Uppdaterad Debian 9; 9.12 utgiven

8 februari 2020

Debianprojektet presenterar stolt sin tolfte uppdatering till dess oldstabila utgåva Debian 9 (med kodnamnet stretch). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 9 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av stretch. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

Dom som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på dom vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den gamla stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket Orsak
base-files Update for the point release
cargo New upstream version, to support Firefox ESR backports; fix bootstrap for armhf
clamav New upstream release; fix denial of service issue [CVE-2019-15961]; remove ScanOnAccess option, replacing with clamonacc
cups Fix validation of default language in ippSetValuetag [CVE-2019-2228]
debian-installer Rebuild against oldstable-proposed-updates; set gfxpayload=keep in submenus too, to fix unreadable fonts on hidpi displays in netboot images booted with EFI; update USE_UDEBS_FROM default from unstable to stretch, to help users performing local builds
debian-installer-netboot-images Rebuild against stretch-proposed-updates
debian-security-support Update security support status of several packages
dehydrated New upstream release; use ACMEv2 API by default
dispmua New upstream release compatible with Thunderbird 68
dpdk New upstream stable release; fix vhost regression introduced by the fix for CVE-2019-14818
fence-agents Fix incomplete removal of fence_amt_ws
fig2dev Allow Fig v2 text strings ending with multiple ^A [CVE-2019-19555]
flightcrew Security fixes [CVE-2019-13032 CVE-2019-13241]
freetype Correctly handle deltas in TrueType GX fonts, fixing rendering of variable hinted fonts in Chromium and Firefox
glib2.0 Ensure libdbus clients can authenticate with a GDBusServer like the one in ibus
gnustep-base Fix UDP amplification vulnerability
italc Security fixes [CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-6307 CVE-2018-7225 CVE-2019-15681]
libdate-holidays-de-perl Mark International Childrens Day (Sep 20th) as a holiday in Thuringia from 2019 onwards
libdatetime-timezone-perl Update included data
libidn Fix denial of service vulnerability in Punycode handling [CVE-2017-14062]
libjaxen-java Fix build failure by allowing test failures
libofx Fix NULL pointer dereference issue [CVE-2019-9656]
libole-storage-lite-perl Fix interpretation of years from 2020 onwards
libparse-win32registry-perl Fix interpretation of years from 2020 onwards
libperl4-corelibs-perl Fix interpretation of years from 2020 onwards
libpst Fix detection of get_current_dir_name and return truncation
libsixel Fix several security issues [CVE-2018-19756 CVE-2018-19757 CVE-2018-19759 CVE-2018-19761 CVE-2018-19762 CVE-2018-19763 CVE-2019-3573 CVE-2019-3574]
libsolv Fix heap buffer overflow [CVE-2019-20387]
libtest-mocktime-perl Fix interpretation of years from 2020 onwards
libtimedate-perl Fix interpretation of years from 2020 onwards
libvncserver RFBserver: don't leak stack memory to the remote [CVE-2019-15681]; resolve a freeze during connection closure and a segmentation fault on multi-threaded VNC servers; fix issue connecting to VMWare servers; fix crashing of x11vnc when vncviewer connects
libxslt Fix dangling pointer in xsltCopyText [CVE-2019-18197]
limnoria Fix remote information disclosure and possibly remote code execution in the Math plugin [CVE-2019-19010]
linux New upstream stable release
linux-latest Update for Linux kernel ABI 4.9.0-12
llvm-toolchain-7 Disable the gold linker from s390x; bootstrap with -fno-addrsig, stretch's binutils doesn't work with it on mips64el
mariadb-10.1 New upstream stable release [CVE-2019-2974 CVE-2020-2574]
monit Implement position independent CSRF cookie value
node-fstream Clobber a Link if it's in the way of a File [CVE-2019-13173]
node-mixin-deep Fix prototype polution [CVE-2018-3719 CVE-2019-10746]
nodejs-mozilla New package to support Firefox ESR backports
nvidia-graphics-drivers-legacy-340xx New upstream stable release
nyancat Rebuild in a clean environment to add the systemd unit for nyancat-server
openjpeg2 Fix heap overflow [CVE-2018-21010], integer overflow [CVE-2018-20847] and division by zero [CVE-2016-9112]
perl Fix interpretation of years from 2020 onwards
php-horde Fix stored cross-site scripting issue in Horde Cloud Block [CVE-2019-12095]
postfix New upstream stable release; work around poor TCP loopback performance
postgresql-9.6 New upstream release
proftpd-dfsg Fix NULL pointer dereference in CRL checks [CVE-2019-19269]
pykaraoke Fix path to fonts
python-acme Switch to POST-as-GET protocol
python-cryptography Fix test suite failures when built against newer OpenSSL versions
python-flask-rdf Fix missing dependencies in python3-flask-rdf
python-pgmagick Handle version detection of graphicsmagick security updates that identify themselves as version 1.4
python-werkzeug Ensure Docker containers have unique debugger PINs [CVE-2019-14806]
ros-ros-comm Fix buffer overflow issue [CVE-2019-13566]; fix integer overflow [CVE-2019-13445]
ruby-encryptor Ignore test failures, fixing build failures
rust-cbindgen New package to support Firefox ESR backports
rustc New upstream version, to support Firefox ESR backports
safe-rm Prevent installation in (and thereby breaking of) merged /usr environments
sorl-thumbnail Workaround a pgmagick exception
sssd sysdb: sanitize search filter input [CVE-2017-12173]
tigervnc Security updates [CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695]
tightvnc Security fixes [CVE-2014-6053 CVE-2018-20021 CVE-2018-20022 CVE-2018-20748 CVE-2018-7225 CVE-2019-8287 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681]
tmpreaper Add --protect '/tmp/systemd-private*/*' to cron job to prevent breaking systemd services that have PrivateTmp=true
tzdata New upstream release
ublock-origin New upstream version, compatible with Firefox ESR68
unhide Fix stack exhaustion
x2goclient Strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths in scp mode; fixes regression with newer libssh versions with fixes for CVE-2019-14889 applied
xml-security-c Fix DSA verification crashes OpenSSL on invalid combinations of key content

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den gamla stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID Paket
DSA-4474 firefox-esr
DSA-4479 firefox-esr
DSA-4509 apache2
DSA-4509 subversion
DSA-4511 nghttp2
DSA-4516 firefox-esr
DSA-4517 exim4
DSA-4518 ghostscript
DSA-4519 libreoffice
DSA-4522 faad2
DSA-4523 thunderbird
DSA-4525 ibus
DSA-4526 opendmarc
DSA-4528 bird
DSA-4529 php7.0
DSA-4530 expat
DSA-4531 linux
DSA-4532 spip
DSA-4535 e2fsprogs
DSA-4537 file-roller
DSA-4539 openssl
DSA-4540 openssl1.0
DSA-4541 libapreq2
DSA-4542 jackson-databind
DSA-4543 sudo
DSA-4545 mediawiki
DSA-4547 tcpdump
DSA-4548 openjdk-8
DSA-4549 firefox-esr
DSA-4550 file
DSA-4552 php7.0
DSA-4554 ruby-loofah
DSA-4555 pam-python
DSA-4557 libarchive
DSA-4559 proftpd-dfsg
DSA-4560 simplesamlphp
DSA-4564 linux
DSA-4565 intel-microcode
DSA-4567 dpdk
DSA-4568 postgresql-common
DSA-4569 ghostscript
DSA-4571 thunderbird
DSA-4573 symfony
DSA-4574 redmine
DSA-4576 php-imagick
DSA-4578 libvpx
DSA-4580 firefox-esr
DSA-4581 git
DSA-4582 davical
DSA-4584 spamassassin
DSA-4585 thunderbird
DSA-4587 ruby2.3
DSA-4588 python-ecdsa
DSA-4589 debian-edu-config
DSA-4590 cyrus-imapd
DSA-4591 cyrus-sasl2
DSA-4592 mediawiki
DSA-4593 freeimage
DSA-4594 openssl1.0
DSA-4595 debian-lan-config
DSA-4596 tomcat8
DSA-4596 tomcat-native
DSA-4597 netty
DSA-4598 python-django
DSA-4600 firefox-esr
DSA-4601 ldm
DSA-4602 xen
DSA-4603 thunderbird
DSA-4604 cacti
DSA-4607 openconnect
DSA-4609 python-apt
DSA-4611 opensmtpd
DSA-4612 prosody-modules
DSA-4614 sudo
DSA-4615 spamassassin

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket Orsak
firetray Incompatible with current Thunderbird versions
koji Security issues
python-lamson Broken by changes in python-daemon
radare2 Security issues; upstream do not offer stable support
ruby-simple-form Unused; security issues
trafficserver Unsupportable

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den gamla stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

Den aktuella gamla stabila utgåvan:

http://ftp.debian.org/debian/dists/oldstable/

Föreslagna uppdateringar till den gamla stabila utgåvan:

http://ftp.debian.org/debian/dists/oldstable-proposed-updates

Information om den gamla stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/oldstable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.