Uppdaterad Debian 9: 9.3 utgiven

9 december 2017

Debianprojektet presenterar stolt den tredje uppdateringen av sin stabila distribution Debian 9 (med kodnamn Stretch). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar av allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 9 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av Stretch. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling.

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana updpdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket	Orsak
abiword	Fix flickering
base-files	Update for the point release
berusky	Fix startup crash with certain video card configurations
charmtimetracker	Fix missing binary dependency on libqt5sql5-sqlite
corebird	Increase maximum length of tweet to 280 characters
dbus	When parsing dbus-daemon configuration, don't delay startup if high-quality entropy is not yet available; when using the Monitoring interface, match message filters that specify a destination correctly; increase listen() backlog of AF_UNIX sockets to the maximum possible, minimizing failed connections under heavy load
debian-edu-doc	Merge stretch related documentation and translation updates from unstable and the wiki; documentation/common/edu.css.xml: improve HTML manual readability
debian-installer	Rebuild for the point release
dehydrated	Update subscriber license agreement URL
doit	Add Breaks: nikola (<< 7.6.0-1~) to ensure its removal on upgrades from jessie
eclipse-titan	Rebuild against current stretch GCC
fig2dev	Add input sanitisation on FIG files [CVE-2017-16899]; sanitize input of fill patterns
flickcurl	Fix fix oauth token fetching; prevent double free corruption during authentication
flightgear	Prevent malicious add-ons from overriding arbitrary files [CVE-2017-13709]
ganeti	Backport upstream support for non-DSA SSH keys; fix failover from dead nodes when using extstorage; fix instance import/export/move with current socat versions
gdm3	Backport several patches to fix XDMCP support
getmail4	Fix issue related to malformed fingerprints
grok	Fix pointer aliasing bug; libgrok-dev: add missing dependencies on libgrok1 and libtokyocabinet-dev
gunicorn	Drop unnecessary Pre-Depends on dpkg-dev which was causing gunicorn and python-gunicorn to bring in a compiler as a dependency
icu	Fix double free in createMetazoneMappings() [CVE-2017-14952]
inn2	[i386] Rebuild to pick up correct path to gzip binary
iproute2	Fix segfault in tc with iptables 1.6
jdcal	Fix Python3 dependencies
kde-gtk-config	Fix preview buttons in KDE-GTK-config UI
lasi	liblasi-dev: add missing dependencies on libpango1.0-dev and libfreetype6-dev
libdatetime-timezone-perl	Update included data
libdbd-firebird-perl	Fix fetching of decimal(x,y) values between -1 and 0
libdbi	Re-enable error handler call in dbi_result_next_row()
liblog-log4perl-perl	Work around Perl 5.24 no longer allowing syswrite and utf8 together
liblouis	Fix buffer overflow and use-after-free issues [CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744]
libmpd	libmpd-dev: Add the missing dependency on libglib2.0-dev
libofx	Security fixes [CVE-2017-2816 CVE-2017-14731]
libxkbcommon	libxkbcommon-x11-dev: add missing dependency on libxkbcommon-dev
libxsettings-client	Add missing libxsettings-client-dev -> libxsettings-dev dependency
linux	xen/time: do not decrease steal time after live migration on xen; new stable kernel version 4.9.65
live-config	Configure autologin for KDE / Plasma live images
lxc	Don't hardcode list of valid Debian releases, allowing the creation of containers for stable, buster, testing and unstable; don't insert C.* locales into /etc/locale.gen
mongodb	Fix segfault/FTBFS on ARM64 with 48-bit virtual addresses, spidermonkey GC segfault when built with GCC 6; mongodb.service: start after network.target
openssh	Test configuration before starting or reloading sshd under systemd; adjust compatibility patterns for WinSCP to correctly identify versions that implement only the legacy DH group exchange scheme; make -- before the hostname terminate argument processing after the hostname too
pdns	Fix incorrect qname casing in NSEC3 generation; add missing check on API operations [CVE-2017-15091]
pdns-recursor	Security fixes: insufficient validation of DNSSEC signatures [CVE-2017-15090]; Cross-Site Scripting in the web interface [CVE-2017-15092]; configuration file injection in the API [CVE-2017-15093]; memory leak in DNSSEC parsing [CVE-2017-15094]
postgresql-9.6	Upstream bugfix release
publicsuffix	Update included data
pyosmium	Upstream bugfix release: handler functions not called when using replication service or when using Reader instead of file
python-diff-match-patch	Add missing python3 dependency on Python 3 package
python-inflect	Fix Python 3 dependencies
python-tablib	Safely load YAML [CVE-2017-2810]
python2.7	Fix integer overflow in PyString_DecodeEscape [CVE-2017-1000158]; support all groups in TLS communication
qtcurve	Fix crashes by using strncmp() instead of memcmp()
ruby-httparty	Relax dependency version in gem dependency on json
ruby-ox	Avoid crash with invalid XML passed to Oj.parse_obj() [CVE-2017-15928]
ruby-pygments.rb	Avoid closing too many files when mentos starts, which can cause build failures in other packages on slower systems
schroot	Fix bash completion file; add systemd service file with Type=oneshot to avoid timeout issues with too many open sessions
simutrans	Enable sound for simutrans again. Switch from SDL to mixer_sdl backend
sitesummary	Adjust nagios kernel version checking module to work with 4.x kernels
slic3r	Fix missing dependency on perlapi-*
spamassassin	Disable bb.barracudacentral.org; update the systemd unit file to use the same pid file as was used in the sysvinit script; update systemd unit dependencies to include network and syslog; fix inappropriate invocation of invoke-rc.d in cron script
sqldeveloper-package	Fix build failure
sqlite3	Fix heap-based buffer over-read via undersized RTree blobs [CVE-2017-10989]
syslinux	Fix btrfs logical to physical block address mapping; fix boot problem for old BIOS firmware by correct C/H/S order; support ext4 64bit feature
tdbcodbc	Fix bug in ODBC library search
tor	Add Bastet directory authority; fix a timing-based assertion failure; update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 country database
tzdata	New upstream release
udftools	Fix path to pktsetup in udftools init script
weechat	logger: call strftime before replacing buffer local variables [CVE-2017-14727]
xml2	Fix corruption when dealing with UTF-8 files, usage string for 2csv tool
xrdp	Fix high CPU load on SSL shutdown
zsh	Rebuild to pull in updated libraries for zsh-static

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan givit ut bulletiner för var och en av dessa uppdateringar

Bulletin-ID	Paket
DSA-3989	dnsmasq
DSA-3990	asterisk
DSA-3991	qemu
DSA-3992	curl
DSA-3993	tor
DSA-3994	nautilus
DSA-3995	libxfont
DSA-3996	ffmpeg
DSA-3997	wordpress
DSA-3998	nss
DSA-3999	wpa
DSA-4000	xorg-server
DSA-4001	yadifa
DSA-4003	libvirt
DSA-4004	jackson-databind
DSA-4006	mupdf
DSA-4007	curl
DSA-4008	wget
DSA-4009	shadowsocks-libev
DSA-4011	quagga
DSA-4013	openjpeg2
DSA-4014	thunderbird
DSA-4015	openjdk-8
DSA-4016	irssi
DSA-4017	openssl1.0
DSA-4018	openssl
DSA-4019	imagemagick
DSA-4020	chromium-browser
DSA-4021	otrs2
DSA-4023	slurm-llnl
DSA-4024	chromium-browser
DSA-4025	libpam4j
DSA-4026	bchunk
DSA-4028	postgresql-9.6
DSA-4029	postgresql-common
DSA-4030	roundcube
DSA-4031	ruby2.3
DSA-4032	imagemagick
DSA-4033	konversation
DSA-4034	varnish
DSA-4035	firefox-esr
DSA-4036	mediawiki
DSA-4037	jackson-databind
DSA-4038	shibboleth-sp2
DSA-4039	opensaml2
DSA-4041	procmail
DSA-4042	libxml-libxml-perl
DSA-4043	samba
DSA-4044	swauth
DSA-4045	vlc
DSA-4047	otrs2
DSA-4049	ffmpeg
DSA-4050	xen
DSA-4051	curl
DSA-4052	bzr
DSA-4053	exim4

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket	Orsak
libnet-ping-external-perl	Icke underhållen, säkerhetsproblem

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats med denna revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog

Den nuvarande stabila utgåvan:

http://ftp.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

http://ftp.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem, osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För mer information, besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.