[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated Debian 9: 9.1 released



------------------------------------------------------------------------
The Debian Project                               https://www.debian.org/
Updated Debian 9: 9.1 released                          press@debian.org
July 22nd, 2017                https://www.debian.org/News/2017/20170722
------------------------------------------------------------------------


The Debian project is pleased to announce the first update of its stable
distribution Debian 9 (codename "stretch"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 9 but only updates some of the packages included. There is no
need to throw away old "stretch" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list



Miscellaneous Bugfixes
----------------------

This stable update adds a few important corrections to the following
packages:

+--------------------------+------------------------------------------+
| Package                  | Reason                                   |
+--------------------------+------------------------------------------+
| 3dchess [1]              | Reduce wasteful CPU consumption          |
|                          |                                          |
| adwaita-icon-theme [2]   | Fix malformed send-to-symbolic icon      |
|                          |                                          |
| anope [3]                | Fix incorrect mail-transport-agent       |
|                          | relationship                             |
|                          |                                          |
| apt [4]                  | Reset failure reason when connection was |
|                          | successful, so later errors are reported |
|                          | as such and not as  "connection failure" |
|                          | warnings; http: A response with Content- |
|                          | Length: 0 has no content, so don't try   |
|                          | to read it; use port from SRV record     |
|                          | instead of initial port                  |
|                          |                                          |
| avogadro [5]             | Update eigen3 patches                    |
|                          |                                          |
| base-files [6]           | Update for the 9.1 point release         |
|                          |                                          |
| c-ares [7]               | Security fix [CVE-2017-1000381]          |
|                          |                                          |
| debian-edu-doc [8]       | Update Debian Edu Stretch manual from    |
|                          | the wiki; update translations            |
|                          |                                          |
| debsecan [9]             | Add support for stretch and buster;      |
|                          | Python needs https_proxy for proxy       |
|                          | configuration with https:// URLs         |
|                          |                                          |
| devscripts [10]          | debchange: target stretch-backports with |
|                          | --bpo; support $codename{,-{proposed-    |
|                          | updates,security}}; bts: add support for |
|                          | the new  "a11y"  tag                     |
|                          |                                          |
| dgit [11]                | Multiple bugfixes                        |
|                          |                                          |
| dovecot [12]             | Fix syntax errors when sending Solr      |
|                          | queries                                  |
|                          |                                          |
| dwarfutils [13]          | Security fixes [CVE-2017-9052 CVE-2017-  |
|                          | 9053 CVE-2017-9054 CVE-2017-9055         |
|                          | CVE-2017-9998]                           |
|                          |                                          |
| fpc [14]                 | Fix conversion from local time to UTC    |
|                          |                                          |
| galternatives [15]       | Fix blank window when displaying         |
|                          | properties                               |
|                          |                                          |
| geolinks [16]            | Fix python3 dependencies                 |
|                          |                                          |
| gnats [17]               | gnats-user: do not fail to purge if /    |
|                          | var/lib/gnats/gnats-db is not empty      |
|                          |                                          |
| gnome-settings-          | Do not add the  "US"  keyboard layout by |
| daemon [18]              | default for new users, for some reason,  |
|                          | this layout was preferred over the       |
|                          | system configured one on the first       |
|                          | login; preserve NumLock state between    |
|                          | sessions by default                      |
|                          |                                          |
| gnuplot [19]             | Fix memory corruption vulnerability      |
|                          |                                          |
| gnutls28 [20]            | Fix breakage with AES-GCM in-place       |
|                          | encryption and decryption on aarch64     |
|                          |                                          |
| grub-installer [21]      | Fix support for systems with a large     |
|                          | number of disks                          |
|                          |                                          |
| intel-microcode [22]     | Update included microcode                |
|                          |                                          |
| libclamunrar [23]        | Fix arbitrary memory write [CVE-2012-    |
|                          | 6706]                                    |
|                          |                                          |
| libopenmpt [24]          | Security fixes: out-of-bounds read while |
|                          | loading a malfomed PLM file; arbitrary   |
|                          | code execution by a crafted PSM file     |
|                          | [CVE-2017-11311]; various security fixes |
|                          |                                          |
| libquicktime [25]        | Security fixes [CVE-2017-9122 CVE-2017-  |
|                          | 9123 CVE-2017-9124 CVE-2017-9125         |
|                          | CVE-2017-9126 CVE-2017-9127 CVE-2017-    |
|                          | 9128]                                    |
|                          |                                          |
| linux-latest [26]        | Revert changes to debug symbol meta-     |
|                          | packages                                 |
|                          |                                          |
| nagios-nrpe [27]         | Restore previous SSL defaults            |
|                          |                                          |
| nvidia-graphics-         | Bump Pre-Depends: nvidia-installer-      |
| drivers [28]             | cleanup to (>= 20151021) for smoother    |
|                          | upgrades from jessie                     |
|                          |                                          |
| octave-ocs [29]          | Fix loading package functions            |
|                          |                                          |
| open-iscsi [30]          | Speed up Debian Installer when iSCSI is  |
|                          | not used                                 |
|                          |                                          |
| openssh [31]             | Fix incoming compression statistics      |
|                          |                                          |
| openstack-debian-        | Also add security updates for non        |
| images [32]              | wheezy/jessie                            |
|                          |                                          |
| os-prober [33]           | EFI - look for  "dos"  instead of        |
|                          | "msdos"                                  |
|                          |                                          |
| osinfo-db [34]           | Improve support for Stretch and Jessie   |
|                          |                                          |
| partman-base [35]        | Protect the firmware area on all mmcblk  |
|                          | devices (and not only on mmcblk0) from   |
|                          | being clobbered during guided            |
|                          | partitioning                             |
|                          |                                          |
| pdns-recursor [36]       | Add 2017 DNSSEC root key                 |
|                          |                                          |
| perl [37]                | Backport various Getopt-Long fixes from  |
|                          | upstream 2.49..2.51; backport upstream   |
|                          | patch fixing regexp  "Malformed UTF-8    |
|                          | character" ; apply upstream base.pm no-  |
|                          | dot-in-inc fix                           |
|                          |                                          |
| phpunit [38]             | Security fix: arbitrary PHP code         |
|                          | execution via HTTP POST                  |
|                          |                                          |
| protozero [39]           | Fix data_view equality operator          |
|                          |                                          |
| pulseaudio [40]          | Fix copyright file                       |
|                          |                                          |
| pykde4 [41]              | Drop bindings for plasma webview         |
|                          | bindings; they're obsolete and non-      |
|                          | functional                               |
|                          |                                          |
| python-colorlog [42]     | Fix python3 dependencies                 |
|                          |                                          |
| python-imaplib2 [43]     | Fix python3 dependencies                 |
|                          |                                          |
| python-plumbum [44]      | Fix python3 dependencies                 |
|                          |                                          |
| qgis [45]                | Fix missing Breaks/Replaces against      |
|                          | python-qgis-common                       |
|                          |                                          |
| request-tracker4 [46]    | Handle configuration permissions         |
|                          | correctly following RT_SiteConfig.d      |
|                          | changes                                  |
|                          |                                          |
| retext [47]              | Backport upstream fix for crash in       |
|                          | XSettings code; fix syntax in appdata    |
|                          | XML file                                 |
|                          |                                          |
| rkhunter [48]            | Disable remote updates [CVE-2017-7480]   |
|                          |                                          |
| socat [49]               | Fix signals leading to possible 100% CPU |
|                          | usage                                    |
|                          |                                          |
| squashfs-tools [50]      | Fix corruption of large files; fix rare  |
|                          | race condition                           |
|                          |                                          |
| systemd [51]             | Fix out-of-bounds write in systemd-      |
|                          | resolved [CVE-2017-9445]; be truly quiet |
|                          | in systemctl -q is-enabled; improve      |
|                          | RLIMIT_NOFILE handling; debian/extra/    |
|                          | rules: Use updated U2F ruleset           |
|                          |                                          |
| thermald [52]            | Add Broadwell-GT3E and Kabylake support  |
|                          |                                          |
| unrar-nonfree [53]       | Add bound checks for VMSF_DELTA,         |
|                          | VMSF_RGB and VMSF_AUDIO paramters        |
|                          | [CVE-2012-6706]                          |
|                          |                                          |
| win32-loader [54]        | Replace all mirror urls with             |
|                          | deb.debian.org; drop bz2 compression for |
|                          | source                                   |
|                          |                                          |
+--------------------------+------------------------------------------+

    1: https://packages.debian.org/src:3dchess
    2: https://packages.debian.org/src:adwaita-icon-theme
    3: https://packages.debian.org/src:anope
    4: https://packages.debian.org/src:apt
    5: https://packages.debian.org/src:avogadro
    6: https://packages.debian.org/src:base-files
    7: https://packages.debian.org/src:c-ares
    8: https://packages.debian.org/src:debian-edu-doc
    9: https://packages.debian.org/src:debsecan
   10: https://packages.debian.org/src:devscripts
   11: https://packages.debian.org/src:dgit
   12: https://packages.debian.org/src:dovecot
   13: https://packages.debian.org/src:dwarfutils
   14: https://packages.debian.org/src:fpc
   15: https://packages.debian.org/src:galternatives
   16: https://packages.debian.org/src:geolinks
   17: https://packages.debian.org/src:gnats
   18: https://packages.debian.org/src:gnome-settings-daemon
   19: https://packages.debian.org/src:gnuplot
   20: https://packages.debian.org/src:gnutls28
   21: https://packages.debian.org/src:grub-installer
   22: https://packages.debian.org/src:intel-microcode
   23: https://packages.debian.org/src:libclamunrar
   24: https://packages.debian.org/src:libopenmpt
   25: https://packages.debian.org/src:libquicktime
   26: https://packages.debian.org/src:linux-latest
   27: https://packages.debian.org/src:nagios-nrpe
   28: https://packages.debian.org/src:nvidia-graphics-drivers
   29: https://packages.debian.org/src:octave-ocs
   30: https://packages.debian.org/src:open-iscsi
   31: https://packages.debian.org/src:openssh
   32: https://packages.debian.org/src:openstack-debian-images
   33: https://packages.debian.org/src:os-prober
   34: https://packages.debian.org/src:osinfo-db
   35: https://packages.debian.org/src:partman-base
   36: https://packages.debian.org/src:pdns-recursor
   37: https://packages.debian.org/src:perl
   38: https://packages.debian.org/src:phpunit
   39: https://packages.debian.org/src:protozero
   40: https://packages.debian.org/src:pulseaudio
   41: https://packages.debian.org/src:pykde4
   42: https://packages.debian.org/src:python-colorlog
   43: https://packages.debian.org/src:python-imaplib2
   44: https://packages.debian.org/src:python-plumbum
   45: https://packages.debian.org/src:qgis
   46: https://packages.debian.org/src:request-tracker4
   47: https://packages.debian.org/src:retext
   48: https://packages.debian.org/src:rkhunter
   49: https://packages.debian.org/src:socat
   50: https://packages.debian.org/src:squashfs-tools
   51: https://packages.debian.org/src:systemd
   52: https://packages.debian.org/src:thermald
   53: https://packages.debian.org/src:unrar-nonfree
   54: https://packages.debian.org/src:win32-loader

Security Updates
----------------

This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:

+----------------+-----------------------+
| Advisory ID    | Package               |
+----------------+-----------------------+
| DSA-3876 [55]  | otrs2 [56]            |
|                |                       |
| DSA-3877 [57]  | tor [58]              |
|                |                       |
| DSA-3882 [59]  | request-tracker4 [60] |
|                |                       |
| DSA-3884 [61]  | gnutls28 [62]         |
|                |                       |
| DSA-3885 [63]  | irssi [64]            |
|                |                       |
| DSA-3886 [65]  | linux [66]            |
|                |                       |
| DSA-3887 [67]  | glibc [68]            |
|                |                       |
| DSA-3888 [69]  | exim4 [70]            |
|                |                       |
| DSA-3890 [71]  | spip [72]             |
|                |                       |
| DSA-3891 [73]  | tomcat8 [74]          |
|                |                       |
| DSA-3893 [75]  | jython [76]           |
|                |                       |
| DSA-3895 [77]  | flatpak [78]          |
|                |                       |
| DSA-3896 [79]  | apache2 [80]          |
|                |                       |
| DSA-3897 [81]  | drupal7 [82]          |
|                |                       |
| DSA-3900 [83]  | openvpn [84]          |
|                |                       |
| DSA-3901 [85]  | libgcrypt20 [86]      |
|                |                       |
| DSA-3902 [87]  | jabberd2 [88]         |
|                |                       |
| DSA-3903 [89]  | tiff [90]             |
|                |                       |
| DSA-3904 [91]  | bind9 [92]            |
|                |                       |
| DSA-3905 [93]  | xorg-server [94]      |
|                |                       |
| DSA-3906 [95]  | undertow [96]         |
|                |                       |
| DSA-3907 [97]  | spice [98]            |
|                |                       |
| DSA-3908 [99]  | nginx [100]           |
|                |                       |
| DSA-3910 [101] | knot [102]            |
|                |                       |
| DSA-3911 [103] | evince [104]          |
|                |                       |
| DSA-3912 [105] | heimdal [106]         |
|                |                       |
+----------------+-----------------------+

   55: https://www.debian.org/security/2017/dsa-3876
   56: https://packages.debian.org/src:otrs2
   57: https://www.debian.org/security/2017/dsa-3877
   58: https://packages.debian.org/src:tor
   59: https://www.debian.org/security/2017/dsa-3882
   60: https://packages.debian.org/src:request-tracker4
   61: https://www.debian.org/security/2017/dsa-3884
   62: https://packages.debian.org/src:gnutls28
   63: https://www.debian.org/security/2017/dsa-3885
   64: https://packages.debian.org/src:irssi
   65: https://www.debian.org/security/2017/dsa-3886
   66: https://packages.debian.org/src:linux
   67: https://www.debian.org/security/2017/dsa-3887
   68: https://packages.debian.org/src:glibc
   69: https://www.debian.org/security/2017/dsa-3888
   70: https://packages.debian.org/src:exim4
   71: https://www.debian.org/security/2017/dsa-3890
   72: https://packages.debian.org/src:spip
   73: https://www.debian.org/security/2017/dsa-3891
   74: https://packages.debian.org/src:tomcat8
   75: https://www.debian.org/security/2017/dsa-3893
   76: https://packages.debian.org/src:jython
   77: https://www.debian.org/security/2017/dsa-3895
   78: https://packages.debian.org/src:flatpak
   79: https://www.debian.org/security/2017/dsa-3896
   80: https://packages.debian.org/src:apache2
   81: https://www.debian.org/security/2017/dsa-3897
   82: https://packages.debian.org/src:drupal7
   83: https://www.debian.org/security/2017/dsa-3900
   84: https://packages.debian.org/src:openvpn
   85: https://www.debian.org/security/2017/dsa-3901
   86: https://packages.debian.org/src:libgcrypt20
   87: https://www.debian.org/security/2017/dsa-3902
   88: https://packages.debian.org/src:jabberd2
   89: https://www.debian.org/security/2017/dsa-3903
   90: https://packages.debian.org/src:tiff
   91: https://www.debian.org/security/2017/dsa-3904
   92: https://packages.debian.org/src:bind9
   93: https://www.debian.org/security/2017/dsa-3905
   94: https://packages.debian.org/src:xorg-server
   95: https://www.debian.org/security/2017/dsa-3906
   96: https://packages.debian.org/src:undertow
   97: https://www.debian.org/security/2017/dsa-3907
   98: https://packages.debian.org/src:spice
   99: https://www.debian.org/security/2017/dsa-3908
  100: https://packages.debian.org/src:nginx
  101: https://www.debian.org/security/2017/dsa-3910
  102: https://packages.debian.org/src:knot
  103: https://www.debian.org/security/2017/dsa-3911
  104: https://packages.debian.org/src:evince
  105: https://www.debian.org/security/2017/dsa-3912
  106: https://packages.debian.org/src:heimdal

Removed packages
----------------

The following packages were removed due to circumstances beyond our
control:

+-------------+---------------------------------+
| Package     | Reason                          |
+-------------+---------------------------------+
| aiccu [107] | Useless since shutdown of SixXS |
|             |                                 |
+-------------+---------------------------------+

  107: https://packages.debian.org/src:aiccu

Debian Installer
----------------

The installer has been updated to include the fixes incorporated into
stable by the point release.


URLs
----

The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/stretch/ChangeLog


The current stable distribution:

http://ftp.debian.org/debian/dists/stable/


Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates


stable distribution information (release notes, errata etc.):

https://www.debian.org/releases/stable/


Security announcements and information:

https://security.debian.org/


About Debian
------------

The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.


Contact Information
-------------------

For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.

Attachment: signature.asc
Description: PGP signature


Reply to: