更新 Debian 10:10.8 版本已发布
2021年02月06日
Debian 项目很高兴地宣布稳定发行版 Debian 10(代号 buster
)的第八次更新。
此节点版本主要针对安全问题进行了修复,并针对严重问题进行了一些调整。安全警告已单独发布,并可引用。
请注意此节点版本并不构成 Debian 10 的新版本,仅更新了其中的一部分软件包。没有必要换掉旧的 buster
安装媒介。
在安装后,可以使用最新的 Debian 镜像将软件包升级到当前版本。
经常从 security.debian.org 安装更新的用户无需更新很多软件包,大多数这样的更新都包含在节点版本中。
新的安装镜像将很快在常规位置提供。
将包管理器指向 Debian 的众多 HTTP 镜像之一,可以将现有的安装升级到此版本。访问以下网址以获得所有镜像的列表:
其他错误修复
此稳定版更新为以下软件包作了一些重要的修复:
软件包 | 原因 |
---|---|
atftp | Fix denial of service issue [CVE-2020-6097] |
base-files | Update /etc/debian_version for the 10.8 point release |
ca-certificates | Update Mozilla CA bundle to 2.40, blacklist expired AddTrust External Root |
cacti | Fix SQL injection issue [CVE-2020-35701] and stored XSS issue |
cairo | Fix mask usage in image-compositor [CVE-2020-35492] |
choose-mirror | Update mirror list |
cjson | Fix infinite loop in cJSON_Minify |
clevis | Fix initramfs creation; clevis-dracut: Trigger initramfs creation upon installation |
cyrus-imapd | Fix version comparison in cron script |
debian-edu-config | Move host keytabs cleanup code out of gosa-modify-host into a standalone script, reducing LDAP calls to a single query |
debian-installer | Use 4.19.0-14 Linux kernel ABI; rebuild against proposed-updates |
debian-installer-netboot-images | Rebuild against proposed-updates |
debian-installer-utils | Support partitions on USB UAS devices |
device-tree-compiler | Fix segfault on dtc -I fs /proc/device-tree |
didjvu | Add missing build-dependency on tzdata |
dovecot | Fix crash when searching mailboxes containing malformed MIME messages |
dpdk | New upstream stable release |
edk2 | CryptoPkg/BaseCryptLib: fix NULL dereference [CVE-2019-14584] |
emacs | Don't crash with OpenPGP User IDs with no e-mail address |
fcitx | Fix input method support in Flatpaks |
file | Increase name recursion depth to 50 by default |
geoclue-2.0 | Check the maximum allowed accuracy level even for system applications; make the Mozilla API key configurable and use a Debian-specific key by default; fix display of the usage indicator |
gnutls28 | Fix test suite error caused by expired certificate |
grub2 | When upgrading grub-pc noninteractively, bail out if grub-install fails; explicitly check whether the target device exists before running grub-install; grub-install: Add backup and restore; don't call grub-install on fresh install of grub-pc |
highlight.js | Fix prototype pollution [CVE-2020-26237] |
intel-microcode | Update various microcode |
iproute2 | Fix bugs in JSON output; fix race condition that DOSes the system when using ip netns add at boot |
irssi-plugin-xmpp | Do not trigger the irssi core connect timeout prematurely, thus fixing STARTTLS connections |
libdatetime-timezone-perl | Update for new tzdata version |
libdbd-csv-perl | Fix test failure with libdbi-perl 1.642-1+deb10u2 |
libdbi-perl | Security fix [CVE-2014-10402] |
libmaxminddb | Fix heap-based buffer over-read [CVE-2020-28241] |
lttng-modules | Fix build on kernel versions >= 4.19.0-10 |
m2crypto | Fix compatibility with OpenSSL 1.1.1i and newer |
mini-buildd | builder.py: sbuild call: set '--no-arch-all' explicitly |
net-snmp | snmpd: Add cacheTime and execType flags to EXTEND-MIB |
node-ini | Do not allow invalid hazardous string as section name [CVE-2020-7788] |
node-y18n | Fix prototype pollution issue [CVE-2020-7774] |
nvidia-graphics-drivers | New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056] |
nvidia-graphics-drivers-legacy-390xx | New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056] |
pdns | Security fixes [CVE-2019-10203 CVE-2020-17482] |
pepperflashplugin-nonfree | Turn into a dummy package taking care of removing the previously installed plugin (no longer functional nor supported) |
pngcheck | Fix buffer overflow [CVE-2020-27818] |
postgresql-11 | New upstream stable release; security fixes [CVE-2020-25694 CVE-2020-25695 CVE-2020-25696] |
postsrsd | Ensure timestamp tags aren't too long before trying to decode them [CVE-2020-35573] |
python-bottle | Stop allowing ;as a query-string separator [CVE-2020-28473] |
python-certbot | Automatically use ACMEv2 API for renewals, to avoid issues with ACMEv1 API removal |
qxmpp | Fix potential SEGFAULT on connection error |
silx | python(3)-silx: Add dependency on python(3)-scipy |
slirp | Fix buffer overflows [CVE-2020-7039 CVE-2020-8608] |
steam | New upstream release |
systemd | journal: do not trigger assertion when journal_file_close() is passed NULL |
tang | Avoid race condition between keygen and update |
tzdata | New upstream release; update included timezone data |
unzip | Apply further fixes for CVE-2019-13232 |
wireshark | Fix various crashes, infinite loops and memory leaks [CVE-2019-16319 CVE-2019-19553 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431] |
安全更新
此修订版在稳定版本中添加了以下安全更新。 安全团队已经为每个更新发布了相关建议:
删除的软件包
由于现有条件限制,我们删除了下列软件包:
软件包 | 原因 |
---|---|
compactheader | Incompatible with current Thunderbird versions |
Debian 安装器
安装程序已更新,现已包含节点版本中整合到稳定版中的修复程序。
相关网页链接
随此修订版更改的包的完整列表:
当前稳定版分发:
稳定版分发的计划更新:
稳定版分发信息(发行说明、勘误表等):
安全公告与信息:
关于 Debian
Debian 是自由软件开发者们的协会,他们自愿贡献时间参与开发,致力于创建完全自由的操作系统 Debian。
联系我们
请访问 Debian 网站 https://www.debian.org/,发送邮件到 <press@debian.org> , 或通过 <debian-release@lists.debian.org> 联系稳定版发行团队以了解更多信息。