更新 Debian 10:10.8 版本已發佈

2021年02月06日

Debian 項目很高興地宣佈穩定發行版 Debian 10(代號 buster)的第八次更新。 此節點版本主要針對安全問題進行了修復,並針對嚴重問題進行了一些調整。安全警告已單獨發佈,並可引用。

請注意此節點版本並不構成 Debian 10 的新版本,僅更新了其中的一部分套件。沒有必要換掉舊的 buster 安裝媒介。 在安裝後,可以使用最新的 Debian 映射站台將套件升級到當前版本。

經常從 security.debian.org 安裝更新的使用者無需更新很多套件,大多數這樣的更新都包含在節點版本中。

新的安裝映射站台將很快在常規位置提供。

將包管理器指向 Debian 的眾多 HTTP 映射站台之一,可以將現有的安裝升級到此版本。訪問以下網址以獲得所有映射站台的列表:

https://www.debian.org/mirror/list

其他錯誤修復

此穩定版更新為以下套件作了一些重要的修復:

套件 原因
atftp Fix denial of service issue [CVE-2020-6097]
base-files Update /etc/debian_version for the 10.8 point release
ca-certificates Update Mozilla CA bundle to 2.40, blacklist expired AddTrust External Root
cacti Fix SQL injection issue [CVE-2020-35701] and stored XSS issue
cairo Fix mask usage in image-compositor [CVE-2020-35492]
choose-mirror Update mirror list
cjson Fix infinite loop in cJSON_Minify
clevis Fix initramfs creation; clevis-dracut: Trigger initramfs creation upon installation
cyrus-imapd Fix version comparison in cron script
debian-edu-config Move host keytabs cleanup code out of gosa-modify-host into a standalone script, reducing LDAP calls to a single query
debian-installer Use 4.19.0-14 Linux kernel ABI; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debian-installer-utils Support partitions on USB UAS devices
device-tree-compiler Fix segfault on dtc -I fs /proc/device-tree
didjvu Add missing build-dependency on tzdata
dovecot Fix crash when searching mailboxes containing malformed MIME messages
dpdk New upstream stable release
edk2 CryptoPkg/BaseCryptLib: fix NULL dereference [CVE-2019-14584]
emacs Don't crash with OpenPGP User IDs with no e-mail address
fcitx Fix input method support in Flatpaks
file Increase name recursion depth to 50 by default
geoclue-2.0 Check the maximum allowed accuracy level even for system applications; make the Mozilla API key configurable and use a Debian-specific key by default; fix display of the usage indicator
gnutls28 Fix test suite error caused by expired certificate
grub2 When upgrading grub-pc noninteractively, bail out if grub-install fails; explicitly check whether the target device exists before running grub-install; grub-install: Add backup and restore; don't call grub-install on fresh install of grub-pc
highlight.js Fix prototype pollution [CVE-2020-26237]
intel-microcode Update various microcode
iproute2 Fix bugs in JSON output; fix race condition that DOSes the system when using ip netns add at boot
irssi-plugin-xmpp Do not trigger the irssi core connect timeout prematurely, thus fixing STARTTLS connections
libdatetime-timezone-perl Update for new tzdata version
libdbd-csv-perl Fix test failure with libdbi-perl 1.642-1+deb10u2
libdbi-perl Security fix [CVE-2014-10402]
libmaxminddb Fix heap-based buffer over-read [CVE-2020-28241]
lttng-modules Fix build on kernel versions >= 4.19.0-10
m2crypto Fix compatibility with OpenSSL 1.1.1i and newer
mini-buildd builder.py: sbuild call: set '--no-arch-all' explicitly
net-snmp snmpd: Add cacheTime and execType flags to EXTEND-MIB
node-ini Do not allow invalid hazardous string as section name [CVE-2020-7788]
node-y18n Fix prototype pollution issue [CVE-2020-7774]
nvidia-graphics-drivers New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056]
nvidia-graphics-drivers-legacy-390xx New upstream release; fix possible denial of service and information disclosure [CVE-2021-1056]
pdns Security fixes [CVE-2019-10203 CVE-2020-17482]
pepperflashplugin-nonfree Turn into a dummy package taking care of removing the previously installed plugin (no longer functional nor supported)
pngcheck Fix buffer overflow [CVE-2020-27818]
postgresql-11 New upstream stable release; security fixes [CVE-2020-25694 CVE-2020-25695 CVE-2020-25696]
postsrsd Ensure timestamp tags aren't too long before trying to decode them [CVE-2020-35573]
python-bottle Stop allowing ; as a query-string separator [CVE-2020-28473]
python-certbot Automatically use ACMEv2 API for renewals, to avoid issues with ACMEv1 API removal
qxmpp Fix potential SEGFAULT on connection error
silx python(3)-silx: Add dependency on python(3)-scipy
slirp Fix buffer overflows [CVE-2020-7039 CVE-2020-8608]
steam New upstream release
systemd journal: do not trigger assertion when journal_file_close() is passed NULL
tang Avoid race condition between keygen and update
tzdata New upstream release; update included timezone data
unzip Apply further fixes for CVE-2019-13232
wireshark Fix various crashes, infinite loops and memory leaks [CVE-2019-16319 CVE-2019-19553 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431]

安全更新

此修訂版在穩定版本中添加了以下安全更新。 安全團隊已經為每個更新發布了相關建議:

公告序號 套件
DSA-4797 webkit2gtk
DSA-4801 brotli
DSA-4802 thunderbird
DSA-4803 xorg-server
DSA-4804 xen
DSA-4805 trafficserver
DSA-4806 minidlna
DSA-4807 openssl
DSA-4808 apt
DSA-4809 python-apt
DSA-4810 lxml
DSA-4811 libxstream-java
DSA-4812 xen
DSA-4813 firefox-esr
DSA-4814 xerces-c
DSA-4815 thunderbird
DSA-4816 mediawiki
DSA-4817 php-pear
DSA-4818 sympa
DSA-4819 kitty
DSA-4820 horizon
DSA-4821 roundcube
DSA-4822 p11-kit
DSA-4823 influxdb
DSA-4824 chromium
DSA-4825 dovecot
DSA-4827 firefox-esr
DSA-4828 libxstream-java
DSA-4829 coturn
DSA-4830 flatpak
DSA-4831 ruby-redcarpet
DSA-4832 chromium
DSA-4833 gst-plugins-bad1.0
DSA-4834 vlc
DSA-4835 tomcat9
DSA-4837 salt
DSA-4838 mutt
DSA-4839 sudo
DSA-4840 firefox-esr
DSA-4841 slurm-llnl
DSA-4843 linux-latest
DSA-4843 linux-signed-amd64
DSA-4843 linux-signed-arm64
DSA-4843 linux-signed-i386
DSA-4843 linux

移除的套件

由於現有條件限制,我們移除了下列套件:

套件 原因
compactheader Incompatible with current Thunderbird versions

Debian 安裝器

安裝程序已更新,現已包含節點版本中整合到穩定版中的修復程序。

相關網頁鏈接

隨此修訂版更改的包的完整列表:

http://ftp.debian.org/debian/dists/buster/ChangeLog

當前穩定版分發:

http://ftp.debian.org/debian/dists/stable/

穩定版分發的計劃更新:

http://ftp.debian.org/debian/dists/proposed-updates

穩定版分發信息(發行說明、勘誤表等):

https://www.debian.org/releases/stable/

安全公告與信息:

https://www.debian.org/security/

關於 Debian

Debian 是自由軟體開發者們的協會,他們自願貢獻時間參與開發,致力於創建完全自由的作業系統 Debian。

聯繫我們

請訪問 Debian 網站 https://www.debian.org/,發送郵件到 <press@debian.org> , 或透過 <debian-release@lists.debian.org> 聯繫穩定版發行團隊以瞭解更多信息。