更新 Debian 10:10.8 版本已發佈
2021年02月06日
Debian 項目很高興地宣佈穩定發行版 Debian 10(代號 buster
)的第八次更新。
此節點版本主要針對安全問題進行了修復,並針對嚴重問題進行了一些調整。安全警告已單獨發佈,並可引用。
請注意此節點版本並不構成 Debian 10 的新版本,僅更新了其中的一部分套件。沒有必要換掉舊的 buster
安裝媒介。
在安裝後,可以使用最新的 Debian 映射站台將套件升級到當前版本。
經常從 security.debian.org 安裝更新的使用者無需更新很多套件,大多數這樣的更新都包含在節點版本中。
新的安裝映射站台將很快在常規位置提供。
將包管理器指向 Debian 的眾多 HTTP 映射站台之一,可以將現有的安裝升級到此版本。訪問以下網址以獲得所有映射站台的列表:
其他錯誤修復
此穩定版更新為以下套件作了一些重要的修復:
套件 | 原因 |
---|---|
atftp | Fix denial of service issue [CVE-2020-6097] |
base-files | Update /etc/debian_version for the 10.8 point release |
ca-certificates | Update Mozilla CA bundle to 2.40, blacklist expired AddTrust External Root |
cacti | Fix SQL injection issue [CVE-2020-35701] and stored XSS issue |
cairo | Fix mask usage in image-compositor [CVE-2020-35492] |
choose-mirror | Update mirror list |
cjson | Fix infinite loop in cJSON_Minify |
clevis | Fix initramfs creation; clevis-dracut: Trigger initramfs creation upon installation |
cyrus-imapd | Fix version comparison in cron script |
debian-edu-config | Move host keytabs cleanup code out of gosa-modify-host into a standalone script, reducing LDAP calls to a single query |
debian-installer | Use 4.19.0-14 Linux kernel ABI; rebuild against proposed-updates |
debian-installer-netboot-images | Rebuild against proposed-updates |
debian-installer-utils | Support partitions on USB UAS devices |
device-tree-compiler | Fix segfault on dtc -I fs /proc/device-tree |
didjvu | Add missing build-dependency on tzdata |
dovecot | Fix crash when searching mailboxes containing malformed MIME messages |
dpdk | New upstream stable release |
edk2 | CryptoPkg/BaseCryptLib: fix NULL dereference [CVE-2019-14584] |
emacs | Don't crash with OpenPGP User IDs with no e-mail address |
fcitx | Fix input method support in Flatpaks |
file | Increase name recursion depth to 50 by default |
geoclue-2.0 | Check the maximum allowed accuracy level even for system applications; make the Mozilla API key configurable and use a Debian-specific key by default; fix display of the usage indicator |
gnutls28 | Fix test suite error caused by expired certificate |
grub2 | When upgrading grub-pc noninteractively, bail out if grub-install fails; explicitly check whether the target device exists before running grub-install; grub-install: Add backup and restore; don't call grub-install on fresh install of grub-pc |
highlight.js | Fix prototype pollution [CVE-2020-26237] |
intel-microcode | Update various microcode |
iproute2 | Fix bugs in JSON output; fix race condition that DOSes the system when using ip netns add at boot |
irssi-plugin-xmpp | Do not trigger the irssi core connect timeout prematurely, thus fixing STARTTLS connections |
libdatetime-timezone-perl | Update for new tzdata version |
libdbd-csv-perl | Fix test failure with libdbi-perl 1.642-1+deb10u2 |
libdbi-perl | Security fix [CVE-2014-10402] |
libmaxminddb | Fix heap-based buffer over-read [CVE-2020-28241] |
lttng-modules | Fix build on kernel versions >= 4.19.0-10 |
m2crypto | Fix compatibility with OpenSSL 1.1.1i and newer |
mini-buildd | builder.py: sbuild call: set '--no-arch-all' explicitly |
net-snmp | snmpd: Add cacheTime and execType flags to EXTEND-MIB |
node-ini | Do not allow invalid hazardous string as section name [CVE-2020-7788] |
node-y18n | Fix prototype pollution issue [CVE-2020-7774] |
nvidia-graphics-drivers | New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056] |
nvidia-graphics-drivers-legacy-390xx | New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056] |
pdns | Security fixes [CVE-2019-10203 CVE-2020-17482] |
pepperflashplugin-nonfree | Turn into a dummy package taking care of removing the previously installed plugin (no longer functional nor supported) |
pngcheck | Fix buffer overflow [CVE-2020-27818] |
postgresql-11 | New upstream stable release; security fixes [CVE-2020-25694 CVE-2020-25695 CVE-2020-25696] |
postsrsd | Ensure timestamp tags aren't too long before trying to decode them [CVE-2020-35573] |
python-bottle | Stop allowing ;as a query-string separator [CVE-2020-28473] |
python-certbot | Automatically use ACMEv2 API for renewals, to avoid issues with ACMEv1 API removal |
qxmpp | Fix potential SEGFAULT on connection error |
silx | python(3)-silx: Add dependency on python(3)-scipy |
slirp | Fix buffer overflows [CVE-2020-7039 CVE-2020-8608] |
steam | New upstream release |
systemd | journal: do not trigger assertion when journal_file_close() is passed NULL |
tang | Avoid race condition between keygen and update |
tzdata | New upstream release; update included timezone data |
unzip | Apply further fixes for CVE-2019-13232 |
wireshark | Fix various crashes, infinite loops and memory leaks [CVE-2019-16319 CVE-2019-19553 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431] |
安全更新
此修訂版在穩定版本中添加了以下安全更新。 安全團隊已經為每個更新發布了相關建議:
移除的套件
由於現有條件限制,我們移除了下列套件:
套件 | 原因 |
---|---|
compactheader | Incompatible with current Thunderbird versions |
Debian 安裝器
安裝程序已更新,現已包含節點版本中整合到穩定版中的修復程序。
相關網頁鏈接
隨此修訂版更改的包的完整列表:
當前穩定版分發:
穩定版分發的計劃更新:
穩定版分發信息(發行說明、勘誤表等):
安全公告與信息:
關於 Debian
Debian 是自由軟體開發者們的協會,他們自願貢獻時間參與開發,致力於創建完全自由的作業系統 Debian。
聯繫我們
請訪問 Debian 網站 https://www.debian.org/,發送郵件到 <press@debian.org> , 或透過 <debian-release@lists.debian.org> 聯繫穩定版發行團隊以瞭解更多信息。