O Debian Stretch recebe a sua ultima atualização, confira.
O anúncio da 13ª atualização do Debian Stretch foi feito pela comunidade Debian em 18 de Julho de 2020.
Após este lançamento não serão mais feitas novas atualizações, a comunidade recomenda que atualize o seu sistema para o Debian 10 Buster, ou continue usando o Stretch como LTS.
Confira o tempo de suporte da versão LTS.
A comunidade alerta.
Package Reason
acmetool Rebuild against recent golang to pick up security fixes
atril dvi: Mitigate command injection attacks by quoting filename [CVE-2017-1000159]; fix overflow checks in tiff backend [CVE-2019-1010006]; tiff: Handle failure from TIFFReadRGBAImageOriented [CVE-2019-11459]
bacula Add transitional package bacula-director-common, avoiding loss of /etc/bacula/bacula-dir.conf when purged; make PID files owned by root
base-files Update /etc/debian_version for the point release
batik Fix server-side request forgery via xlink:href attributes [CVE-2019-17566]
c-icap-modules Support ClamAV 0.102
ca-certificates Update Mozilla CA bundle to 2.40, blacklist distrusted Symantec roots and expired "AddTrust External Root"; remove e-mail only certificates
chasquid Rebuild against recent golang to pick up security fixes
checkstyle Fix XML External Entity injection issue [CVE-2019-9658 CVE-2019-10782]
clamav New upstream release [CVE-2020-3123]; security fixes [CVE-2020-3327 CVE-2020-3341]
compactheader New upstream version, compatible with newer Thunderbird versions
cram Ignore test failures to fix build issues
csync2 Fail HELLO command when SSL is required
cups Fix heap buffer overflow [CVE-2020-3898] and "the `ippReadIO` function may under-read an extension field" [CVE-2019-8842]
dbus New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid
debian-installer Update for the 4.9.0-13 Linux kernel ABI
debian-installer-netboot-images Rebuild against stretch-proposed-updates
debian-security-support Update support status of several packages
erlang Fix use of weak TLS ciphers [CVE-2020-12872]
exiv2 Fix denial of service issue [CVE-2018-16336]; fix over-restrictive fix for CVE-2018-10958 and CVE-2018-10999
fex Security update
file-roller Security fix [CVE-2020-11736]
fwupd New upstream release; use a CNAME to redirect to the correct CDN for metadata; do not abort startup if the XML metadata file is invalid; add the Linux Foundation public GPG keys for firmware and metadata; raise the metadata limit to 10MB
glib-networking Return bad identity error if identity is unset [CVE-2020-13645]
gnutls28 Fix memory corruption issue [CVE-2019-3829]; fix memory leak; add support for zero length session tickets, fix connection errors on TLS1.2 sessions to some hosting providers
gosa Tighten check on LDAP success/failure [CVE-2019-11187]; fix compatibility with newer PHP versions; backport several other patches; replace (un)serialize with json_encode/json_decode to mitigate PHP object injection [CVE-2019-14466]
heartbleeder Rebuild against recent golang to pick up security fixes
intel-microcode Downgrade some microcodes to previously released revisions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3
iptables-persistent Don't fail if modprobe does
jackson-databind Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267]
libbusiness-hours-perl Use explicit 4 digit years, fixing build and usage issues
libclamunrar New upstream stable release; add an unversioned meta-package
libdbi Comment out _error_handler() call again, fixing issues with consumers
libembperl-perl Handle error pages from Apache >= 2.4.40
libexif Security fixes [CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2020-12767 CVE-2020-0093]; security fixes [CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix a buffer read overflow [CVE-2020-0182] and an unsigned integer overflow [CVE-2020-0198]
libvncserver Fix heap overflow [CVE-2019-15690]
linux New upstream stable release; update ABI to 4.9.0-13
linux-latest Update for 4.9.0-13 kernel ABI
mariadb-10.1 New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2812 CVE-2020-2814]
megatools Add support for the new format of mega.nz links
mod-gnutls Avoid deprecated ciphersuites in test suite; fix test failures when combined with Apache's fix for CVE-2019-10092
mongo-tools Rebuild against recent golang to pick up security fixes
neon27 Treat OpenSSL-related test failures as non-fatal
nfs-utils Fix potential file overwrite vulnerability [CVE-2019-3689]; don't make all of /var/lib/nfs owned by the statd user
nginx Fix error page request smuggling vulnerability [CVE-2019-20372]
node-url-parse Sanitize paths and hosts before parsing [CVE-2018-3774]
nvidia-graphics-drivers New upstream stable release; new upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
pcl Fix missing dependency on libvtk6-qt-dev
perl Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723]
php-horde Fix cross-site scripting vulnerability [CVE-2020-8035]
php-horde-data Fix authenticated remote code execution vulnerability [CVE-2020-8518]
php-horde-form Fix authenticated remote code execution vulnerability [CVE-2020-8866]
php-horde-gollem Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034]
php-horde-trean Fix authenticated remote code execution vulnerability [CVE-2020-8865]
phpmyadmin Several security fixes [CVE-2018-19968 CVE-2018-19970 CVE-2018-7260 CVE-2019-11768 CVE-2019-12616 CVE-2019-6798 CVE-2019-6799 CVE-2020-10802 CVE-2020-10803 CVE-2020-10804 CVE-2020-5504]
postfix New upstream stable release
proftpd-dfsg Fix handling SSH_MSG_IGNORE packets
python-icalendar Fix Python3 dependencies
rails Fix possible cross-site scripting via Javascript escape helper [CVE-2020-5267]
rake Fix command injection vulnerability [CVE-2020-8130]
roundcube Fix cross-site scripting issue via HTML messages with malicious svg/namespace [CVE-2020-15562]
ruby-json Fix unsafe object creation vulnerability [CVE-2020-10663]
ruby2.3 Fix unsafe object creation vulnerability [CVE-2020-10663]
sendmail Fix finding the queue runner control process in "split daemon" mode, "NOQUEUE: connect from (null)", removal failure when using BTRFS
sogo-connector New upstream version, compatible with newer Thunderbird versions
ssvnc Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024]
storebackup Fix possible privilege escalation vulnerability [CVE-2020-7040]
swt-gtk Fix missing dependency on libwebkitgtk-1.0-0
tinyproxy Create PID file before dropping privileges to non-root account [CVE-2017-11747]
tzdata New upstream stable release
websockify Fix missing dependency on python{3,}-pkg-resources
wpa Fix AP mode PMF disconnection protection bypass [CVE-2019-16275]; fix MAC randomisation issues with some cards
xdg-utils Sanitise window name before sending it over D-Bus; correctly handle directories with names containing spaces; create the "applications" directory if needed
xml-security-c Fix length calculation in the concat method
xtrlock Fix blocking of (some) multitouch devices while locked [CVE-2016-10894]
Advisory ID Package
DSA-4005 openjfx
DSA-4255 ant
DSA-4352 chromium-browser
DSA-4379 golang-1.7
DSA-4380 golang-1.8
DSA-4395 chromium
DSA-4421 chromium
DSA-4616 qemu
DSA-4617 qtbase-opensource-src
DSA-4618 libexif
DSA-4619 libxmlrpc3-java
DSA-4620 firefox-esr
DSA-4621 openjdk-8
DSA-4622 postgresql-9.6
DSA-4624 evince
DSA-4625 thunderbird
DSA-4628 php7.0
DSA-4629 python-django
DSA-4630 python-pysaml2
DSA-4631 pillow
DSA-4632 ppp
DSA-4633 curl
DSA-4634 opensmtpd
DSA-4635 proftpd-dfsg
DSA-4637 network-manager-ssh
DSA-4639 firefox-esr
DSA-4640 graphicsmagick
DSA-4642 thunderbird
DSA-4646 icu
DSA-4647 bluez
DSA-4648 libpam-krb5
DSA-4650 qbittorrent
DSA-4653 firefox-esr
DSA-4655 firefox-esr
DSA-4656 thunderbird
DSA-4657 git
DSA-4659 git
DSA-4660 awl
DSA-4663 python-reportlab
DSA-4664 mailman
DSA-4666 openldap
DSA-4668 openjdk-8
DSA-4670 tiff
DSA-4671 vlc
DSA-4673 tomcat8
DSA-4674 roundcube
DSA-4675 graphicsmagick
DSA-4676 salt
DSA-4677 wordpress
DSA-4678 firefox-esr
DSA-4683 thunderbird
DSA-4685 apt
DSA-4686 apache-log4j1.2
DSA-4687 exim4
DSA-4688 dpdk
DSA-4689 bind9
DSA-4692 netqmail
DSA-4693 drupal7
DSA-4695 firefox-esr
DSA-4698 linux
DSA-4700 roundcube
DSA-4701 intel-microcode
DSA-4702 thunderbird
DSA-4703 mysql-connector-java
DSA-4704 vlc
DSA-4705 python-django
DSA-4706 drupal7
DSA-4707 mutt
DSA-4711 coturn
DSA-4713 firefox-esr
DSA-4715 imagemagick
DSA-4717 php7.0
DSA-4718 thunderbird
Package Reason
certificatepatrol Incompatible with newer Firefox ESR versions
colorediffs-extension Incompatible with newer Thunderbird versions
dynalogin Depends on to-be-removed simpleid
enigmail Incompatible with newer Thunderbird versions
firefox-esr [armel] No longer supported (requires nodejs)
firefox-esr [mips mipsel mips64el] No longer supported (needs newer rustc)
getlive Broken due to Hotmail changes
gplaycli Broken by Google API changes
kerneloops Upstream service no longer available
libmicrodns Security issues
libperlspeak-perl Security issues; unmaintained
mathematica-fonts Relies on unavailable download location
pdns-recursor Security issues; unsupported
predictprotein Depends on to-be-removed profphd
profphd Unusable
quotecolors Incompatible with newer Thunderbird versions
selenium-firefoxdriver Incompatible with newer Firefox ESR versions
simpleid Does not work with PHP7
simpleid-ldap Depends on to-be-removed simpleid
torbirdy Incompatible with newer Thunderbird versions
weboob Unmaintained; already removed from later releases
yahoo2mbox Broken for several years
Fonte
Para realizar a atualização execute os comandos no terminal.
Atualize a lista de pacotes.
Atualize o sistema.
Debian 9.13 Stretch
O anúncio da 13ª atualização do Debian Stretch foi feito pela comunidade Debian em 18 de Julho de 2020.
"O projeto Debian tem o prazer de anunciar a décima terceira (e final) atualização de sua antiga distribuição Debian 9 (codinome "stretch"). Esta versão pontual adiciona principalmente correções para problemas de segurança, além de alguns ajustes para problemas sérios. Os avisos de segurança já foram publicados separadamente e são referenciados quando disponíveis."
Após este lançamento não serão mais feitas novas atualizações, a comunidade recomenda que atualize o seu sistema para o Debian 10 Buster, ou continue usando o Stretch como LTS.
Confira o tempo de suporte da versão LTS.
A comunidade alerta.
"Por favor note que esse lançamento não constitui uma nova versão do Debian 9, mas atualiza apenas alguns dos pacotes incluídos. Não há necessidade de jogar fora a mídia antiga "stretch". Após a instalação, os pacotes podem ser atualizados para as versões atuais usando um espelho Debian atualizado."
No total tivemos 75 pacotes atualizados
Package Reason
acmetool Rebuild against recent golang to pick up security fixes
atril dvi: Mitigate command injection attacks by quoting filename [CVE-2017-1000159]; fix overflow checks in tiff backend [CVE-2019-1010006]; tiff: Handle failure from TIFFReadRGBAImageOriented [CVE-2019-11459]
bacula Add transitional package bacula-director-common, avoiding loss of /etc/bacula/bacula-dir.conf when purged; make PID files owned by root
base-files Update /etc/debian_version for the point release
batik Fix server-side request forgery via xlink:href attributes [CVE-2019-17566]
c-icap-modules Support ClamAV 0.102
ca-certificates Update Mozilla CA bundle to 2.40, blacklist distrusted Symantec roots and expired "AddTrust External Root"; remove e-mail only certificates
chasquid Rebuild against recent golang to pick up security fixes
checkstyle Fix XML External Entity injection issue [CVE-2019-9658 CVE-2019-10782]
clamav New upstream release [CVE-2020-3123]; security fixes [CVE-2020-3327 CVE-2020-3341]
compactheader New upstream version, compatible with newer Thunderbird versions
cram Ignore test failures to fix build issues
csync2 Fail HELLO command when SSL is required
cups Fix heap buffer overflow [CVE-2020-3898] and "the `ippReadIO` function may under-read an extension field" [CVE-2019-8842]
dbus New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid
debian-installer Update for the 4.9.0-13 Linux kernel ABI
debian-installer-netboot-images Rebuild against stretch-proposed-updates
debian-security-support Update support status of several packages
erlang Fix use of weak TLS ciphers [CVE-2020-12872]
exiv2 Fix denial of service issue [CVE-2018-16336]; fix over-restrictive fix for CVE-2018-10958 and CVE-2018-10999
fex Security update
file-roller Security fix [CVE-2020-11736]
fwupd New upstream release; use a CNAME to redirect to the correct CDN for metadata; do not abort startup if the XML metadata file is invalid; add the Linux Foundation public GPG keys for firmware and metadata; raise the metadata limit to 10MB
glib-networking Return bad identity error if identity is unset [CVE-2020-13645]
gnutls28 Fix memory corruption issue [CVE-2019-3829]; fix memory leak; add support for zero length session tickets, fix connection errors on TLS1.2 sessions to some hosting providers
gosa Tighten check on LDAP success/failure [CVE-2019-11187]; fix compatibility with newer PHP versions; backport several other patches; replace (un)serialize with json_encode/json_decode to mitigate PHP object injection [CVE-2019-14466]
heartbleeder Rebuild against recent golang to pick up security fixes
intel-microcode Downgrade some microcodes to previously released revisions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3
iptables-persistent Don't fail if modprobe does
jackson-databind Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267]
libbusiness-hours-perl Use explicit 4 digit years, fixing build and usage issues
libclamunrar New upstream stable release; add an unversioned meta-package
libdbi Comment out _error_handler() call again, fixing issues with consumers
libembperl-perl Handle error pages from Apache >= 2.4.40
libexif Security fixes [CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2020-12767 CVE-2020-0093]; security fixes [CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix a buffer read overflow [CVE-2020-0182] and an unsigned integer overflow [CVE-2020-0198]
libvncserver Fix heap overflow [CVE-2019-15690]
linux New upstream stable release; update ABI to 4.9.0-13
linux-latest Update for 4.9.0-13 kernel ABI
mariadb-10.1 New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2812 CVE-2020-2814]
megatools Add support for the new format of mega.nz links
mod-gnutls Avoid deprecated ciphersuites in test suite; fix test failures when combined with Apache's fix for CVE-2019-10092
mongo-tools Rebuild against recent golang to pick up security fixes
neon27 Treat OpenSSL-related test failures as non-fatal
nfs-utils Fix potential file overwrite vulnerability [CVE-2019-3689]; don't make all of /var/lib/nfs owned by the statd user
nginx Fix error page request smuggling vulnerability [CVE-2019-20372]
node-url-parse Sanitize paths and hosts before parsing [CVE-2018-3774]
nvidia-graphics-drivers New upstream stable release; new upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967]
pcl Fix missing dependency on libvtk6-qt-dev
perl Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723]
php-horde Fix cross-site scripting vulnerability [CVE-2020-8035]
php-horde-data Fix authenticated remote code execution vulnerability [CVE-2020-8518]
php-horde-form Fix authenticated remote code execution vulnerability [CVE-2020-8866]
php-horde-gollem Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034]
php-horde-trean Fix authenticated remote code execution vulnerability [CVE-2020-8865]
phpmyadmin Several security fixes [CVE-2018-19968 CVE-2018-19970 CVE-2018-7260 CVE-2019-11768 CVE-2019-12616 CVE-2019-6798 CVE-2019-6799 CVE-2020-10802 CVE-2020-10803 CVE-2020-10804 CVE-2020-5504]
postfix New upstream stable release
proftpd-dfsg Fix handling SSH_MSG_IGNORE packets
python-icalendar Fix Python3 dependencies
rails Fix possible cross-site scripting via Javascript escape helper [CVE-2020-5267]
rake Fix command injection vulnerability [CVE-2020-8130]
roundcube Fix cross-site scripting issue via HTML messages with malicious svg/namespace [CVE-2020-15562]
ruby-json Fix unsafe object creation vulnerability [CVE-2020-10663]
ruby2.3 Fix unsafe object creation vulnerability [CVE-2020-10663]
sendmail Fix finding the queue runner control process in "split daemon" mode, "NOQUEUE: connect from (null)", removal failure when using BTRFS
sogo-connector New upstream version, compatible with newer Thunderbird versions
ssvnc Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024]
storebackup Fix possible privilege escalation vulnerability [CVE-2020-7040]
swt-gtk Fix missing dependency on libwebkitgtk-1.0-0
tinyproxy Create PID file before dropping privileges to non-root account [CVE-2017-11747]
tzdata New upstream stable release
websockify Fix missing dependency on python{3,}-pkg-resources
wpa Fix AP mode PMF disconnection protection bypass [CVE-2019-16275]; fix MAC randomisation issues with some cards
xdg-utils Sanitise window name before sending it over D-Bus; correctly handle directories with names containing spaces; create the "applications" directory if needed
xml-security-c Fix length calculation in the concat method
xtrlock Fix blocking of (some) multitouch devices while locked [CVE-2016-10894]
73 atualizações de segurança.
Advisory ID Package
DSA-4005 openjfx
DSA-4255 ant
DSA-4352 chromium-browser
DSA-4379 golang-1.7
DSA-4380 golang-1.8
DSA-4395 chromium
DSA-4421 chromium
DSA-4616 qemu
DSA-4617 qtbase-opensource-src
DSA-4618 libexif
DSA-4619 libxmlrpc3-java
DSA-4620 firefox-esr
DSA-4621 openjdk-8
DSA-4622 postgresql-9.6
DSA-4624 evince
DSA-4625 thunderbird
DSA-4628 php7.0
DSA-4629 python-django
DSA-4630 python-pysaml2
DSA-4631 pillow
DSA-4632 ppp
DSA-4633 curl
DSA-4634 opensmtpd
DSA-4635 proftpd-dfsg
DSA-4637 network-manager-ssh
DSA-4639 firefox-esr
DSA-4640 graphicsmagick
DSA-4642 thunderbird
DSA-4646 icu
DSA-4647 bluez
DSA-4648 libpam-krb5
DSA-4650 qbittorrent
DSA-4653 firefox-esr
DSA-4655 firefox-esr
DSA-4656 thunderbird
DSA-4657 git
DSA-4659 git
DSA-4660 awl
DSA-4663 python-reportlab
DSA-4664 mailman
DSA-4666 openldap
DSA-4668 openjdk-8
DSA-4670 tiff
DSA-4671 vlc
DSA-4673 tomcat8
DSA-4674 roundcube
DSA-4675 graphicsmagick
DSA-4676 salt
DSA-4677 wordpress
DSA-4678 firefox-esr
DSA-4683 thunderbird
DSA-4685 apt
DSA-4686 apache-log4j1.2
DSA-4687 exim4
DSA-4688 dpdk
DSA-4689 bind9
DSA-4692 netqmail
DSA-4693 drupal7
DSA-4695 firefox-esr
DSA-4698 linux
DSA-4700 roundcube
DSA-4701 intel-microcode
DSA-4702 thunderbird
DSA-4703 mysql-connector-java
DSA-4704 vlc
DSA-4705 python-django
DSA-4706 drupal7
DSA-4707 mutt
DSA-4711 coturn
DSA-4713 firefox-esr
DSA-4715 imagemagick
DSA-4717 php7.0
DSA-4718 thunderbird
22 pacotes foram removidos devido a vários motivos.
Package Reason
certificatepatrol Incompatible with newer Firefox ESR versions
colorediffs-extension Incompatible with newer Thunderbird versions
dynalogin Depends on to-be-removed simpleid
enigmail Incompatible with newer Thunderbird versions
firefox-esr [armel] No longer supported (requires nodejs)
firefox-esr [mips mipsel mips64el] No longer supported (needs newer rustc)
getlive Broken due to Hotmail changes
gplaycli Broken by Google API changes
kerneloops Upstream service no longer available
libmicrodns Security issues
libperlspeak-perl Security issues; unmaintained
mathematica-fonts Relies on unavailable download location
pdns-recursor Security issues; unsupported
predictprotein Depends on to-be-removed profphd
profphd Unusable
quotecolors Incompatible with newer Thunderbird versions
selenium-firefoxdriver Incompatible with newer Firefox ESR versions
simpleid Does not work with PHP7
simpleid-ldap Depends on to-be-removed simpleid
torbirdy Incompatible with newer Thunderbird versions
weboob Unmaintained; already removed from later releases
yahoo2mbox Broken for several years
Fonte
Atualizar
Para realizar a atualização execute os comandos no terminal.
Atualize a lista de pacotes.
sudo apt-get update
Atualize o sistema.
sudo apt-get upgrade
Acredito que poderia haver uma citação ou link da página da equipe do debian LTS:
ResponderExcluirhttps://wiki.debian.org/LTS/Using
Faltou vc ler o que tem em todas as postagens desse blog quando são baseadas em outras, a Fonte no final da matéria.
Excluir