주의: 이 번역은 원문보다 오래되었습니다.

데비안 9 업데이트: 9.3 릴리스

2017년 12월 9일

데비안 프로젝트는 안정 배포판 데비안9 (codename stretch의 3번쩨 업데이트를 알리게 되어 기쁩니다. 이 포인트 릴리스는 주로 보안 이슈에 대한 수정 및 심각한 이슈에 대한 조정을 추가합니다. 보안권고는 이미 별도로 게시했으며 사용 가능한 곳에 참조됩니다.

포인트 릴리스는 데비안 9의 새 버전을 구성하지 않고 포함된 패키지 일부만 업데이트함을 주의하세요. 기존 stretch 매체를 버릴 필요는 없습니다. 설치 후, 패키지는 최신 데비안 미러를 써서 현재 버전으로 업그레이드 될 수 있습니다.

security.debian.org에서 업데이트를 자주 설치하는 사용자는 많은 패키지를 업데이트하지 않을 것이며, 대부분 그 업데이트는 포인트 릴리스에 포함되었습니다.

새 설치 이미지는 일반 위치에서 곧 가능하게 될 겁니다.

기존 설치를 이 리비전으로 업그레이드하는 것이 데비안의 많은 HTTP 미러 중 하나에 있는 패키지 관리시스템에서 수행될 수 있습니다. 포괄적 미러 목록이 아래에 가능합니다:

https://www.debian.org/mirror/list

여러가지 버그 수정

이 안정 업데이트는 아래 패키지에 몇 가지 중요한 수정을 추가합니다:

패키지	이유
abiword	Fix flickering
base-files	Update for the point release
berusky	Fix startup crash with certain video card configurations
charmtimetracker	Fix missing binary dependency on libqt5sql5-sqlite
corebird	Increase maximum length of tweet to 280 characters
dbus	When parsing dbus-daemon configuration, don't delay startup if high-quality entropy is not yet available; when using the Monitoring interface, match message filters that specify a destination correctly; increase listen() backlog of AF_UNIX sockets to the maximum possible, minimizing failed connections under heavy load
debian-edu-doc	Merge stretch related documentation and translation updates from unstable and the wiki; documentation/common/edu.css.xml: improve HTML manual readability
debian-installer	Rebuild for the point release
dehydrated	Update subscriber license agreement URL
doit	Add Breaks: nikola (<< 7.6.0-1~) to ensure its removal on upgrades from jessie
eclipse-titan	Rebuild against current stretch GCC
fig2dev	Add input sanitisation on FIG files [CVE-2017-16899]; sanitize input of fill patterns
flickcurl	Fix oauth token fetching; prevent double free corruption during authentication
flightgear	Prevent malicious add-ons from overriding arbitrary files [CVE-2017-13709]
ganeti	Backport upstream support for non-DSA SSH keys; fix failover from dead nodes when using extstorage; fix instance import/export/move with current socat versions
gdm3	Backport several patches to fix XDMCP support
getmail4	Fix issue related to malformed fingerprints
grok	Fix pointer aliasing bug; libgrok-dev: add missing dependencies on libgrok1 and libtokyocabinet-dev
gunicorn	Drop unnecessary Pre-Depends on dpkg-dev which was causing gunicorn and python-gunicorn to bring in a compiler as a dependency
icu	Fix double free in createMetazoneMappings() [CVE-2017-14952]
inn2	[i386] Rebuild to pick up correct path to gzip binary
iproute2	Fix segfault in tc with iptables 1.6
jdcal	Fix Python3 dependencies
kde-gtk-config	Fix preview buttons in KDE-GTK-config UI
lasi	liblasi-dev: add missing dependencies on libpango1.0-dev and libfreetype6-dev
libdatetime-timezone-perl	Update included data
libdbd-firebird-perl	Fix fetching of decimal(x,y) values between -1 and 0
libdbi	Re-enable error handler call in dbi_result_next_row()
liblog-log4perl-perl	Work around Perl 5.24 no longer allowing syswrite and utf8 together
liblouis	Fix buffer overflow and use-after-free issues [CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744]
libmpd	libmpd-dev: Add the missing dependency on libglib2.0-dev
libofx	Security fixes [CVE-2017-2816 CVE-2017-14731]
libxkbcommon	libxkbcommon-x11-dev: add missing dependency on libxkbcommon-dev
libxsettings-client	Add missing libxsettings-client-dev -> libxsettings-dev dependency
linux	xen/time: do not decrease steal time after live migration on xen; new stable kernel version 4.9.65
live-config	Configure autologin for KDE / Plasma live images
lxc	Don't hardcode list of valid Debian releases, allowing the creation of containers for stable, buster, testing and unstable; don't insert C.* locales into /etc/locale.gen
mongodb	Fix segfault/FTBFS on ARM64 with 48-bit virtual addresses, spidermonkey GC segfault when built with GCC 6; mongodb.service: start after network.target
openssh	Test configuration before starting or reloading sshd under systemd; adjust compatibility patterns for WinSCP to correctly identify versions that implement only the legacy DH group exchange scheme; make -- before the hostname terminate argument processing after the hostname too
pdns	Fix incorrect qname casing in NSEC3 generation; add missing check on API operations [CVE-2017-15091]
pdns-recursor	Security fixes: insufficient validation of DNSSEC signatures [CVE-2017-15090]; Cross-Site Scripting in the web interface [CVE-2017-15092]; configuration file injection in the API [CVE-2017-15093]; memory leak in DNSSEC parsing [CVE-2017-15094]
postgresql-9.6	Upstream bugfix release
publicsuffix	Update included data
pyosmium	Upstream bugfix release: handler functions not called when using replication service or when using Reader instead of file
python-diff-match-patch	Add missing python3 dependency on Python 3 package
python-inflect	Fix Python 3 dependencies
python-tablib	Safely load YAML [CVE-2017-2810]
python2.7	Fix integer overflow in PyString_DecodeEscape [CVE-2017-1000158]; support all groups in TLS communication
qtcurve	Fix crashes by using strncmp() instead of memcmp()
ruby-httparty	Relax dependency version in gem dependency on json
ruby-ox	Avoid crash with invalid XML passed to Oj.parse_obj() [CVE-2017-15928]
ruby-pygments.rb	Avoid closing too many files when mentos starts, which can cause build failures in other packages on slower systems
schroot	Fix bash completion file; add systemd service file with Type=oneshot to avoid timeout issues with too many open sessions
simutrans	Enable sound for simutrans again. Switch from SDL to mixer_sdl backend
sitesummary	Adjust nagios kernel version checking module to work with 4.x kernels
slic3r	Fix missing dependency on perlapi-*
spamassassin	Disable bb.barracudacentral.org; update the systemd unit file to use the same pid file as was used in the sysvinit script; update systemd unit dependencies to include network and syslog; fix inappropriate invocation of invoke-rc.d in cron script
sqldeveloper-package	Fix build failure
sqlite3	Fix heap-based buffer over-read via undersized RTree blobs [CVE-2017-10989]
syslinux	Fix btrfs logical to physical block address mapping; fix boot problem for old BIOS firmware by correct C/H/S order; support ext4 64bit feature
tdbcodbc	Fix bug in ODBC library search
tor	Add Bastet directory authority; fix a timing-based assertion failure; update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 country database
tzdata	New upstream release
udftools	Fix path to pktsetup in udftools init script
weechat	logger: call strftime before replacing buffer local variables [CVE-2017-14727]
xml2	Fix corruption when dealing with UTF-8 files, usage string for 2csv tool
xrdp	Fix high CPU load on SSL shutdown
zsh	Rebuild to pull in updated libraries for zsh-static

보안 업데이트

이 리비전은 아래 보안 업데이트를 안정 릴리스에 추가했습니다. 보안 팀은 이미 각 업데이트에 대한 자문을 발표했습니다:

자문 ID	패키지
DSA-3989	dnsmasq
DSA-3990	asterisk
DSA-3991	qemu
DSA-3992	curl
DSA-3993	tor
DSA-3994	nautilus
DSA-3995	libxfont
DSA-3996	ffmpeg
DSA-3997	wordpress
DSA-3998	nss
DSA-3999	wpa
DSA-4000	xorg-server
DSA-4001	yadifa
DSA-4003	libvirt
DSA-4004	jackson-databind
DSA-4006	mupdf
DSA-4007	curl
DSA-4008	wget
DSA-4009	shadowsocks-libev
DSA-4011	quagga
DSA-4013	openjpeg2
DSA-4014	thunderbird
DSA-4015	openjdk-8
DSA-4016	irssi
DSA-4017	openssl1.0
DSA-4018	openssl
DSA-4019	imagemagick
DSA-4020	chromium-browser
DSA-4021	otrs2
DSA-4023	slurm-llnl
DSA-4024	chromium-browser
DSA-4025	libpam4j
DSA-4026	bchunk
DSA-4028	postgresql-9.6
DSA-4029	postgresql-common
DSA-4030	roundcube
DSA-4031	ruby2.3
DSA-4032	imagemagick
DSA-4033	konversation
DSA-4034	varnish
DSA-4035	firefox-esr
DSA-4036	mediawiki
DSA-4037	jackson-databind
DSA-4038	shibboleth-sp2
DSA-4039	opensaml2
DSA-4041	procmail
DSA-4042	libxml-libxml-perl
DSA-4043	samba
DSA-4044	swauth
DSA-4045	vlc
DSA-4047	otrs2
DSA-4049	ffmpeg
DSA-4050	xen
DSA-4051	curl
DSA-4052	bzr
DSA-4053	exim4