Software-update: Debian 9.1 / 8.9

Debian GNU/Linux is een opensource-besturingssysteem, dat voor zowel desktops als servers gebruikt kan worden en waarbij de nadruk op stabiliteit en veiligheid ligt. Het wordt dan ook gebruikt als basis voor diverse Linux-distributies, waaronder Ubuntu en Linux Mint. Versie 9.x, die als codenaam 'Stretch' meegekregen heeft, is een zogenaamde Long Term Support-uitgave en wordt de komende vijf jaar van updates voorzien. Versie 8.x heeft als codenaam Jessie. Vorige maand heeft het ontwikkelteam gelijktijdig versie 9.1 en 8.9 uitgebracht om een aantal problemen aan te pakken.

Updated Debian 9: 9.1 released

The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename “stretch”). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old “stretch” media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.
New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list

Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:

• 3dchess - Reduce wasteful CPU consumption
• adwaita-icon-theme - Fix malformed send-to-symbolic icon
• anope - Fix incorrect mail-transport-agent relationship
• apt - Reset failure reason when connection was successful, so later errors are reported as such and not as “connection failure” warnings; http: A response with Content-Length: 0 has no content, so don't try to read it; use port from SRV record instead of initial port
• avogadro - Update eigen3 patches
• base-files - Update for the 9.1 point release
• c-ares - Security fix [CVE-2017-1000381]
• debian-edu-doc - Update Debian Edu Stretch manual from the wiki; update translations
• debsecan - Add support for stretch and buster; Python needs https_proxy for proxy configuration with https:// URLs
• devscripts - debchange: target stretch-backports with --bpo; support $codename{,-{proposed-updates,security}}; bts: add support for the new “a11y” tag
• dgit - Multiple bugfixes
• dovecot - Fix syntax errors when sending Solr queries
• dwarfutils - Security fixes [CVE-2017-9052 CVE-2017-9053 CVE-2017-9054 CVE-2017-9055 CVE-2017-9998]
• fpc - Fix conversion from local time to UTC
• galternatives - Fix blank window when displaying properties
• geolinks - Fix python3 dependencies
• gnats - gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty
• gnome-settings-daemon - Do not add the “US” keyboard layout by default for new users, for some reason, this layout was preferred over the system configured one on the first login; preserve NumLock state between sessions by default
• gnuplot - Fix memory corruption vulnerability
• gnutls28 - Fix breakage with AES-GCM in-place encryption and decryption on aarch64
• grub-installer - Fix support for systems with a large number of disks
• intel-microcode - Update included microcode
• libclamunrar - Fix arbitrary memory write [CVE-2012-6706]
• libopenmpt - Security fixes: out-of-bounds read while loading a malfomed PLM file; arbitrary code execution by a crafted PSM file [CVE-2017-11311]; various security fixes
• libquicktime - Security fixes [CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128]
• linux-latest - Revert changes to debug symbol meta-packages
• nagios-nrpe - Restore previous SSL defaults
• nvidia-graphics-drivers - Bump Pre-Depends: nvidia-installer-cleanup to (>= 20151021) for smoother upgrades from jessie
• octave-ocs - Fix loading package functions
• open-iscsi - Speed up Debian Installer when iSCSI is not used
• openssh - Fix incoming compression statistics
• openstack-debian-images - Also add security updates for non wheezy/jessie
• os-prober - EFI - look for “dos” instead of “msdos”
• osinfo-db - Improve support for Stretch and Jessie
• partman-base - Protect the firmware area on all mmcblk devices (and not only on mmcblk0) from being clobbered during guided partitioning
• pdns-recursor - Add 2017 DNSSEC root key
• perl - Backport various Getopt-Long fixes from upstream 2.49..2.51; backport upstream patch fixing regexp “Malformed UTF-8 character”; apply upstream base.pm no-dot-in-inc fix
• phpunit - Security fix: arbitrary PHP code execution via HTTP POST
• protozero - Fix data_view equality operator
• pulseaudio - Fix copyright file
• pykde4 - Drop bindings for plasma webview bindings; they're obsolete and non-functional
• python-colorlog - Fix python3 dependencies
• python-imaplib2 - Fix python3 dependencies
• python-plumbum - Fix python3 dependencies
• qgis - Fix missing Breaks/Replaces against python-qgis-common
• request-tracker4 - Handle configuration permissions correctly following RT_SiteConfig.d changes
• retext - Backport upstream fix for crash in XSettings code; fix syntax in appdata XML file
• rkhunter - Disable remote updates [CVE-2017-7480]
• socat - Fix signals leading to possible 100% CPU usage
• squashfs-tools - Fix corruption of large files; fix rare race condition
• systemd - Fix out-of-bounds write in systemd-resolved [CVE-2017-9445]; be truly quiet in systemctl -q is-enabled; improve RLIMIT_NOFILE handling; debian/extra/rules: Use updated U2F ruleset
• thermald - Add Broadwell-GT3E and Kabylake support
• unrar-nonfree - Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters [CVE-2012-6706]
• win32-loader - Replace all mirror urls with deb.debian.org; drop bz2 compression for source

Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:

• DSA-3876 otrs2
• DSA-3877 tor
• DSA-3882 request-tracker4
• DSA-3884 gnutls28
• DSA-3885 irssi
• DSA-3886 linux
• DSA-3887 glibc
• DSA-3888 exim4
• DSA-3890 spip
• DSA-3891 tomcat8
• DSA-3893 jython
• DSA-3895 flatpak
• DSA-3896 apache2
• DSA-3897 drupal7
• DSA-3900 openvpn
• DSA-3901 libgcrypt20
• DSA-3902 jabberd2
• DSA-3903 tiff
• DSA-3904 bind9
• DSA-3905 xorg-server
• DSA-3906 undertow
• DSA-3907 spice
• DSA-3908 nginx
• DSA-3910 knot
• DSA-3911 evince
• DSA-3912 heimdal

Removed packages
The following packages were removed due to circumstances beyond our control:

• aiccu - Useless since shutdown of SixXS

Debian Installer
The installer has been updated to include the fixes incorporated into stable by the point release.

Updated Debian 8: 8.9 released

The Debian project is pleased to announce the ninth update of its oldstable distribution Debian 8 (codename “jessie”). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old “jessie” media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list