주의: 이 번역은 원문보다 오래되었습니다.
데비안 10 업데이트: 10.6 릴리스
2020년 9월 26일
데비안 프로젝트는 안정 배포판 데비안 10 (코드명 buster
)의 6번째 업데이트를 알리게 되어 기쁩니다.
이 포인트 릴리스는 심각한 문제 조치 및 보안 이슈 수정을 주로 포함합니다.
보안 권고는 이미 개별적으로 알렸으며 가능한 곳에서 참조됩니다.
포인트 릴리스는 데비안 10 새 버전을 만드는 것이 아니며 포함된 일부 패키지만 업데이트함을 주의하세요.
옛 buster
미디어를 버릴 필요 없습니다. 설치 후, 패키지는 최신 데이안 미러에서 현재 버전으로 업그레이드 할 수 있습니다.
security.debian.org의 업데이트를 자주 설치하는 사람은 패키지를 많이 업데이트하지 않아도 되며, 해당 업데이트는 대부분 포인트 릴리스에 들어 있습니다.
새 설치 위치는 정규 위치에 곧 공개될 겁니다.
패키지 관리 시스템이 수많은 데비안 HTTP 미러 중 하나를 가리키게 해서 기존 설치를 이 개정판으로 업그레이드할 수 있습니다. 포괄적인 미러 서버 목록은 아래에 있습니다:
여러가지 버그 수정
이 안정 업데이트는 다음 패키지에 몇 중요한 수정을 추가했습니다:
Note that, due to build issues, the updates for the cargo, rustc and rustc-bindgen packages are currently not available for the armel
architecture.
They may be added at a later date if the issues are resolved.
패키지 | 이유 |
---|---|
arch-test | Fix detection of s390x sometimes failing |
asterisk | Fix crash when negotiating for T.38 with a declined stream [CVE-2019-15297], SIP request can change address of a SIP peer[CVE-2019-18790], AMI user could execute system commands[CVE-2019-18610], segfault in pjsip show history with IPv6 peers |
bacula | Fix oversized digest strings allow a malicious client to cause a heap overflow in the director's memory[CVE-2020-11061] |
base-files | Update /etc/debian_version for the point release |
calamares-settings-debian | Disable displaymanager module |
cargo | New upstream release, to support upcoming Firefox ESR versions |
chocolate-doom | Fix missing validation [CVE-2020-14983] |
chrony | Prevent symlink race when writing to the PID file [CVE-2020-14367]; fix temperature reading |
debian-installer | Update Linux ABI to 4.19.0-11 |
debian-installer-netboot-images | Rebuild against proposed-updates |
diaspora-installer | Use --frozen option to bundle install to use upstream Gemfile.lock; don't exclude Gemfile.lock during upgrades; don't overwrite config/oidc_key.pem during upgrades; make config/schedule.yml writeable |
dojo | Fix prototype pollution in deepCopy method [CVE-2020-5258] and in jqMix method [CVE-2020-5259] |
dovecot | Fix dsync sieve filter sync regression; fix handling of getpwent result in userdb-passwd |
facter | Change Google GCE Metadata endpoint from v1beta1to v1 |
gnome-maps | Fix an issue with misaligned shape layer rendering |
gnome-shell | LoginDialog: Reset auth prompt on VT switch before fade in [CVE-2020-17489] |
gnome-weather | Prevent a crash when the configured set of locations are invalid |
grunt | Use safeLoad when loading YAML files [CVE-2020-7729] |
gssdp | New upstream stable release |
gupnp | New upstream stable release; prevent the CallStrangerattack [CVE-2020-12695]; require GSSDP 1.0.5 |
haproxy | logrotate.conf: use rsyslog helper instead of SysV init script; reject messages where chunkedis missing from Transfer-Encoding [CVE-2019-18277] |
icinga2 | Fix symlink attack [CVE-2020-14004] |
incron | Fix cleanup of zombie processes |
inetutils | Fix remote code execution issue [CVE-2020-10188] |
libcommons-compress-java | Fix denial of service issue [CVE-2019-12402] |
libdbi-perl | Fix memory corruption in XS functions when Perl stack is reallocated [CVE-2020-14392]; fix a buffer overflow on an overlong DBD class name [CVE-2020-14393]; fix a NULL profile dereference in dbi_profile() [CVE-2019-20919] |
libvncserver | libvncclient: bail out if UNIX socket name would overflow [CVE-2019-20839]; fix pointer aliasing/alignment issue [CVE-2020-14399]; limit max textchat size [CVE-2020-14405]; libvncserver: add missing NULL pointer checks [CVE-2020-14397]; fix pointer aliasing/alignment issue [CVE-2020-14400]; scale: cast to 64 bit before shifting [CVE-2020-14401]; prevent OOB accesses [CVE-2020-14402 CVE-2020-14403 CVE-2020-14404] |
libx11 | Fix integer overflows [CVE-2020-14344 CVE-2020-14363] |
lighttpd | Backport several usability and security fixes |
linux | New upstream stable release; increase ABI to 11 |
linux-latest | Update for -11 Linux kernel ABI |
linux-signed-amd64 | New upstream stable release |
linux-signed-arm64 | New upstream stable release |
linux-signed-i386 | New upstream stable release |
llvm-toolchain-7 | New upstream release, to support upcoming Firefox ESR versions; fix bugs affecting rustc build |
lucene-solr | Fix security issue in DataImportHandler configuration handling [CVE-2019-0193] |
milkytracker | Fix heap overflow [CVE-2019-14464], stack overflow [CVE-2019-14496], heap overflow [CVE-2019-14497], use after free [CVE-2020-15569] |
node-bl | Fix over-read vulnerability [CVE-2020-8244] |
node-elliptic | Prevent malleability and overflows [CVE-2020-13822] |
node-mysql | Add localInfile option to control LOAD DATA LOCAL INFILE [CVE-2019-14939] |
node-url-parse | Fix insufficient validation and sanitization of user input [CVE-2020-8124] |
npm | Don't show password in logs [CVE-2020-15095] |
orocos-kdl | Remove explicit inclusion of default include path, fixing issues with cmake < 3.16 |
postgresql-11 | New upstream stable release; set a secure search_path in logical replication walsenders and apply workers [CVE-2020-14349]; make contrib modules' installation scripts more secure [CVE-2020-14350] |
postgresql-common | Don't drop plpgsql before testing extensions |
pyzmq | Asyncio: wait for POLLOUT on sender in can_connect |
qt4-x11 | Fix buffer overflow in XBM parser [CVE-2020-17507] |
qtbase-opensource-src | Fix buffer overflow in XBM parser [CVE-2020-17507]; fix clipboard breaking when timer wraps after 50 days |
ros-actionlib | Load YAML safely [CVE-2020-10289] |
rustc | New upstream release, to support upcoming Firefox ESR versions |
rust-cbindgen | New upstream release, to support upcoming Firefox ESR versions |
ruby-ronn | Fix handling of UTF-8 content in manpages |
s390-tools | Hardcode perl dependency instead of using ${perl:Depends}, fixing installation under debootstrap |
보안 업데이트
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
데비안 설치관리자
설치 관리자는 포인트 릴리스에서 안정 릴리스와 합쳐진 수정 사항을 포함하도록 업데이트 되었습니다.
URL
이 리비전에서 바뀐 패키지 목록:
현재 안정 배포:
Proposed updates to the stable distribution:
stable distribution information (release notes, errata etc.):
Security announcements and information:
데비안은
The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian.
연락처 정보
For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.