주의: 이 번역은 원문보다 오래되었습니다.
데비안 9 업데이트: 9.8 릴리스
2019년 2월 16일
데비안 프로젝트는 안정 배포 데비안 9 (코드명 stretch
)의 8번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 주로 보안 이슈에 대한 수정 그리고 심각한 문제에 대한 조정을 추가했습니다.
포인트 릴리스는 데비안 9의 새 버전을 구성하지 않으며 포함된 일부 패키지만 업데이트함을 주의하세요.
옛 stretch
미디어를 던져버릴 필요 없습니다. 설치 후에, 패키지를 최신 데비안 미러에서 현재 버전으로 업그레이드 할 수 있습니다.
security.debian.org에서 자주 업데이트를 설치하는 사용자는 많은 패키지를 업데이트 할 필요 없으며 이러한 업데이트는 대부분 point release에 포함되어 있습니다.
새 설치 이미지는 일반 위치에서 곧 가능할 겁니다.
기존 설치를 이 버전으로 업그레이드 하려면 데비안의 많은 HTTP 미러 중 하나에서 패키지 관리 시스템을 가리키면 됩니다. 미러 사이트의 전체 목록을 다음에서 제공합니다:
여러가지 버그 수정
이 안정 업데이트는 다음 패키지에 몇 가지 중요한 수정 사항을 추가합니다:
| 패키지 | 이유 |
|---|---|
| arc | Fix directory traversal bugs [CVE-2015-9275], arcdie crash when called with more than 1 variable argument and version 1 arc header reading |
| astroml-addons | Fix Python 3 dependencies |
| base-files | Update for the point release |
| c3p0 | Fix XML External Entity vulnerability [CVE-2018-20433] |
| ca-certificates-java | Fix temporary jvm-*.cfg generation on armhf |
| chkrootkit | Fix regular expression for filtering out dhcpd and dhclient as false positives from the packet sniffer test |
| compactheader | Update to work with newer Thunderbird versions |
| courier | Fix @piddir@ substitution |
| cups | Security fixes [CVE-2017-18248 CVE-2018-4700] |
| debian-edu-config | Fix configuration of personal web pages; re-enable offline installation of a combi server including diskless workstation support; enable Chromium homepage setting at installation time and via LDAP |
| debian-installer | Rebuild for the point release |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| debian-security-support | Update support status of various packages |
| dnspython | Fix error when parsing nsec3 bitmap from text |
| egg | Skip emacsen-install for unsupported xemacs21 |
| erlang | Do not install Erlang mode for XEmacs |
| espeakup | debian/espeakup.service: Fix compatibility with older versions of systemd |
| freerdp | Fix security issues [CVE-2018-8786 CVE-2018-8787 CVE-2018-8788]; add CredSSP v3 and RDP proto v6 support |
| ganeti-os-noop | Fix size detection for non-block devices |
| glibc | Fix several security isses [CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-16997 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237]; avoid segmentation faults on CPUs with AVX512-F; fix a use after free in pthread_create(); check for postgresql in NSS check; fix pthread_cond_wait() in the pshared case on non-x86. |
| gnulib | vasnprintf: Fix heap memory overrun bug [CVE-2018-17942] |
| gnupg2 | Avoid crash when importing without a TTY |
| graphite-api | Fix RequiresMountsFor spelling in systemd service |
| grokmirror | Add missing dependency on python-pkg-resources |
| gvrng | Fix permissions problem that prevented starting gvrng; generate correct Python dependencies |
| ibus | Fix multi-arch installation by removing the gir package's Python dependency |
| icinga2 | Fix timestamps being stored as local time in PostgreSQL |
| intel-microcode | Add accumulated fixes for Westmere EP (signature 0x206c2) [Intel SA-00161 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 Intel SA-00115 CVE-2018-3639 CVE-2018-3640 Intel SA-0088 CVE-2017-5753 CVE-2017-5754] |
| isort | Fix Python dependencies |
| jdupes | Fix potential crash on ARM |
| kmodpy | Remove incorrect Multi-Arch: same from python-kmodpy |
| libapache2-mod-perl2 | Don't allow <Perl> sections in user controlled configuration [CVE-2011-2767] |
| libb2 | Detect if the system can use AVX before actually using it |
| libdatetime-timezone-perl | Update included data |
| libemail-address-list-perl | Fix DoS vulnerability [CVE-2018-18898] |
| libemail-address-perl | Fix DoS vulnerabilities [CVE-2015-7686 CVE-2018-12558] |
| libgpod | python-gpod: Add missing dependency on python-gobject-2 |
| libssh | Fix broken server-side keyboard-interactive authentication |
| linux | New upstream release; new upstream version; fix build failures on arm64 and mips*; libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() |
| linux-igd | Make the init script require $network |
| lttng-modules | Fix build on linux-rt 4.9 kernels and kernels >= 4.9.0-3 |
| mistral | Fix std.ssh action may disclose presence of arbitrary files[CVE-2018-16849] |
| monkeysign | Fix security issue [CVE-2018-12020]; actually send multiple emails instead of a single one |
| mpqc | Also install sc-libtool |
| nvidia-graphics-drivers | New upstream release |
| nvidia-modprobe | New upstream release |
| nvidia-persistenced | New upstream release |
| nvidia-settings | New upstream release |
| nvidia-xconfig | New upstream release |
| openni2 | Fix armhf baseline violation and armel FTBFS caused by NEON usage |
| openvpn | Fix NCP behaviour on TLS reconnect, causing AEAD Decrypt error: cipher final failederrors |
| parsedatetime | Add support for Python 3 |
| pdns | Fix security issues [CVE-2018-1046 CVE-2018-10851]; fix MySQL queries with stored procedures; fix LDAP, Lua, OpenDBX backends not finding domains |
| pdns-recursor | Fix security issues [CVE-2018-10851 CVE-2018-14626 CVE-2018-14644] |
| photocollage | Add missing dependency on gir1.2-gtk-3.0 |
| postfix | New upstream stable release; avoid postconf failures when postfix-instance-generator runs during boot |
| postgresql-9.6 | New upstream release |
| postgrey | No change rebuild |
| pylint-django | Fix Python 3 dependencies |
| python-acme | Backport newer version for tls-sni-01 deprecation |
| python-arpy | Fix Python 3 dependencies |
| python-certbot | Backport newer version for tls-sni-01 deprecation |
| python-certbot-apache | Update for deprecation of tls-sni-01 |
| python-certbot-nginx | Update for deprecation of tls-sni-01 |
| python-hypothesis | Fix (inverted) dependencies of python3-hypothesis and python-hypothesis-doc |
| python-josepy | New package, required by Certbot |
| pyzo | Add missing dependency on python3-pkg-resources |
| r-cran-readxl | Fix crash bugs [CVE-2018-20450 CVE-2018-20452] |
| rtkit | Move dbus and polkit from Recommends to Depends |
| ruby-rack | Fix a possible cross-site scripting vulnerability [CVE-2018-16471] |
| samba | New upstream release; s3:ntlm_auth: fix memory leak in manage_gensec_request(); ignore nmbd start errors when there is no non-loopback interface or no local IPv4 non-loopback interface; fix CVE-2018-14629 regression on a non-CNAME record |
| sl-modem | Support Linux versions > 3 |
| sogo-connector | Update to work with newer Thunderbird versions |
| sox | Really apply fixes for CVE-2014-8145 |
| ssh-agent-filter | Fix two-byte out-of-bounds stack write |
| supercollider | Disable support for XEmacs and Emacs <=23 |
| sympa | Remove /etc/sympa/sympa.conf-smime.in from conffiles; use full path for head command in Sympa configuration file |
| twitter-bootstrap3 | Fix multiple security vulnerabilities [CVE-2018-14040 CVE-2018-14041 CVE-2018-14042] |
| tzdata | New upstream release |
| uglifyjs | Fix manpage contents |
| uriparser | Fix multiple security vulnerabilties [CVE-2018-19198 CVE-2018-19199 CVE-2018-19200] |
| vm | Drop support for xemacs21 |
| vulture | Add missing dependency on python3-pkg-resources |
| wayland | Fix possible integer overflow [CVE-2017-16612] |
| wicd | Always depend on net-tools, rather than alternatives |
| wvstreams | Work around stack corruption |
| xapian-core | Fix leaks of freelist blocks in corner cases, which then get reported as DatabaseCorruptErrorby Database::check() |
| xkeycaps | Prevent segfault in commands.c when more than 8 keysyms per key are present |
| yosys | Fix ModuleNotFoundError: No module named 'smtio' |
| z3 | Remove incorrect Multi-Arch: same from python-z3 |
보안 업데이트
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
삭제된 패키지
다음 패키지는 우리의 제어를 넘는 환경으로 인해 삭제되었습니다:
| 패키지 | 이유 |
|---|---|
| adblock-plus | Incompatible with newer firefox-esr versions |
| calendar-exchange-provider | incompatible with newer Thunderbird versions |
| cookie-monster | Incompatible with newer firefox-esr versions |
| corebird | Broken by Twitter API changes |
| debian-buttons | Incompatible with newer firefox-esr versions |
| debian-parl | Depends on broken / removed Firefox plugins |
| firefox-branding-iceweasel | Incompatible with newer firefox-esr versions |
| firefox-kwallet5 | Incompatible with newer firefox-esr versions |
| flashblock | Incompatible with newer firefox-esr versions |
| flickrbackup | Incompatible with current Flickr API |
| imap-acl-extension | Incompatible with newer firefox-esr versions |
| libwww-topica-perl | Useless due to Topica site closure |
| mozilla-dom-inspector | Incompatible with newer firefox-esr versions |
| mozilla-noscript | Incompatible with newer firefox-esr versions |
| mozilla-password-editor | Incompatible with newer firefox-esr versions |
| mozvoikko | Incompatible with newer firefox-esr versions |
| personaplus | Incompatible with newer firefox-esr versions |
| python-formalchemy | Unusable, fails to import in Python |
| refcontrol | Incompatible with newer firefox-esr versions |
| requestpolicy | Incompatible with newer firefox-esr versions |
| spice-xpi | Incompatible with newer firefox-esr versions |
| toggle-proxy | Incompatible with newer firefox-esr versions |
| y-u-no-validate | Incompatible with newer firefox-esr versions |
데비안 설치관리자
The installer has been updated to include the fixes incorporated into stable by the point release.
URL
The complete lists of packages that have changed with this revision:
현재 안정 배포:
Proposed updates to the stable distribution:
안정 배포 정보 (release notes, errata etc.):
보안 알림과 정보:
데비안은
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
연락처 정보
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.