Debian 9: 9.4 the fourth update of its stable distribution

Linux Distribution

Debian 9: 9.4 the fourth update of its stable distribution

Debian 9: 9.4 the fourth update of its stable distribution

Debian 9: 9.4 the fourth update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old stretch media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from won't have to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at:

Debian 9: 9.4

Miscellaneous Bugfixes

This stable update adds a few important corrections to the following packages:

Package Reason
acme-tiny Fix outdated version of the subscriber agreement
activity-log-manager Add missing dependency on python-zeitgeist Fix creation of tasks and appointments
apparmor Move the features file to /usr/share/apparmor-features; pin the AppArmor feature set to Stretch's kernel
auto-apt-proxy Move apt configuration away on removal, and put it back on reinstalls
bareos Fix backups failing with No Volume name given
base-files Update for the point release
cappuccino Add missing dependency on gir1.2-gtk-3.0
cerealizer Fix Python3 dependencies
clamav New upstream release; security update [CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380]
cron Properly transition system jobs to system_cronjob_t SELinux context and stop relying on refpolicy specific identifiers
cups Fix execution of arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding [CVE-2017-18190]
dbus New upstream release; raise file descriptor limit sooner, fixing a regression in local DoS fix
debian-edu-config Pre-configure Chromium Webbrowser system-wide to auto-detect the http proxy settings via WPAD; allow joining of Windows 10 clients to the Samba NT4-style domain
debian-installer Bump Linux kernel version from 4.9.0-4 to 4.9.0-6
debian-installer-netboot-images Update to 20170615+deb9u3 images, from stretch-proposed-updates
directfb Fix architecture-based filter to actually install drivers
dpdk Update to new stable point release
espeakup udeb: fix case where card 0 does not have an id or where cards have non-contiguous indexes; use English by default; use card id in installed system to avoid issues with card detection ordering
exam Fix Python3 dependencies
flatpak New upstream release; fix a D-Bus filtering bypass in flatpak-dbus-proxy; ignore unrecognised permission strings, instead of failing; do not allow legacy eavesdropping on the D-Bus session bus
fuse-zip Fix writeback fail with libzip 1.0
glade Fix possible infinite loop
glibc Do not update /etc/nsswitch.conf when its content already matches the default; debian/ always check for all optimized packages as multiarch allows one to install foreign architectures; avoid use-after-free read access in clntudp_call [CVE-2017-12133]; define collation for Malayalam chillu characters and correct collation of U+0D36 and U+0D37 Malayalam characters; fix invalid cast in group merging affecting ppc64 and s390x; fix compatibility with Intel C++ __regcall calling convention; install the libc-otherbuild postinst and postrm in the libc6-i686 transitional package, to make sure /etc/ is correctly removed after an upgrade
global Gozilla: quote URLs before passing them to BROWSER [CVE-2017-17531]
gnumail Stop linking to OpenSSL
golang-github-go-ldap-ldap Require explicit intention for empty password
gosa-plugin-pwreset Fix deprecated constructor call
grilo-plugins Fix Radio France source
hdf5 Fix javahelper invocation
inputlirc Include input-event-codes.h instead of input.h, fixing build failure
intercal Recompile with PIE
java-atk-wrapper Fix iterator initialization; fix missing reference for children
kildclient Drop support for user-defined browsers [CVE-2017-17511]
libdate-holidays-de-perl Mark Reformation Day as a holiday in Hamburg and Schleswig-Holstein from 2018 onwards
libdatetime-timezone-perl New upstream version
libhibernate-validator-java Fix potential privilege escalation by circumventing security manager permissions [CVE-2017-7536]
libperlx-assert-perl Add missing dependencies on libkeyword-simple-perl, libdevel-declare-perl
libreoffice Let FunctionAccess execute WEBSERVICE; use the right error code on WEBSERVICE() failures
libvhdi Add missing Python3 dependency
libvirt QEMU: shared disks with cache=directsync should be safe for migration; avoid denial of service reading from QEMU monitor [CVE-2018-5748]
linux New upstream version
lxc Fix the creation of testing and unstable containers by including iproute2 rather than iproute
mapproxy Fix Cross Site Scripting (XSS) issue in demo service [CVE-2017-1000426]
mosquitto Fix persistence file being world-readable [CVE-2017-9868]
mpi4py Support current version of libmpi
ncurses Fix buffer overflow in the _nc_write_entry function [CVE-2017-16879]
needrestart Fix switching to list mode if debconf is run non-interactively
ntp Increase stack size to at least 32kB

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.