데비안 9 업데이트: 9.8 나옴

2019년 2월 16일

데비안 프로젝트는 안정 배포 데비안 9 (코드명 stretch)의 8번째 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 이슈에 대한 수정 그리고 심각한 문제에 대한 조정을 더했습니다.

포인트 릴리스는 데비안 9의 새 버전을 구성하지 않으며 포함된 일부 패키지만 업데이트함을 주의하세요. 옛 stretch 미디어를 던져버릴 필요 없습니다. 설치 후에, 패키지를 최신 데비안 미러에서 현재 버전으로 업그레이드 할 수 있습니다.

security.debian.org에서 자주 업데이트를 설치하는 사용자는 많은 패키지를 업데이트 할 필요 없으며 이러한 업데이트는 대부분 point release에 포함되어 있습니다.

새 설치 이미지는 일반 위치에서 곧 가능할 겁니다.

기존 설치를 이 버전으로 업그레이드 하려면 데비안의 많은 HTTP 미러 중 하나에서 패키지 관리 시스템을 가리키면 됩니다. 미러 사이트의 전체 목록을 다음에서 제공합니다:

https://www.debian.org/mirror/list

여러가지 버그 고침

이 안정 업데이트는 다음 패키지에 몇 가지 중요한 수정 사항을 더합니다:

패키지 까닭
arc Fix directory traversal bugs [CVE-2015-9275], arcdie crash when called with more than 1 variable argument and version 1 arc header reading
astroml-addons Fix Python 3 dependencies
base-files Update for the point release
c3p0 Fix XML External Entity vulnerability [CVE-2018-20433]
ca-certificates-java Fix temporary jvm-*.cfg generation on armhf
chkrootkit Fix regular expression for filtering out dhcpd and dhclient as false positives from the packet sniffer test
compactheader Update to work with newer Thunderbird versions
courier Fix @piddir@ substitution
cups Security fixes [CVE-2017-18248 CVE-2018-4700]
debian-edu-config Fix configuration of personal web pages; re-enable offline installation of a combi server including diskless workstation support; enable Chromium homepage setting at installation time and via LDAP
debian-installer Rebuild for the point release
debian-installer-netboot-images Rebuild against proposed-updates
debian-security-support Update support status of various packages
dnspython Fix error when parsing nsec3 bitmap from text
egg Skip emacsen-install for unsupported xemacs21
erlang Do not install Erlang mode for XEmacs
espeakup debian/espeakup.service: Fix compatibility with older versions of systemd
freerdp Fix security issues [CVE-2018-8786 CVE-2018-8787 CVE-2018-8788]; add CredSSP v3 and RDP proto v6 support
ganeti-os-noop Fix size detection for non-block devices
glibc Fix several security isses [CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-16997 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237]; avoid segmentation faults on CPUs with AVX512-F; fix a use after free in pthread_create(); check for postgresql in NSS check; fix pthread_cond_wait() in the pshared case on non-x86.
gnulib vasnprintf: Fix heap memory overrun bug [CVE-2018-17942]
gnupg2 Avoid crash when importing without a TTY
graphite-api Fix RequiresMountsFor spelling in systemd service
grokmirror Add missing dependency on python-pkg-resources
gvrng Fix permissions problem that prevented starting gvrng; generate correct Python dependencies
ibus Fix multi-arch installation by removing the gir package's Python dependency
icinga2 Fix timestamps being stored as local time in PostgreSQL
intel-microcode Add accumulated fixes for Westmere EP (signature 0x206c2) [Intel SA-00161 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 Intel SA-00115 CVE-2018-3639 CVE-2018-3640 Intel SA-0088 CVE-2017-5753 CVE-2017-5754]
isort Fix Python dependencies
jdupes Fix potential crash on ARM
kmodpy Remove incorrect Multi-Arch: same from python-kmodpy
libapache2-mod-perl2 Don't allow <Perl> sections in user controlled configuration [CVE-2011-2767]
libb2 Detect if the system can use AVX before actually using it
libdatetime-timezone-perl Update included data
libemail-address-list-perl Fix DoS vulnerability [CVE-2018-18898]
libemail-address-perl Fix DoS vulnerabilities [CVE-2015-7686 CVE-2018-12558]
libgpod python-gpod: Add missing dependency on python-gobject-2
libssh Fix broken server-side keyboard-interactive authentication
linux New upstream release; new upstream version; fix build failures on arm64 and mips*; libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
linux-igd Make the init script require $network
lttng-modules Fix build on linux-rt 4.9 kernels and kernels >= 4.9.0-3
mistral Fix std.ssh action may disclose presence of arbitrary files [CVE-2018-16849]
monkeysign Fix security issue [CVE-2018-12020]; actually send multiple emails instead of a single one
mpqc Also install sc-libtool
nvidia-graphics-drivers New upstream release
nvidia-modprobe New upstream release
nvidia-persistenced New upstream release
nvidia-settings New upstream release
nvidia-xconfig New upstream release
openni2 Fix armhf baseline violation and armel FTBFS caused by NEON usage
openvpn Fix NCP behaviour on TLS reconnect, causing AEAD Decrypt error: cipher final failed errors
parsedatetime Add support for Python 3
pdns Fix security issues [CVE-2018-1046 CVE-2018-10851]; fix MySQL queries with stored procedures; fix LDAP, Lua, OpenDBX backends not finding domains
pdns-recursor Fix security issues [CVE-2018-10851 CVE-2018-14626 CVE-2018-14644]
photocollage Add missing dependency on gir1.2-gtk-3.0
postfix New upstream stable release; avoid postconf failures when postfix-instance-generator runs during boot
postgresql-9.6 New upstream release
postgrey No change rebuild
pylint-django Fix Python 3 dependencies
python-acme Backport newer version for tls-sni-01 deprecation
python-arpy Fix Python 3 dependencies
python-certbot Backport newer version for tls-sni-01 deprecation
python-certbot-apache Update for deprecation of tls-sni-01
python-certbot-nginx Update for deprecation of tls-sni-01
python-hypothesis Fix (inverted) dependencies of python3-hypothesis and python-hypothesis-doc
python-josepy New package, required by Certbot
pyzo Add missing dependency on python3-pkg-resources
r-cran-readxl Fix crash bugs [CVE-2018-20450 CVE-2018-20452]
rtkit Move dbus and polkit from Recommends to Depends
ruby-rack Fix a possible cross-site scripting vulnerability [CVE-2018-16471]
samba New upstream release; s3:ntlm_auth: fix memory leak in manage_gensec_request(); ignore nmbd start errors when there is no non-loopback interface or no local IPv4 non-loopback interface; fix CVE-2018-14629 regression on a non-CNAME record
sl-modem Support Linux versions > 3
sogo-connector Update to work with newer Thunderbird versions
sox Really apply fixes for CVE-2014-8145
ssh-agent-filter Fix two-byte out-of-bounds stack write
supercollider Disable support for XEmacs and Emacs <=23
sympa Remove /etc/sympa/sympa.conf-smime.in from conffiles; use full path for head command in Sympa configuration file
twitter-bootstrap3 Fix multiple security vulnerabilities [CVE-2018-14040 CVE-2018-14041 CVE-2018-14042]
tzdata New upstream release
uglifyjs Fix manpage contents
uriparser Fix multiple security vulnerabilties [CVE-2018-19198 CVE-2018-19199 CVE-2018-19200]
vm Drop support for xemacs21
vulture Add missing dependency on python3-pkg-resources
wayland Fix possible integer overflow [CVE-2017-16612]
wicd Always depend on net-tools, rather than alternatives
wvstreams Work around stack corruption
xapian-core Fix leaks of freelist blocks in corner cases, which then get reported as DatabaseCorruptError by Database::check()
xkeycaps Prevent segfault in commands.c when more than 8 keysyms per key are present
yosys Fix ModuleNotFoundError: No module named 'smtio'
z3 Remove incorrect Multi-Arch: same from python-z3

보안 업데이트

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID 패키지
DSA-4330 chromium-browser
DSA-4333 icecast2
DSA-4334 mupdf
DSA-4335 nginx
DSA-4336 ghostscript
DSA-4337 thunderbird
DSA-4338 qemu
DSA-4339 ceph
DSA-4340 chromium-browser
DSA-4342 chromium-browser
DSA-4343 liblivemedia
DSA-4344 roundcube
DSA-4345 samba
DSA-4346 ghostscript
DSA-4347 perl
DSA-4348 openssl
DSA-4349 tiff
DSA-4350 policykit-1
DSA-4351 libphp-phpmailer
DSA-4353 php7.0
DSA-4354 firefox-esr
DSA-4355 openssl1.0
DSA-4356 netatalk
DSA-4357 libapache-mod-jk
DSA-4358 ruby-sanitize
DSA-4359 wireshark
DSA-4360 libarchive
DSA-4361 libextractor
DSA-4362 thunderbird
DSA-4363 python-django
DSA-4364 ruby-loofah
DSA-4365 tmpreaper
DSA-4366 vlc
DSA-4367 systemd
DSA-4368 zeromq3
DSA-4369 xen
DSA-4370 drupal7
DSA-4372 ghostscript
DSA-4375 spice
DSA-4376 firefox-esr
DSA-4377 rssh
DSA-4378 php-pear
DSA-4381 libreoffice
DSA-4382 rssh
DSA-4383 libvncserver
DSA-4384 libgd2
DSA-4386 curl
DSA-4387 openssh

없앤 패키지

다음 패키지는 우리의 제어를 넘는 환경으로 인해 없앴습니다:

패키지 까닭
adblock-plus Incompatible with newer firefox-esr versions
calendar-exchange-provider incompatible with newer Thunderbird versions
cookie-monster Incompatible with newer firefox-esr versions
corebird Broken by Twitter API changes
debian-buttons Incompatible with newer firefox-esr versions
debian-parl Depends on broken / removed Firefox plugins
firefox-branding-iceweasel Incompatible with newer firefox-esr versions
firefox-kwallet5 Incompatible with newer firefox-esr versions
flashblock Incompatible with newer firefox-esr versions
flickrbackup Incompatible with current Flickr API
imap-acl-extension Incompatible with newer firefox-esr versions
libwww-topica-perl Useless due to Topica site closure
mozilla-dom-inspector Incompatible with newer firefox-esr versions
mozilla-noscript Incompatible with newer firefox-esr versions
mozilla-password-editor Incompatible with newer firefox-esr versions
mozvoikko Incompatible with newer firefox-esr versions
personaplus Incompatible with newer firefox-esr versions
python-formalchemy Unusable, fails to import in Python
refcontrol Incompatible with newer firefox-esr versions
requestpolicy Incompatible with newer firefox-esr versions
spice-xpi Incompatible with newer firefox-esr versions
toggle-proxy Incompatible with newer firefox-esr versions
y-u-no-validate Incompatible with newer firefox-esr versions

데비안 설치관리자

The installer has been updated to include the fixes incorporated into stable by the point release.

URL

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

현재 안정 배포:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

안정 배포 정보 (release notes, errata etc.):

https://www.debian.org/releases/stable/

보안 알림과 정보:

https://www.debian.org/security/

데비안은

The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.

연락처 정보

For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.