주의: 이 번역은 원문보다 오래되었습니다.

데비안 10 업데이트: 10.5 나옴

2020년 8월 1일

데비안 프로젝트는 안정 배포 데비안10 (코드명 buster)의 다섯번째 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 심각한 문제 조치 및 보안 이슈 수정을 주로 포함합니다. 보안 권고는 이미 개별적으로 알렸으며 가능한 곳에서 참조됩니다.

이 포인트 릴리스는 또한 데비안 보안 권고: DSA-4735-1 grub2 -- 보안 업데이트 관련된 CVE 이슈 관련 GRUB2 UEFI SecureBoot 'BootHole' 취약점도 해결합니다.

포인트 릴리스는 데비안 10 새 버전을 만드는 것이 아니며 포함된 일부 패키지만 업데이트함을 주의하세요. 옛 buster 미디어를 버릴 필요 없습니다. 설치 후, 패키지는 최신 데이안 미러에서 현재 버전으로 업그레이드 할 수 있습니다.

security.debian.org의 업데이트를 자주 설치하는 사람은 패키지를 많이 업데이트하지 않아도 되며, 해당 업데이트는 대부분 포인트 릴리스에 들어 있습니다.

새 설치 위치는 정규 위치에 곧 공개될 겁니다.

패키지 관리 시스템이 수많은 데비안 HTTP 미러 중 하나를 가리키게 해서 기존 설치를 이 개정판으로 업그레이드할 수 있습니다. 포괄적인 미러 서버 목록은 아래에 있습니다:

https://www.debian.org/mirror/list

여러가지 버그 고침

이 안정 업데이트는 다음 패키지에 몇 중요한 수정을 더했습니다:

패키지 까닭
appstream-glib Fix build failures in 2020 and later
asunder Use gnudb instead of freedb by default
b43-fwcutter Ensure removal succeeds under non-English locales; do not fail removal if some files no longer exist; fix missing dependencies on pciutils and ca-certificates
balsa Provide server identity when validating certificates, allowing successful validation when using the glib-networking patch for CVE-2020-13645
base-files Update for the point release
batik Fix server-side request forgery via xlink:href attributes [CVE-2019-17566]
borgbackup Fix index corruption bug leading to data loss
bundler Update required version of ruby-molinillo
c-icap-modules Add support for ClamAV 0.102
cacti Fix issue where UNIX timestamps after September 13th 2020 were rejected as graph start / end; fix remote code execution [CVE-2020-7237], cross-site scripting [CVE-2020-7106], CSRF issue [CVE-2020-13231]; disabling a user account does not immediately invalidate permissions [CVE-2020-13230]
calamares-settings-debian Enable displaymanager module, fixing autologin options; use xdg-user-dir to specify Desktop directory
clamav New upstream release; security fixes [CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3327 CVE-2020-3481]
cloud-init New upstream release
commons-configuration2 Prevent object creation when loading YAML files [CVE-2020-1953]
confget Fix the Python module's handling of values containing =
dbus New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid
debian-edu-config Fix loss of dynamically allocated IPv4 address
debian-installer Update Linux ABI to 4.19.0-10
debian-installer-netboot-images Rebuild against proposed-updates
debian-ports-archive-keyring Increase the expiration date of the 2020 key (84C573CD4E1AFD6C) by one year; add Debian Ports Archive Automatic Signing Key (2021); move the 2018 key (ID: 06AED62430CB581C) to the removed keyring
debian-security-support Update support status of several packages
dpdk New upstream release
exiv2 Adjust overly restrictive security patch [CVE-2018-10958 and CVE-2018-10999]; fix denial of service issue [CVE-2018-16336]
fdroidserver Fix Litecoin address validation
file-roller Security fix [CVE-2020-11736]
freerdp2 Fix smartcard logins; security fixes [CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526]
fwupd New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
fwupd-amd64-signed New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
fwupd-arm64-signed New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
fwupd-armhf-signed New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
fwupd-i386-signed New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys
fwupdate Use rotated Debian signing keys
fwupdate-amd64-signed Use rotated Debian signing keys
fwupdate-arm64-signed Use rotated Debian signing keys
fwupdate-armhf-signed Use rotated Debian signing keys
fwupdate-i386-signed Use rotated Debian signing keys
gist Avoid deprecated authorization API
glib-networking Return bad identity error if identity is unset [CVE-2020-13645]; break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645 breaks balsa's certificate verification
gnutls28 Fix TL1.2 resumption errors; fix memory leak; handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers; fix verification error with alternate chains
intel-microcode Downgrade some microcodes to previously issued versions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3
jackson-databind Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267]
jameica Add mckoisqldb to classpath, allowing use of SynTAX plugin
jigdo Fix HTTPS support in jigdo-lite and jigdo-mirror
ksh Fix environment variable restriction issue [CVE-2019-14868]
lemonldap-ng Fix nginx configuration regression introduced by the fix for CVE-2019-19791
libapache-mod-jk Rename Apache configuration file so it can be automatically enabled and disabled
libclamunrar New upstream stable release; add an unversioned meta-package
libembperl-perl Handle error pages from Apache >= 2.4.40
libexif Security fixes [CVE-2020-12767 CVE-2020-0093 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix buffer overflow [CVE-2020-0182] and integer overflow [CVE-2020-0198]
libinput Quirks: add trackpoint integration attribute
libntlm Fix buffer overflow [CVE-2019-17455]
libpam-radius-auth Fix buffer overflow in password field [CVE-2015-9542]
libunwind Fix segfaults on mips; manually enable C++ exception support only on i386 and amd64
libyang Fix cache corruption crash, CVE-2019-19333, CVE-2019-19334
linux New upstream stable release
linux-latest Update for 4.19.0-10 kernel ABI
linux-signed-amd64 New upstream stable release
linux-signed-arm64 New upstream stable release
linux-signed-i386 New upstream stable release
lirc Fix conffile management
mailutils maidag: drop setuid privileges for all delivery operations but mda [CVE-2019-18862]
mariadb-10.3 New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249]; fix regression in RocksDB ZSTD detection
mod-gnutls Fix a possible segfault on failed TLS handshake; fix test failures
multipath-tools kpartx: use correct path to partx in udev rule
mutt Don't check IMAP PREAUTH encryption if $tunnel is in use
mydumper Link against libm
nfs-utils statd: take user-id from /var/lib/nfs/sm [CVE-2019-3689]; don't make /var/lib/nfs owned by statd
nginx Fix error page request smuggling vulnerability [CVE-2019-20372]
nmap Update default key size to 2048 bits
node-dot-prop Fix regression introduced in CVE-2020-8116 fix
node-handlebars Disallow calling helperMissing and blockHelperMissing directly [CVE-2019-19919]
node-minimist Fix prototype pollution [CVE-2020-7598]
nvidia-graphics-drivers New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
nvidia-graphics-drivers-legacy-390xx New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
openstack-debian-images Install resolvconf if installing cloud-init
pagekite Avoid issues with expiry of shipped SSL certificates by using those from the ca-certificates package
pdfchain Fix crash at startup
perl Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723]
php-horde Fix cross-site scripting vulnerability [CVE-2020-8035]
php-horde-gollem Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034]
pillow Fix multiple out-of-bounds read issues [CVE-2020-11538 CVE-2020-10378 CVE-2020-10177]
policyd-rate-limit Fix issues in accounting due to socket reuse
postfix New upstream stable release; fix segfault in the tlsproxy client role when the server role was disabled; fix maillog_file_rotate_suffix default value used the minute instead of the month; fix several TLS related issues; README.Debian fixes
python-markdown2 Fix cross-site scripting issue [CVE-2020-11888]
python3.7 Avoid infinite loop when reading specially crafted TAR files using the tarfile module [CVE-2019-20907]; resolve hash collisions for IPv4Interface and IPv6Interface [CVE-2020-14422]; fix denial of service issue in urllib.request.AbstractBasicAuthHandler [CVE-2020-8492]
qdirstat Fix saving of user-configured MIME categories
raspi3-firmware Fix typo that could lead to unbootable systems
resource-agents IPsrcaddr: make proto optional to fix regression when used without NetworkManager
ruby-json Fix unsafe object creation vulnerability [CVE-2020-10663]
shim Use rotated Debian signing keys
shim-helpers-amd64-signed Use rotated Debian signing keys
shim-helpers-arm64-signed Use rotated Debian signing keys
shim-helpers-i386-signed Use rotated Debian signing keys
speedtest-cli Pass correct headers to fix upload speed test
ssvnc Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024]
storebackup Fix possible privilege escalation vulnerability [CVE-2020-7040]
suricata Fix dropping privileges in nflog runmode
tigervnc Don't use libunwind on armel, armhf or arm64
transmission Fix possible denial of service issue [CVE-2018-10756]
wav2cdr Use C99 fixed-size integer types to fix runtime assertion on 64bit architectures other than amd64 and alpha
zipios++ Security fix [CVE-2019-13453]

보안 업데이트

이 리비전은 다음 보안 업데이트를 안정 릴리스에 더합니다. 보안 팀음 이미 각 업데이트에 대해 권고를 공개했습니다.:

권고 ID 패키지
DSA-4626 php7.3
DSA-4674 roundcube
DSA-4675 graphicsmagick
DSA-4676 salt
DSA-4677 wordpress
DSA-4678 firefox-esr
DSA-4679 keystone
DSA-4680 tomcat9
DSA-4681 webkit2gtk
DSA-4682 squid
DSA-4683 thunderbird
DSA-4684 libreswan
DSA-4685 apt
DSA-4686 apache-log4j1.2
DSA-4687 exim4
DSA-4688 dpdk
DSA-4689 bind9
DSA-4690 dovecot
DSA-4691 pdns-recursor
DSA-4692 netqmail
DSA-4694 unbound
DSA-4695 firefox-esr
DSA-4696 nodejs
DSA-4697 gnutls28
DSA-4699 linux-signed-amd64
DSA-4699 linux-signed-arm64
DSA-4699 linux-signed-i386
DSA-4699 linux
DSA-4700 roundcube
DSA-4701 intel-microcode
DSA-4702 thunderbird
DSA-4704 vlc
DSA-4705 python-django
DSA-4707 mutt
DSA-4708 neomutt
DSA-4709 wordpress
DSA-4710 trafficserver
DSA-4711 coturn
DSA-4712 imagemagick
DSA-4713 firefox-esr
DSA-4714 chromium
DSA-4716 docker.io
DSA-4718 thunderbird
DSA-4719 php7.3
DSA-4720 roundcube
DSA-4721 ruby2.5
DSA-4722 ffmpeg
DSA-4723 xen
DSA-4724 webkit2gtk
DSA-4725 evolution-data-server
DSA-4726 nss
DSA-4727 tomcat9
DSA-4728 qemu
DSA-4729 libopenmpt
DSA-4730 ruby-sanitize
DSA-4731 redis
DSA-4732 squid
DSA-4733 qemu
DSA-4735 grub-efi-amd64-signed
DSA-4735 grub-efi-arm64-signed
DSA-4735 grub-efi-ia32-signed
DSA-4735 grub2

없앤 패키지

다음 패키지는 우리 제어를 넘어 없어졌습니다:

패키지 까닭
golang-github-unknwon-cae Security issues; unmaintained
janus Not supportable in stable
mathematica-fonts Relies on unavailable download location
matrix-synapse Security issues; unsupportable
selenium-firefoxdriver Incompatible with newer Firefox ESR versions

데비안 설치관리자

설치 관리자는 포인트 릴리스에서 안정 릴리스와 합쳐진 수정 사항을 포함하도록 업데이트 되었습니다.

URL

이 리비전에서 바뀐 패키지 목록:

http://ftp.debian.org/debian/dists/buster/ChangeLog

현재 안정 배포판:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/

Security announcements and information:

https://www.debian.org/security/

데비안은

데비안 프로젝트는 완전한 자유 운영체제인 데비안을 제작하기 위해 자신의 시간과 노력을 자원하는 자유 소프트웨어 개발자의 모임입니다.

연락 정보

보다 많은 정보를 원하면 https://www.debian.org/에 있는 데비안 웹 페이지를 방문하거나, <press@debian.org>로 이메일을 보내세요. 또 <debian-release@lists.debian.org>로 보내서 안정 릴리스 팀으로 연락하세요.