주의: 이 번역은 원문보다 오래되었습니다.
데비안 9 업데이트: 9.9 릴리스
2019년 4월 27일
데비안 프로젝트는 데비안 9 (코드명 stretch
)의 9번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 주로 보안 이슈에 대한 수정 및 보안 문제를 위한 조정을 추가합니다.
보안 권고는 이미 따로 알려졌고 가능한 곳에서 참조됩니다.
포인트 릴리스는 새로운 버전의 데비안 9를 구성하는 것이 아니라 포함된 일부 패키지만 업데이트한다는 점에 유의하세요.
옛 stretch
미디어를 던져버릴 필요는 없습니다.
설치 후 패키지를 최신 데비안 미러를 써서 현재 버전으로 업그레이드 할 수 있습니다.
security.debian.org으로부터의 업데이트를 자주 설치한 사람은 많은 패키지를 업데이트할 필요 없을 것이며, 대부분의 그런 업데이트는 포인트 릴리스에 포함되었습니다.
새 설치 이미지는 정규 위치에서 곧 가능할 겁니다.
기존 설치를 이 버전으로 업그레이드하려면 데비안의 많은 HTTP 미러 중 하나에서 패키지 관리 시스템을 가리켜서 할 수 있습니다. 미러의 완전한 목록은 아래에서 가능:
이 포인트 릴리스의 특별한 경우로 apt-get
도구를 사용하여 업그레이드를 수행하는 경우 dist-upgrade
명령을 사용하여 최신 커널 패키지로 업데이트해야합니다.
apt
및 aptitude
같은 다른 도구를 사용하는 사용자는 upgrade
명령을 사용해야 할겁니다.
여러가지 버그 수정
이 안정 업데이트는 몇 가지 중요한 수정 사항을 다음 패키지에 추가합니다:
패키지 | 이유 |
---|---|
audiofile | Fix denial of service [CVE-2018-13440] and buffer overflow issues [CVE-2018-17095] |
base-files | Update for the point release |
bwa | Fix buffer overflow [CVE-2019-10269] |
ca-certificates-java | Fix bashisms in postinst and jks-keystore |
cernlib | Apply optimization flag -O to Fortran modules instead of -O2 which generates broken code; fix build failure on arm64 by disabling PIE for Fortran executables |
choose-mirror | Update included mirror list |
chrony | Fix logging of measurements and statistics, and stopping of chronyd, on some platforms when seccomp filtering is enabled |
ckermit | Drop OpenSSL version check |
clamav | Fix out-of-bounds heap access when scanning PDF documents [CVE-2019-1787], PE files packed using Aspack [CVE-2019-1789] or OLE2 files [CVE-2019-1788] |
dansguardian | Add missingokto logrotate configuration |
debian-installer | Rebuild against proposed-updates |
debian-installer-netboot-images | Rebuild against proposed-updates |
debian-security-support | Update support statuses |
diffoscope | Fix tests to work with Ghostscript 9.26 |
dns-root-data | Update root data to 2019031302 |
dnsruby | Add new root key (KSK-2017); ruby 2.3.0 deprecates TimeoutError, use Timeout::Error |
dpdk | New upstream stable release |
edk2 | Fix buffer overflow in BlockIo service [CVE-2018-12180]; DNS: Check received packet size before using [CVE-2018-12178]; fix stack overflow with corrupted BMP [CVE-2018-12181] |
firmware-nonfree | atheros / iwlwifi: update BlueTooth firmware [CVE-2018-5383] |
flatpak | Reject all ioctls that the kernel will interpret as TIOCSTI [CVE-2019-10063] |
geant321 | Rebuild against cernlib with fixed Fortran optmisations |
gnome-chemistry-utils | Stop building the obsolete gcu-plugin package |
gocode | gocode-auto-complete-el: Promote auto-complete-el to Pre-Depends to ensure successful upgrades |
gpac | Fix buffer overflows [CVE-2018-7752 CVE-2018-20762], heap overflows [CVE-2018-13005 CVE-2018-13006 CVE-2018-20761], out-of-bounds writes [CVE-2018-20760 CVE-2018-20763] |
icedtea-web | Stop building the browser plugin, no longer works with Firefox 60 |
igraph | Fix a crash when loading malformed GraphML files [CVE-2018-20349] |
jabref | Fix XML External Entity attack [CVE-2018-1000652] |
java-common | Remove the default-java-plugin package, as the icedtea-web Xul plugin is being removed |
jquery | Prevent Object.prototype pollution [CVE-2019-11358] |
kauth | Fix insecure handling of arguments in helpers [CVE-2019-7443] |
libdate-holidays-de-perl | Add March 8th (from 2019 onwards) and May 8th (2020 only) as public holidays (Berlin only) |
libdatetime-timezone-perl | Update included data |
libreoffice | Introduce next Japanese gengou era 'Reiwa'; make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1), which had a broken ClassPathURLCheck |
linux | New upstream stable version |
linux-latest | Update for -9 kernel ABI |
mariadb-10.1 | New upstream stable version |
mclibs | Rebuild against cernlib with fixed Fortran optmisations |
ncmpc | Fix NULL pointer dereference [CVE-2018-9240] |
node-superagent | Fix ZIP bomb attacks [CVE-2017-16129]; fix syntax error |
nvidia-graphics-drivers | New upstream stable release [CVE-2018-6260] |
nvidia-settings | New upstream stable release |
obs-build | Do not allow writing to files in the host system [CVE-2017-14804] |
paw | Rebuild against cernlib with fixed Fortran optmisations |
perlbrew | Allow HTTPS CPAN URLs |
postfix | New upstream stable release |
postgresql-9.6 | New upstream stable release |
psk31lx | Make version sort correctly to avoid potential upgrade issues |
publicsuffix | Update included data |
pyca | Add missingokto logrotate configuration |
python-certbot | Revert to debhelper compat 9, to ensure systemd timers are correctly started |
python-cryptography | Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL |
python-django-casclient | Apply django 1.10 middleware fix; python(3)-django-casclient: fix missing dependencies on python(3)-django |
python-mode | Remove support for xemacs21 |
python-pip | Properly catch requests' HTTPError in index.py |
python-pykmip | Fix potential denial of service issue [CVE-2018-1000872] |
r-cran-igraph | Fix denial of service via crafted object [CVE-2018-20349] |
rails | Fix information disclosure issues [CVE-2018-16476 CVE-2019-5418], denial of service issue [CVE-2019-5419] |
rsync | Several security fixes for zlib [CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843] |
ruby-i18n | Prevent a remote denial-of-service vulnerability [CVE-2014-10077] |
ruby2.3 | Fix FTBFS |
runc | Fix root privilege escalation vulnerability [CVE-2019-5736] |
systemd | journald: fix assertion failure on journal_file_link_data; tmpfiles: fix eto support shell style globs; mount-util: accept that name_to_handle_at() might fail with EPERM; automount: ack automount requests even when already mounted [CVE-2018-1049]; fix potential root privilege escalation [CVE-2018-15686] |
twitter-bootstrap3 | Fix cross site scripting issue in tooltips or popovers [CVE-2019-8331] |
tzdata | New upstream release |
unzip | Fix buffer overflow in password protected ZIP archives [CVE-2018-1000035] |
vcftools | Fix information disclosure [CVE-2018-11099] and denial of service [CVE-2018-11129 CVE-2018-11130] via crafted files |
vips | Fix NULL function pointer dereference [CVE-2018-7998], uninitialised memory access [CVE-2019-6976] |
waagent | New upstream release, with many Azure fixes [CVE-2019-0804] |
yorick-av | Rescale frame timestamps; set VBV buffer size for MPEG1/2 files |
zziplib | Fix invalid memory access [CVE-2018-6381], bus error [CVE-2018-6540], out-of-bounds read [CVE-2018-7725], crash via crafted zip file [CVE-2018-7726], memory leak [CVE-2018-16548]; reject ZIP file if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file [CVE-2018-6484, CVE-2018-6541, CVE-2018-6869] |
보안 업데이트
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
삭제된 패키지
The following packages were removed due to circumstances beyond our control:
패키지 | 이유 |
---|---|
gcontactsync | Incompatible with newer firefox-esr versions |
google-tasks-sync | Incompatible with newer firefox-esr versions |
mozilla-gnome-kerying | Incompatible with newer firefox-esr versions |
tbdialout | Incompatible with newer thunderbird versions |
timeline | Incompatible with newer thunderbird versions |
데비안 설치관리자
The installer has been updated to include the fixes incorporated into stable by the point release.
URL
이 리비전에서 바뀐 패키지의 완전한 목록:
현재 안정 배포:
안정 배포에 대한 제안된 업데이트:
안정 배포 정보 (릴리스 노트, 정오표 등.):
보안 알림과 정보:
데비안은
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
연락 정보
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.