Forum: >>> Magnum BBS <<<

Updated Debian 8: 8.10 released (1/2)

From =?utf-8?Q?C=C3=A9dric?= Boutillier@21:1/5 to All on Sat Dec 9 15:20:02 2017

------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 8: 8.10 released [email protected] December 9th, 2017 https://www.debian.org/News/2017/20171209 ------------------------------------------------------------------------

The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 8 (codename "jessie"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 8 but only updates some of the packages included. There is no
need to throw away old "jessie" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following packages:

+---------------------------+-----------------------------------------+
| Package | Reason | +---------------------------+-----------------------------------------+
| bareos [1] | Fix permissions of bareos-dir logrotate |
| | config; fix file corruption when using |
| | SHA1 signature |
| | |
| base-files [2] | Update for the point release |
| | |
| bind9 [3] | Import upcoming DNSSEC KSK-2017 |
| | |
| cups [4] | Disable SSLv3 and RC4 by default to |
| | address POODLE vulnerability |
| | |
| db [5] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| db5.3 [6] | Do not access DB_CONFIG when db_home is |
| | not set [CVE-2017-10140] |
| | |
| debian-installer [7] | Rebuild for the point release |
| | |
| debian-installer-netboot- | Rebuild for the point release |
| images [8] | |
| | |
| debmirror [9] | Tolerate unknown lines in *.diff/Index; |
| | mirror DEP-11 metadata files; prefer xz |
| | over gz, and cope with either being |
| | missing; mirror and validate InRelease |
| | files |
| | |
| dns-root-data [10] | Update root.hints to 2017072601 |
| | version; add KSK-2017 to root.key file |
| | |
| dput [11] | dput.cf: replace security- |
| | master.debian.org with |
| | ftp.upload.security.debian.org |
| | |
| dwww [12] | Fix "Last-Modified" header name |
| | |
| elog [13] | Update patch 0005_elogd_CVE-2016- |
| | 6342_fix to grant access as normal user |
| | |
| flightgear [14] | Fix arbitrary file overwrite |
| | vulnerability [CVE-2017-13709] |
| | |
| gsoap [15] | Fix integer overflow via large XML |
| | document [CVE-2017-9765] |
| | |
| hexchat [16] | Fix segmentation fault following / |
| | server command |
| | |
| icu [17] | Fix double free in |
| | createMetazoneMappings() [CVE-2017- |
| | 14952] |
| | |
| kdepim [18] | Fix "send Later with Delay bypasses |
| | OpenPGP" [CVE-2017-9604] |
| | |
| kedpm [19] | Fix information leak via command |
| | history file [CVE-2017-8296] |
| | |
| keyringer [20] | Handle subkeys without expiration date |
| | and public keys listed multiple times |
| | |
| krb5 [21] | Security fixes - remote authenticated |
| | attackers can crash the KDC [CVE-2017- |
| | 11368]; kdc crash on |
| | restrict_anon_to_tgt [CVE-2016-3120]; |
| | remote DOS with ldap for authenticated |
| | attackers [CVE-2016-3119]; prevent |
| | requires_preauth bypass [CVE-2015-2694] |
| | |
| libdatetime-timezone- | Update included data |
| perl [22] | |
| | |
| libdbi [23] | Re-enable error handler call in |
| | dbi_result_next_row() |
| | |
| libembperl-perl [24] | Change hard dependency on mod_perl in |
| | zembperl.load to Recommends, fixing an |
| | installation failure when libapache2- |
| | mod-perl2 is not installed |
| | |
| libio-socket-ssl- | Fix segfault using malformed client |
| perl [25] | certificates |
| | |
| liblouis [26] | Fix multiple stack-based buffer |
| | overflows [CVE-2014-8184] |
| | |
| libofx [27] | Security fixes [CVE-2017-2816 CVE-2017- |
| | 14731] |
| | |
| libwnckmm [28] | Tighten dependencies between packages; |
| | use jquery.js from libjs-jquery |
| | |
| libwpd [29] | Security fix [CVE-2017-14226] |
| | |
| libx11 [30] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory read (XGetImage()) or |
| | write (XListFonts())" [CVE-2016-7942 |
| | CVE-2016-7943] |
| | |
| libxfixes [31] | Fix integer overflow on illegal server |
| | response [CVE-2016-7944] |
| | |
| libxi [32] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7945 CVE-2016-7946] |
| | |
| libxrandr [33] | Avoid out of boundary accesses on |
| | illegal responses [CVE-2016-7947 |
| | CVE-2016-7948] |
| | |
| libxtst [34] | Fix "insufficient validation of data |
| | from the X server can cause out of |
| | boundary memory access or endless |
| | loops" [CVE-2016-7951 CVE-2016-7952] |
| | |
| libxv [35] | Fix protocol handling issues in libXv |
| | [CVE-2016-5407] |
| | |
| libxvmc [36] | Avoid buffer underflow on empty strings |
| | [CVE-2016-7953] |
| | |
| linux [37] | New stable kernel version 3.16.51 |
| | |
| ncurses [38] | Fix various crash bugs in the tic |
| | library and the tic binary [CVE-2017- |
| | 10684 CVE-2017-10685 CVE-2017-11112 |
| | CVE-2017-11113 CVE-2017-13728 CVE-2017- |
| | 13729 CVE-2017-13730 CVE-2017-13731 |
| | CVE-2017-13732 CVE-2017-13734 CVE-2017- |
| | 13733] |
| | |
| openssh [39] | Test configuration before starting or |
| | reloading sshd under systemd; make |
| | "--" before the hostname terminate |
| | argument processing after the hostname |
| | too |
| | |
| pdns [40] | Add missing check on API operations |
| | [CVE-2017-15091] |
| | |
| pdns-recursor [41] | Fix configuration file injection in the |
| | API [CVE-2017-15093] |
| | |
| postgresql-9.4 [42] | New upstream bugfix release |
| | |
| python-tablib [43] | Securely load YAML [CVE-2017-2810] |
| | |
| request-tracker4 [44] | Fix regression in previous security |
| | release where incorrect SHA256 |
| | passwords could trigger an error |
| | |
| ruby-ox [45] | Avoid crash with invalid XML passed to |
| | Oj.parse_obj() [CVE-2017-15928] |
| | |
| sam2p [46] | Fix several integer overflow or heap- |
| | based buffer overflow issues [CVE-2017- |
| | 14628 CVE-2017-14629 CVE-2017-14630 |
| | CVE-2017-14631 CVE-2017-14636 CVE-2017- |
| | 14637 CVE-2017-16663] |
| | |
| slurm-llnl [47] | Fix security issue caused by insecure |
| | file path handling triggered by the |
| | failure of a Prolog script [CVE-2016- |
| | 10030] |
| | |
| sudo [48] | Fix arbitrary terminal access |
| | [CVE-2017-1000368] |
| | |
| syslinux [49] | Fix boot problem for old BIOS firmware |
| | by correcting C/H/S order |
| | |
| tor [50] | Add "Bastet" directory authority; |
| | update geoip and geoip6 to the October |
| | 4 2017 Maxmind GeoLite2 country |
| | database; fix a memset() off the end of |
| | an array when packing cells |
| | |
| transfig [51] | Add input sanitisation on FIG files |
| | [CVE-2017-16899]; sanitize input of |
| | fill patterns |
| | |
| tzdata [52] | New upstream release |
| | |
| unbound [53] | Fix install of trust anchor when two |
| | anchors are present; include root trust |
| | anchor id 20326 |
| | |
| weechat [54] | "logger: call strftime before replacing |
| | buffer local variables" [CVE-2017- |
| | 14727] |
| | | +---------------------------+-----------------------------------------+

1: https://packages.debian.org/src:bareos
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:bind9
4: https://packages.debian.org/src:cups
5: https://packages.debian.org/src:db
6: https://packages.debian.org/src:db5.3
7: https://packages.debian.org/src:debian-installer
8: https://packages.debian.org/src:debian-installer-netboot-images
9: https://packages.debian.org/src:debmirror
10: https://packages.debian.org/src:dns-root-data
11: https://packages.debian.org/src:dput
12: https://packages.debian.org/src:dwww
13: https://packages.debian.org/src:elog
14: https://packages.debian.org/src:flightgear
15: https://packages.debian.org/src:gsoap
16: https://packages.debian.org/src:hexchat
17: https://packages.debian.org/src:icu
18: https://packages.debian.org/src:kdepim
19: https://packages.debian.org/src:kedpm
20: https://packages.debian.org/src:keyringer
21: https://packages.debian.org/src:krb5
22: https://packages.debian.org/src:libdatetime-timezone-perl
23: https://packages.debian.org/src:libdbi
24: https://packages.debian.org/src:libembperl-perl
25: https://packages.debian.org/src:libio-socket-ssl-perl
26: https://packages.debian.org/src:liblouis
27: https://packages.debian.org/src:libofx
28: https://packages.debian.org/src:libwnckmm
29: https://packages.debian.org/src:libwpd
30: https://packages.debian.org/src:libx11
31: https://packages.debian.org/src:libxfixes
32: https://packages.debian.org/src:libxi
33: https://packages.debian.org/src:libxrandr
34: https://packages.debian.org/src:libxtst
35: https://packages.debian.org/src:libxv
36: https://packages.debian.org/src:libxvmc
37: https://packages.debian.org/src:linux
38: https://packages.debian.org/src:ncurses
39: https://packages.debian.org/src:openssh
40: https://packages.debian.org/src:pdns
41: https://packages.debian.org/src:pdns-recursor
42: https://packages.debian.org/src:postgresql-9.4
43: https://packages.debian.org/src:python-tablib
44: https://packages.debian.org/src:request-tracker4
45: https://packages.debian.org/src:ruby-ox
46: https://packages.debian.org/src:sam2p
47: https://packages.debian.org/src:slurm-llnl
48: https://packages.debian.org/src:sudo
49: https://packages.debian.org/src:syslinux
50: https://packages.debian.org/src:tor
51: https://packages.debian.org/src:transfig
52: https://packages.debian.org/src:tzdata
53: https://packages.debian.org/src:unbound
54: https://packages.debian.org/src:weechat

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+----------------------------+
| Advisory ID | Package | +----------------+----------------------------+
| DSA-3904 [55] | bind9 [56] |
| | |
| DSA-3908 [57] | nginx [58] |
| | |
| DSA-3909 [59] | samba [60] |
| | |
| DSA-3913 [61] | apache2 [62] |
| | |
| DSA-3914 [63] | imagemagick [64] |
| | |
| DSA-3916 [65] | atril [66] |
| | |
| DSA-3917 [67] | catdoc [68] |
| | |
| DSA-3921 [69] | enigmail [70] |
| | |
| DSA-3922 [71] | mysql-5.5 [72] |
| | |
| DSA-3924 [73] | varnish [74] |
| | |
| DSA-3928 [75] | firefox-esr [76] |
| | |
| DSA-3929 [77] | libsoup2.4 [78] |
| | |
| DSA-3930 [79] | freeradius [80] |
| | |
| DSA-3932 [81] | subversion [82] |
| | |
| DSA-3933 [83] | pjproject [84] |
| | |
| DSA-3934 [85] | git [86] |
| | |
| DSA-3935 [87] | postgresql-9.4 [88] |
| | |
| DSA-3937 [89] | zabbix [90] |
| | |
| DSA-3938 [91] | libgd2 [92] |
| | |
| DSA-3939 [93] | botan1.10 [94] |
| | |
| DSA-3940 [95] | cvs [96] |
| | |
| DSA-3942 [97] | supervisor [98] |
| | |
| DSA-3943 [99] | gajim [100] |
| | |
| DSA-3945 [101] | linux [102] |
| | |
| DSA-3946 [103] | libmspack [104] |
| | |
| DSA-3947 [105] | newsbeuter [106] |
| | |
| DSA-3948 [107] | ioquake3 [108] |
| | |
| DSA-3949 [109] | augeas [110] |
| | |
| DSA-3950 [111] | libraw [112] |
| | |
| DSA-3951 [113] | smb4k [114] |
| | |
| DSA-3952 [115] | libxml2 [116] |
| | |
| DSA-3956 [117] | connman [118] |
| | |
| DSA-3958 [119] | fontforge [120] |
| | |
| DSA-3960 [121] | gnupg [122] |
| | |
| DSA-3961 [123] | libgd2 [124] |
| | |
| DSA-3962 [125] | strongswan [126] |
| | |
| DSA-3963 [127] | mercurial [128] |
| | |
| DSA-3964 [129] | asterisk [130] |
| | |
| DSA-3969 [131] | xen [132] |
| | |
| DSA-3970 [133] | emacs24 [134] |
| | |
| DSA-3971 [135] | tcpdump [136] |
| | |
| DSA-3972 [137] | bluez [138] |
| | |
| DSA-3973 [139] | wordpress-shibboleth [140] |
| | |
| DSA-3974 [141] | tomcat8 [142] |
| | |
| DSA-3976 [143] | freexl [144] |
| | |
| DSA-3977 [145] | newsbeuter [146] |
| | |
| DSA-3978 [147] | gdk-pixbuf [148] |
| | |
| DSA-3979 [149] | pyjwt [150] |
| | |
| DSA-3980 [151] | apache2 [152] |
| | |
| DSA-3981 [153] | linux [154] |
| | |
| DSA-3982 [155] | perl [156] |
| | |
| DSA-3983 [157] | samba [158] |
| | |
| DSA-3984 [159] | git [160] |
| | |
| DSA-3986 [161] | ghostscript [162] |
| | |
| DSA-3987 [163] | firefox-esr [164] |
| | |
| DSA-3988 [165] | libidn2-0 [166] |
| | |
| DSA-3989 [167] | dnsmasq [168] |
| | |
| DSA-3990 [169] | asterisk [170] |
| | |
| DSA-3992 [171] | curl [172] |
| | |
| DSA-3995 [173] | libxfont [174] |
| | |
| DSA-3997 [175] | wordpress [176] |
| | |
| DSA-3998 [177] | nss [178] |
| | |
| DSA-3999 [179] | wpa [180] |
| | |
| DSA-4000 [181] | xorg-server [182] |
| | |
| DSA-4002 [183] | mysql-5.5 [184] |
| | |
| DSA-4004 [185] | jackson-databind [186] |
| | |
| DSA-4006 [187] | mupdf [188] |
| | |
| DSA-4007 [189] | curl [190] |
| | |
| DSA-4008 [191] | wget [192] |
| | |
| DSA-4011 [193] | quagga [194] |
| | |
| DSA-4012 [195] | libav [196] |
| | |
| DSA-4013 [197] | openjpeg2 [198] |
| | |
| DSA-4016 [199] | irssi [200] |
| | |
| DSA-4018 [201] | openssl [202] |
| | |
| DSA-4021 [203] | otrs2 [204] |
| | |
| DSA-4022 [205] | libreoffice [206] |
| | |
| DSA-4025 [207] | libpam4j [208] |
| | |
| DSA-4026 [209] | bchunk [210] |
| | |
| DSA-4027 [211] | postgresql-9.4 [212] |
| | |
| DSA-4029 [213] | postgresql-common [214] |
| | |
| DSA-4033 [215] | konversation [216] |
| | |
| DSA-4035 [217] | firefox-esr [218] |
| | |
| DSA-4037 [219] | jackson-databind [220] |
| | |
| DSA-4038 [221] | shibboleth-sp2 [222] |
| | |
| DSA-4039 [223] | opensaml2 [224] |
| | |
| DSA-4040 [225] | imagemagick [226] |
| | |
| DSA-4041 [227] | procmail [228] |
| | |
| DSA-4042 [229] | libxml-libxml-perl [230] |
| | |
| DSA-4043 [231] | samba [232] |
| | |
| DSA-4045 [233] | vlc [234] |
| | |
| DSA-4046 [235] | libspring-ldap-java [236] |
| | |
| DSA-4047 [237] | otrs2 [238] |
| | |
| DSA-4051 [239] | curl [240] |
| | |
| DSA-4052 [241] | bzr [242] |
| | | +----------------+----------------------------+

55: https://www.debian.org/security/2017/dsa-3904
56: https://packages.debian.org/src:bind9
57: https://www.debian.org/security/2017/dsa-3908
58: https://packages.debian.org/src:nginx
59: https://www.debian.org/security/2017/dsa-3909
60: https://packages.debian.org/src:samba
61: https://www.debian.org/security/2017/dsa-3913
62: https://packages.debian.org/src:apache2
63: https://www.debian.org/security/2017/dsa-3914
64: https://packages.debian.org/src:imagemagick
65: https://www.debian.org/security/2017/dsa-3916
66: https://packages.debian.org/src:atril
67: https://www.debian.org/security/2017/dsa-3917
68: https://packages.debian.org/src:catdoc
69: https://www.debian.org/security/2017/dsa-3921
70: https://packages.debian.org/src:enigmail
71: https://www.debian.org/security/2017/dsa-3922
72: https://packages.debian.org/src:mysql-5.5
73: https://www.debian.org/security/2017/dsa-3924
74: https://packages.debian.org/src:varnish
75: https://www.debian.org/security/2017/dsa-3928
76: https://packages.debian.org/src:firefox-esr
77: https://www.debian.org/security/2017/dsa-3929
78: https://packages.debian.org/src:libsoup2.4
79: https://www.debian.org/security/2017/dsa-3930
80: https://packages.debian.org/src:freeradius
81: https://www.debian.org/security/2017/dsa-3932
82: https://packages.debian.org/src:subversion
83: https://www.debian.org/security/2017/dsa-3933
84: https://packages.debian.org/src:pjproject
85: https://www.debian.org/security/2017/dsa-3934
86: https://packages.debian.org/src:git
87: https://www.debian.org/security/2017/dsa-3935
88: https://packages.debian.org/src:postgresql-9.4
89: https://www.debian.org/security/2017/dsa-3937
90: https://packages.debian.org/src:zabbix
91: https://www.debian.org/security/2017/dsa-3938
92: https://packages.debian.org/src:libgd2
93: https://www.debian.org/security/2017/dsa-3939
94: https://packages.debian.org/src:botan1.10
95: https://www.debian.org/security/2017/dsa-3940
96: https://packages.debian.org/src:cvs
97: https://www.debian.org/security/2017/dsa-3942
98: https://packages.debian.org/src:supervisor
99: https://www.debian.org/security/2017/dsa-3943
100: https://packages.debian.org/src:gajim
101: https://www.debian.org/security/2017/dsa-3945
102: https://packages.debian.org/src:linux
103: https://www.debian.org/security/2017/dsa-3946
104: https://packages.debian.org/src:libmspack
105: https://www.debian.org/security/2017/dsa-3947
106: https://packages.debian.org/src:newsbeuter
107: https://www.debian.org/security/2017/dsa-3948
108: https://packages.debian.org/src:ioquake3
109: https://www.debian.org/security/2017/dsa-3949
110: https://packages.debian.org/src:augeas
111: https://www.debian.org/security/2017/dsa-3950
112: https://packages.debian.org/src:libraw
113: https://www.debian.org/security/2017/dsa-3951
114: https://packages.debian.org/src:smb4k
115: https://www.debian.org/security/2017/dsa-3952
116: https://packages.debian.org/src:libxml2
117: https://www.debian.org/security/2017/dsa-3956
118: https://packages.debian.org/src:connman
119: https://www.debian.org/security/2017/dsa-3958
120: https://packages.debian.org/src:fontforge
121: https://www.debian.org/security/2017/dsa-3960
122: https://packages.debian.org/src:gnupg
123: https://www.debian.org/security/2017/dsa-3961
124: https://packages.debian.org/src:libgd2
125: https://www.debian.org/security/2017/dsa-3962
126: https://packages.debian.org/src:strongswan
127: https://www.debian.org/security/2017/dsa-3963
128: https://packages.debian.org/src:mercurial
129: https://www.debian.org/security/2017/dsa-3964
130: https://packages.debian.org/src:asterisk
131: https://www.debian.org/security/2017/dsa-3969

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	141:03:16
Calls:	12,087
Files:	14,998
Messages:	6,517,434

Updated Debian 8: 8.10 released (1/2)

Who's Online

System Info