云网牛站
所在位置:首页 > Linux下载 > Debian 9更新到Debian 9.5,修复Spectre V2等安全漏洞

Debian 9更新到Debian 9.5,修复Spectre V2等安全漏洞

2018-07-15 10:05:22作者:linux人稿源:cnBeta

Debian 9 Stretch开发团队将该版本更新到了Debian 9.5,这是Debian 9系列的第五次常规维护更新,如果你所用的是Debian 9并保持最新更新那么你现在已经用上了Debian 9.5版本,但如果你打算安装一个新系统,那么最新的ISO意味着你不需要升级大量的更新包,因为它们已经捆绑在里面了。

 

Debian 9.5主要更新

虽然大多数维护更新版本都会带来重大安全更新,但日前最新的更新更值得注意,因为它更新了intel-microcode安装包并还对包括Spectre V2在内的漏洞进行了修复。其中获得了更新的重要安装包有abiword、clamav、dosbox、dpkg、Linux kernel、nvidia-graphics-drivers、rustc、systemd。另外,像Chromium浏览器、Firefox扩展支持等热门工具也都被替换成了最新版本。

 

相关链接

获取 Debian

Debian 全球镜像站

 

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package

Reason

2ping

Add missing dependency on python-pkg-resources

abiword

Resolve binary file conflict between abiword-dbgsym and abiword-plugin-grammar-dbgsym

adminer

Don't allow connections to privileged ports [CVE-2018-7667]

animals

Fix incorrect file permissions that made the game unusable

apache2

Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33, fixing segfaults, high memory usage and potential crash [CVE-2018-1302]; make the apache-htcacheclean init script actually use /etc/default/apache-htcacheclean for its config

auto-complete-el

Add upstream fix for emacs25; adjust the emacs dependencies to the emacs versions in stretch; set auto-complete-el.emacsen-compat to silence installation warning

awffull

Do not use removed options in /etc/cron.daily/awffull

ax25-tools

Avoid segmentation fault at runtime

base-files

Update for the point release

blktrace

Fix buffer overflow in btt [CVE-2018-10689]

ca-certificates

Update Mozilla CA bundle to version 2.22; bug fixes

camo

Add missing dependency on openssl

cffi

Add missing files for cffi-libffi and cffi-toolchain; add several missing dependencies

check-postgres

Update testsuite to handle pg_get_indexdef() now always including the schema name

clamav

New upstream version; don't fail on recently removed config options

clustershell

Add missing dependency on python-pkg-resources

debian-installer

Update for -7 kernel ABI

debian-installer-netboot-images

Rebuild for the point release

debian-security-support

Update included data

dehydrated

Fix failure to create fullchain.pem

devscripts

uscan: fix the new package version regex for filenamemangle; debsign: fix bash completion; bts: support the new ftbfs tag; uscan: support HTTPS in the sf.net redirector; debcheckout: support salsa.debian.org; debdiff: sort shlibs files before comparing, reducing diff noise; uscan: actually support --copy

disc-cover

Fix perl error when running disc-cover

discover

Use correct type for the length parameter of the getline() call

django-xmlrpc

Fix python3 dependencies

dosbox

Fix crashes with core=dynamic

dpdk

New upstream stable update

dpkg

Fix integer overflow in deb(5) format version parser; fix directory traversal with dpkg-deb --raw-extract; add support for riscv64 CPU; do not normalize args past a passthrough stop word in Dpkg::Getopt; parse start-stop-daemon usernames and groupnames starting with digits correctly; always use the binary version for the .buildinfo filename

dput-ng

Add jessie-backports-sloppy and stretch-backports targets; include 'testing' in the rm-managed suites and 'oldstable' in protected distributions; add ports-master profile; FTP: parse and use optional [:port] part for fqdn

elastix

Rebuild with ITK that has been built with gcc 6

email2trac

Fix detection of Trac 1.2

faad2

Fix several DoS issues via crafted MP4 files [CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257]

faker

Add missing dependency on python-ipaddress

fastkml

Add missing dependency on pkg-resources

file

Avoid reading past the end of buffer [CVE-2018-10360]

freedink-dfarc

Fix directory traversal in D-Mod extractor [CVE-2018-0496]

ganeti

Properly verify SSL certificates during VM export

ghostscript

Fix segfault with fuzzing file in gxht_thresh_image_init(); fix buffer overflow in fill_threshold_buffer [CVE-2016-10317]; pdfwrite - Guard against trying to output an infinite number [CVE-2018-10194]

git-annex

Security fixes [CVE-2018-10857 CVE-2018-10859]

glx-alternatives

New upstream version

gridengine

Use correct paths to qmon pixmaps; fix FTBFS on armhf

intel-microcode

Update included microcode, including fixes for Spectre v2 [CVE-2017-5715]

jdresolve

Fix incompatibility with libnet-dns-perl in Debian 8 and later

libb64

Rebuild with PIE

libdate-holidays-de-perl

Mark Reformation Day as a holiday in Niedersachsen and Bremen

libdatetime-timezone-perl

Update included data

libextractor

Various security fixes [CVE-2017-15266 CVE-2017-15267 CVE-2017-15600 CVE-2017-15601 CVE-2017-15602 CVE-2017-15922 CVE-2017-17440]

libipc-run-perl

Fix memory leak

liblouis

Fix buffer overflow [CVE-2018-11410]; fix several buffer overflows [CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 2018-12085]

libosmium

Output coordinate with value of -2^31 correctly; fix buffers larger than 2^32 bytes

linux

New upstream stable release 4.9.110

linux-latest

Update to -7 kernel ABI

llvm-toolchain-4.0

New package for rust backports; fix build on s390x

local-apt-repository

Stop breaking apt when the package is removed but not purged

loook

Fix handling of password protected files

miniupnpd

Fix DoS [CVE-2017-1000494]

nss-pam-ldapd

Increase size of hostname buffer

nvidia-graphics-drivers

New upstream version

obfsproxy

Don't install the broken AppArmor profile

openldap

Fix an out-of-sync issue with delta-syncrepl replication in multi-master environments; really fix upgrades when the config contains backslash-escaped special characters

openstack-debian-images

Set CloudStack after OpenStack in the datasource_list, to avoid a 120s delay in cloud-init when booting a machine in an OpenStack cloud

patch

Fix arbitrary command execution in ed-style patches [CVE-2018-1000156]

piglit

Fix missing dependency on python-mako

postgresql-9.6

New upstream release

postgresql-common

Prevent upgrading/removing server packages from stopping other major version clusters when running systemd

psad

Add missing dependencies on net-tools and iproute2

pysurfer

Add missing dependency on python-matplotlib

python-cluster

Add missing dependency on pkg-resources

python-pyorick

Fix import failure by adding missing dependency on python3-numpy

python-scruffy

Add missing dependencies on pkg-resources

r-cran-mi

Add missing dependency on r-cran-arm

redis

Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service files

reportbug

Notify the security team or LTS team about a possible regression if reporting a bug against a package containing a security fix

rustc

New upstream release to support Firefox ESR

salt

Fix salt-ssh minion copied over configuration from the Salt Master without adjusting permissions [CVE-2017-8109]

shared-mime-info

Switch dpkg trigger to noawait, fixing upgrade issues from jessie

showq

Fix prefix, so application actually works

source-highlight

Fix dependency on libboost-regex-dev

starplot

Fix startup crash

subversion

Reject commits which would introduce hash collisions with existing data, thus addressing the SHA1/shattered issue

sus

Update to new version, technically identical to SUSv4 + TC1 + TC2

systemd

networkd-ndisc: Handle missing MTU gracefully; allow RemoveIPC= to be set in the unit file not only via D-Bus; nspawn: Add missing -E to getopt_long'; login: Respect --no-wall when cancelling a shutdown request

tclreadline

Fix shared library build on ppc64el

thefuck

Add missing dependency on pkg-resources

tinyproxy

Do not stop listening after SIGHUP; fix configuration file path; add missing dependency on adduser

tlslite-ng

Verify MAC even if the padding is 1 byte long

tzdata

New upstream release

unison

Rebuild with stretch's ocaml

variety

Fix shell injection on deleting files to trash; fix shell injection in filter and clock with specially crafted filenames; harden ImageMagick calls against potential shell injection

xapian-core

Fix MSet::snippet() to escape HTML in all cases [CVE-2018-499]

xerces-c

Fix Denial of Service via external DTD reference [CVE-2017-12627]; fix a regression that forced gcc to use SSE2, even on platforms that do not support it

xrdp

Fix off-by-one error which could lead to crashes

 

Security Updates

This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

Advisory ID

Package

DSA-4010

git-annex

DSA-4064

chromium-browser

DSA-4113

libvorbis

DSA-4133

isc-dhcp

DSA-4134

util-linux

DSA-4135

samba

DSA-4136

curl

DSA-4137

libvirt

DSA-4138

mbedtls

DSA-4139

firefox-esr

DSA-4140

libvorbis

DSA-4141

libvorbisidec

DSA-4142

uwsgi

DSA-4143

firefox-esr

DSA-4144

openjdk-8

DSA-4145

gitlab

DSA-4146

plexus-utils

DSA-4148

kamailio

DSA-4150

icu

DSA-4151

librelp

DSA-4152

mupdf

DSA-4153

firefox-esr

DSA-4155

thunderbird

DSA-4156

drupal7

DSA-4157

openssl

DSA-4158

openssl1.0

DSA-4159

remctl

DSA-4160

libevt

DSA-4161

python-django

DSA-4162

irssi

DSA-4163

beep

DSA-4164

apache2

DSA-4165

ldap-account-manager

DSA-4167

sharutils

DSA-4169

pcs

DSA-4170

pjproject

DSA-4171

ruby-loofah

DSA-4172

perl

DSA-4173

r-cran-readxl

DSA-4174

corosync

DSA-4175

freeplane

DSA-4177

libsdl2-image

DSA-4178

libreoffice

DSA-4180

drupal7

DSA-4181

roundcube

DSA-4183

tor

DSA-4184

sdl-image1.2

DSA-4185

openjdk-8

DSA-4188

linux

DSA-4189

quassel

DSA-4190

jackson-databind

DSA-4191

redmine

DSA-4192

libmad

DSA-4193

wordpress

DSA-4194

lucene-solr

DSA-4195

wget

DSA-4196

linux

DSA-4197

wavpack

DSA-4198

prosody

DSA-4199

firefox-esr

DSA-4200

kwallet-pam

DSA-4201

xen

DSA-4202

curl

DSA-4203

vlc

DSA-4203

phonon-backend-vlc

DSA-4203

goldencheetah

DSA-4206

gitlab

DSA-4206

ruby-omniauth-auth0

DSA-4207

packagekit

DSA-4208

procps

DSA-4209

thunderbird

DSA-4210

xen

DSA-4211

xdg-utils

DSA-4212

git

DSA-4213

qemu

DSA-4214

zookeeper

DSA-4215

batik

DSA-4216

prosody

DSA-4217

wireshark

DSA-4218

memcached

DSA-4219

jruby

DSA-4220

firefox-esr

DSA-4221

libvncserver

DSA-4222

gnupg2

DSA-4223

gnupg1

DSA-4226

perl

DSA-4227

plexus-archiver

DSA-4228

spip

DSA-4229

strongswan

DSA-4230

redis

DSA-4231

libgcrypt20

DSA-4232

xen

DSA-4233

bouncycastle

DSA-4234

lava-server

DSA-4235

firefox-esr

DSA-4236

xen

DSA-4238

exiv2

DSA-4239

gosa

DSA-4240

php7.0

DSA-4241

libsoup2.4

 

Removed packages

The following packages were removed due to circumstances beyond our control:

Package

Reason

libnet-whois-perl

Broken

mlbviewer

No longer works due to content provider changes

python-uniconvertor

Unusable; requires unpackaged dependency

singularity-container

Not security supportable

undertow

Unsupportable; several security issues; alternatives exist

visionegg

Unusable; requires no longer available numpy.oldnumeric

 

相关主题

Debian 9.4发布下载,修复安全问题

精选文章
热门文章