-origin Backport new upstream version, for compatibility with Firefox ESR 60
unbound Fix vulnerability in the processing of wildcard synthesized NSEC records [CVE-2017-15105]
vagrant Support VirtualBox 5.2
vmtk python-vmtk: Add the missing dependency on python-vtk6
wesnoth-1.12 Disallow loading lua bytecode via load/dofile [CVE-2018-1999023]
wpa Ignore unauthenticated encrypted EAPOL-Key data [CVE-2018-14526]
x11vnc Fix two buffer overflows
xapian-core Fix glass backend bug with long-lived cursors on a table in a WritableDatabase which could incorrectly lead to DatabaseCorruptError being thrown when the database was actually OK
xmotd Avoid crash with hardening flags
xorg-server GLX: do not pick sRGB config for 32-bit RGBA visual - fixes various blending issues with kwin and Mesa >= 18.0 (i.e. Mesa from stretch-backports)
zutils Fix a buffer overrun in zcat [CVE-2018-1000637]

보안 업데이트

이 개정판은 다음 보안 업데이트를 안정적인 릴리스에 더합니다. 보안 팀은 이미 이들 업데이트 각각에 대한 권고를 제공했습니다:

권고 ID 패키지
DSA-4074 imagemagick
DSA-4103 chromium-browser
DSA-4182 chromium-browser
DSA-4237 chromium-browser
DSA-4242 ruby-sprockets
DSA-4243 cups
DSA-4244 thunderbird
DSA-4245 imagemagick
DSA-4246 mailman
DSA-4247 ruby-rack-protection
DSA-4248 blender
DSA-4249 ffmpeg
DSA-4250 wordpress
DSA-4251 vlc
DSA-4252 znc
DSA-4253 network-manager-vpnc
DSA-4254 slurm-llnl
DSA-4256 chromium-browser
DSA-4257 fuse
DSA-4258 ffmpeg
DSA-4260 libmspack
DSA-4261 vim-syntastic
DSA-4262 symfony
DSA-4263 cgit
DSA-4264 python-django
DSA-4265 xml-security-c
DSA-4266 linux
DSA-4267 kamailio
DSA-4268 openjdk-8
DSA-4269 postgresql-9.6
DSA-4270 gdm3
DSA-4271 samba
DSA-4272 linux
DSA-4273 intel-microcode
DSA-4274 xen
DSA-4275 keystone
DSA-4276 php-horde-image
DSA-4277 mutt
DSA-4278 jetty9
DSA-4279 linux
DSA-4279 linux-latest
DSA-4280 openssh
DSA-4281 tomcat8
DSA-4282 trafficserver
DSA-4283 ruby-json-jwt
DSA-4284 lcms2
DSA-4285 sympa
DSA-4286 curl
DSA-4287 firefox-esr
DSA-4288 ghostscript
DSA-4289 chromium-browser
DSA-4290 libextractor
DSA-4291 mgetty
DSA-4292 kamailio
DSA-4293 discount
DSA-4294 ghostscript
DSA-4295 thunderbird
DSA-4296 mbedtls
DSA-4297 chromium-browser
DSA-4298 hylafax
DSA-4299 texlive-bin
DSA-4300 libarchive-zip-perl
DSA-4301 mediawiki
DSA-4302 openafs
DSA-4303 okular
DSA-4304 firefox-esr
DSA-4305 strongswan
DSA-4306 python2.7
DSA-4307 python3.5
DSA-4308 linux
DSA-4309 strongswan
DSA-4310 firefox-esr
DSA-4311 git
DSA-4312 tinc
DSA-4313 linux
DSA-4314 net-snmp
DSA-4315 wireshark
DSA-4316 imagemagick
DSA-4317 otrs2
DSA-4318 moin
DSA-4319 spice
DSA-4320 asterisk
DSA-4321 graphicsmagick
DSA-4322 libssh
DSA-4323 drupal7
DSA-4324 firefox-esr
DSA-4325 mosquitto
DSA-4326 openjdk-8
DSA-4327 thunderbird
DSA-4328 xorg-server
DSA-4329 teeworlds
DSA-4331 curl

없어진 패키지

아래 패키지는 우리의 제어를 넘어서는 환경때문에 없어졌습니다:

패키지 까닭
adblock-plus-element-hiding-helper Incompatible with newer firefox-esr versions
all-in-one-sidebar Incompatible with newer firefox-esr versions
autofill-forms Incompatible with newer firefox-esr versions
automatic-save-folder Incompatible with newer firefox-esr versions
classic-theme-restorer Incompatible with newer firefox-esr versions
colorfultabs Incompatible with newer firefox-esr versions
custom-tab-width Incompatible with newer firefox-esr versions
dactyl Incompatible with newer firefox-esr versions
downthemall Incompatible with newer firefox-esr versions
dvips-fontdata-n2bk Empty package
firebug Incompatible with newer firefox-esr versions
firegestures Incompatible with newer firefox-esr versions
firexpath Incompatible with newer firefox-esr versions
flashgot Incompatible with newer firefox-esr versions
form-history-control Incompatible with newer firefox-esr versions
foxyproxy Incompatible with newer firefox-esr versions
gitlab Open security issues, hard to backport fixes
greasemonkey Incompatible with newer firefox-esr versions
intel-processor-trace [s390x] Only useful on Intel architectures
itsalltext Incompatible with newer firefox-esr versions
knot-resolver Security issues
lightbeam Incompatible with newer firefox-esr versions
livehttpheaders Incompatible with newer firefox-esr versions
lyz Incompatible with newer firefox-esr versions
npapi-vlc Incompatible with newer firefox-esr versions
nukeimage Incompatible with newer firefox-esr versions
openinbrowser Incompatible with newer firefox-esr versions
perspectives-extension Incompatible with newer firefox-esr versions
pwdhash Incompatible with newer firefox-esr versions
python-facebook Broken due to upstream changes
python-tvrage Useless after tvrage.com shutdown
reloadevery Incompatible with newer firefox-esr versions
sage-extension Incompatible with newer firefox-esr versions
scrapbook Incompatible with newer firefox-esr versions
self-destructing-cookies Incompatible with newer firefox-esr versions
spdy-indicator Incompatible with newer firefox-esr versions
status-4-evar Incompatible with newer firefox-esr versions
stylish Incompatible with newer firefox-esr versions
tabmixplus Incompatible with newer firefox-esr versions
tree-style-tab Incompatible with newer firefox-esr versions
ubiquity-extension Incompatible with newer firefox-esr versions
uppity Incompatible with newer firefox-esr versions
useragentswitcher Incompatible with newer firefox-esr versions
video-without-flash Incompatible with newer firefox-esr versions
webdeveloper Incompatible with newer firefox-esr versions
xul-ext-monkeysphere Incompatible with newer firefox-esr versions

Debian Installer

The installer has been updated to include the fixes incorporated into stable by the point release.

URL

이 리비전에서 바뀐 패키지 목록:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

현재 안정 배포:

http://ftp.debian.org/debian/dists/stable/

안정 버전에 제안된 업데이트:

http://ftp.debian.org/debian/dists/proposed-updates

안정 배포 정보 (릴리스 노트, 정오표 등.):

https://www.debian.org/releases/stable/

보안 알림과 정보:

https://security.debian.org/

데비안은

데비안 프로젝트는 완전히 자유로운 운영 체제인 데비안을 만들기 위해 시간과 노력을 자원한 자유 소프트웨어 개발자 협회입니다.

연락처 정보

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.