주의: 이 번역은 원문보다 오래되었습니다.
데비안 10 업데이트: 10.5 릴리스
2020년 8월 1일
데비안 프로젝트는 안정 배포 데비안10 (코드명 buster
)의 다섯번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 심각한 문제 조치 및 보안 이슈 수정을 주로 포함합니다.
보안 권고는 이미 개별적으로 알렸으며 가능한 곳에서 참조됩니다.
이 포인트 릴리스는 또한 데비안 보안 권고: DSA-4735-1 grub2 -- 보안 업데이트 관련된 CVE 이슈 관련 GRUB2 UEFI SecureBoot 'BootHole' 취약점도 해결합니다.
포인트 릴리스는 데비안 10 새 버전을 만드는 것이 아니며 포함된 일부 패키지만 업데이트함을 주의하세요.
옛 buster
미디어를 버릴 필요 없습니다.
설치 후, 패키지는 최신 데이안 미러에서 현재 버전으로 업그레이드 할 수 있습니다.
security.debian.org의 업데이트를 자주 설치하는 사람은 패키지를 많이 업데이트하지 않아도 되며, 해당 업데이트는 대부분 포인트 릴리스에 들어 있습니다.
새 설치 위치는 정규 위치에 곧 공개될 겁니다.
패키지 관리 시스템이 수많은 데비안 HTTP 미러 중 하나를 가리키게 해서 기존 설치를 이 개정판으로 업그레이드할 수 있습니다. 포괄적인 미러 서버 목록은 아래에 있습니다:
여러가지 버그 수정
이 안정 업데이트는 다음 패키지에 몇 중요한 수정을 추가했습니다:
| 패키지 | 이유 |
|---|---|
| appstream-glib | Fix build failures in 2020 and later |
| asunder | Use gnudb instead of freedb by default |
| b43-fwcutter | Ensure removal succeeds under non-English locales; do not fail removal if some files no longer exist; fix missing dependencies on pciutils and ca-certificates |
| balsa | Provide server identity when validating certificates, allowing successful validation when using the glib-networking patch for CVE-2020-13645 |
| base-files | Update for the point release |
| batik | Fix server-side request forgery via xlink:href attributes [CVE-2019-17566] |
| borgbackup | Fix index corruption bug leading to data loss |
| bundler | Update required version of ruby-molinillo |
| c-icap-modules | Add support for ClamAV 0.102 |
| cacti | Fix issue where UNIX timestamps after September 13th 2020 were rejected as graph start / end; fix remote code execution [CVE-2020-7237], cross-site scripting [CVE-2020-7106], CSRF issue [CVE-2020-13231]; disabling a user account does not immediately invalidate permissions [CVE-2020-13230] |
| calamares-settings-debian | Enable displaymanager module, fixing autologin options; use xdg-user-dir to specify Desktop directory |
| clamav | New upstream release; security fixes [CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3327 CVE-2020-3481] |
| cloud-init | New upstream release |
| commons-configuration2 | Prevent object creation when loading YAML files [CVE-2020-1953] |
| confget | Fix the Python module's handling of values containing = |
| dbus | New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid |
| debian-edu-config | Fix loss of dynamically allocated IPv4 address |
| debian-installer | Update Linux ABI to 4.19.0-10 |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| debian-ports-archive-keyring | Increase the expiration date of the 2020 key (84C573CD4E1AFD6C) by one year; add Debian Ports Archive Automatic Signing Key (2021); move the 2018 key (ID: 06AED62430CB581C) to the removed keyring |
| debian-security-support | Update support status of several packages |
| dpdk | New upstream release |
| exiv2 | Adjust overly restrictive security patch [CVE-2018-10958 and CVE-2018-10999]; fix denial of service issue [CVE-2018-16336] |
| fdroidserver | Fix Litecoin address validation |
| file-roller | Security fix [CVE-2020-11736] |
| freerdp2 | Fix smartcard logins; security fixes [CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526] |
| fwupd | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
| fwupd-amd64-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
| fwupd-arm64-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
| fwupd-armhf-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
| fwupd-i386-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
| fwupdate | Use rotated Debian signing keys |
| fwupdate-amd64-signed | Use rotated Debian signing keys |
| fwupdate-arm64-signed | Use rotated Debian signing keys |
| fwupdate-armhf-signed | Use rotated Debian signing keys |
| fwupdate-i386-signed | Use rotated Debian signing keys |
| gist | Avoid deprecated authorization API |
| glib-networking | Return bad identity error if identity is unset [CVE-2020-13645]; break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645 breaks balsa's certificate verification |
| gnutls28 | Fix TL1.2 resumption errors; fix memory leak; handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers; fix verification error with alternate chains |
| intel-microcode | Downgrade some microcodes to previously issued versions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3 |
| jackson-databind | Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267] |
| jameica | Add mckoisqldb to classpath, allowing use of SynTAX plugin |
| jigdo | Fix HTTPS support in jigdo-lite and jigdo-mirror |
| ksh | Fix environment variable restriction issue [CVE-2019-14868] |
| lemonldap-ng | Fix nginx configuration regression introduced by the fix for CVE-2019-19791 |
| libapache-mod-jk | Rename Apache configuration file so it can be automatically enabled and disabled |
| libclamunrar | New upstream stable release; add an unversioned meta-package |
| libembperl-perl | Handle error pages from Apache >= 2.4.40 |
| libexif | Security fixes [CVE-2020-12767 CVE-2020-0093 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix buffer overflow [CVE-2020-0182] and integer overflow [CVE-2020-0198] |
| libinput | Quirks: add trackpoint integration attribute |
| libntlm | Fix buffer overflow [CVE-2019-17455] |
| libpam-radius-auth | Fix buffer overflow in password field [CVE-2015-9542] |
| libunwind | Fix segfaults on mips; manually enable C++ exception support only on i386 and amd64 |
| libyang | Fix cache corruption crash, CVE-2019-19333, CVE-2019-19334 |
| linux | New upstream stable release |
| linux-latest | Update for 4.19.0-10 kernel ABI |
| linux-signed-amd64 | New upstream stable release |
| linux-signed-arm64 | New upstream stable release |
| linux-signed-i386 | New upstream stable release |
| lirc | Fix conffile management |
| mailutils | maidag: drop setuid privileges for all delivery operations but mda [CVE-2019-18862] |
| mariadb-10.3 | New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249]; fix regression in RocksDB ZSTD detection |
| mod-gnutls | Fix a possible segfault on failed TLS handshake; fix test failures |
| multipath-tools | kpartx: use correct path to partx in udev rule |
| mutt | Don't check IMAP PREAUTH encryption if $tunnel is in use |
| mydumper | Link against libm |
| nfs-utils | statd: take user-id from /var/lib/nfs/sm [CVE-2019-3689]; don't make /var/lib/nfs owned by statd |
| nginx | Fix error page request smuggling vulnerability [CVE-2019-20372] |
| nmap | Update default key size to 2048 bits |
| node-dot-prop | Fix regression introduced in CVE-2020-8116 fix |
| node-handlebars | Disallow calling helperMissingand blockHelperMissingdirectly [CVE-2019-19919] |
| node-minimist | Fix prototype pollution [CVE-2020-7598] |
| nvidia-graphics-drivers | New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967] |
| nvidia-graphics-drivers-legacy-390xx | New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967] |
| openstack-debian-images | Install resolvconf if installing cloud-init |
| pagekite | Avoid issues with expiry of shipped SSL certificates by using those from the ca-certificates package |
| pdfchain | Fix crash at startup |
| perl | Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723] |
| php-horde | Fix cross-site scripting vulnerability [CVE-2020-8035] |
| php-horde-gollem | Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034] |
| pillow | Fix multiple out-of-bounds read issues [CVE-2020-11538 CVE-2020-10378 CVE-2020-10177] |
| policyd-rate-limit | Fix issues in accounting due to socket reuse |
| postfix | New upstream stable release; fix segfault in the tlsproxy client role when the server role was disabled; fix maillog_file_rotate_suffix default value used the minute instead of the month; fix several TLS related issues; README.Debian fixes |
| python-markdown2 | Fix cross-site scripting issue [CVE-2020-11888] |
| python3.7 | Avoid infinite loop when reading specially crafted TAR files using the tarfile module [CVE-2019-20907]; resolve hash collisions for IPv4Interface and IPv6Interface [CVE-2020-14422]; fix denial of service issue in urllib.request.AbstractBasicAuthHandler [CVE-2020-8492] |
| qdirstat | Fix saving of user-configured MIME categories |
| raspi3-firmware | Fix typo that could lead to unbootable systems |
| resource-agents | IPsrcaddr: make protooptional to fix regression when used without NetworkManager |
| ruby-json | Fix unsafe object creation vulnerability [CVE-2020-10663] |
| shim | Use rotated Debian signing keys |
| shim-helpers-amd64-signed | Use rotated Debian signing keys |
| shim-helpers-arm64-signed | Use rotated Debian signing keys |
| shim-helpers-i386-signed | Use rotated Debian signing keys |
| speedtest-cli | Pass correct headers to fix upload speed test |
| ssvnc | Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024] |
| storebackup | Fix possible privilege escalation vulnerability [CVE-2020-7040] |
| suricata | Fix dropping privileges in nflog runmode |
| tigervnc | Don't use libunwind on armel, armhf or arm64 |
| transmission | Fix possible denial of service issue [CVE-2018-10756] |
| wav2cdr | Use C99 fixed-size integer types to fix runtime assertion on 64bit architectures other than amd64 and alpha |
| zipios++ | Security fix [CVE-2019-13453] |
보안 업데이트
이 리비전은 다음 보안 업데이트를 안정 릴리스에 추가합니다. 보안 팀음 이미 각 업데이트에 대해 권고를 공개했습니다.:
삭제된 패키지
다음 패키지는 우리 제어를 넘어 삭제되었습니다:
| 패키지 | 이유 |
|---|---|
| golang-github-unknwon-cae | Security issues; unmaintained |
| janus | Not supportable in stable |
| mathematica-fonts | Relies on unavailable download location |
| matrix-synapse | Security issues; unsupportable |
| selenium-firefoxdriver | Incompatible with newer Firefox ESR versions |
데비안 설치관리자
설치 관리자는 포인트 릴리스에서 안정 릴리스와 합쳐진 수정 사항을 포함하도록 업데이트 되었습니다.
URL
이 리비전에서 바뀐 패키지 목록:
현재 안정 배포판:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
데비안은
데비안 프로젝트는 완전한 자유 운영체제인 데비안을 제작하기 위해 자신의 시간과 노력을 자원하는 자유 소프트웨어 개발자의 모임입니다.
연락 정보
보다 많은 정보를 원하면 https://www.debian.org/에 있는 데비안 웹 페이지를 방문하거나, <press@debian.org>로 이메일을 보내세요. 또 <debian-release@lists.debian.org>로 보내서 안정 릴리스 팀으로 연락하세요.