Security Updates
This revision adds the following security updates to the oldstable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4005 | openjfx |
| DSA-4255 | ant |
| DSA-4352 | chromium-browser |
| DSA-4379 | golang-1.7 |
| DSA-4380 | golang-1.8 |
| DSA-4395 | chromium |
| DSA-4421 | chromium |
| DSA-4616 | qemu |
| DSA-4617 | qtbase-opensource-src |
| DSA-4618 | libexif |
| DSA-4619 | libxmlrpc3-java |
| DSA-4620 | firefox-esr |
| DSA-4621 | openjdk-8 |
| DSA-4622 | postgresql-9.6 |
| DSA-4624 | evince |
| DSA-4625 | thunderbird |
| DSA-4628 | php7.0 |
| DSA-4629 | python-django |
| DSA-4630 | python-pysaml2 |
| DSA-4631 | pillow |
| DSA-4632 | ppp |
| DSA-4633 | curl |
| DSA-4634 | opensmtpd |
| DSA-4635 | proftpd-dfsg |
| DSA-4637 | network-manager-ssh |
| DSA-4639 | firefox-esr |
| DSA-4640 | graphicsmagick |
| DSA-4642 | thunderbird |
| DSA-4646 | icu |
| DSA-4647 | bluez |
| DSA-4648 | libpam-krb5 |
| DSA-4650 | qbittorrent |
| DSA-4653 | firefox-esr |
| DSA-4655 | firefox-esr |
| DSA-4656 | thunderbird |
| DSA-4657 | git |
| DSA-4659 | git |
| DSA-4660 | awl |
| DSA-4663 | python-reportlab |
| DSA-4664 | mailman |
| DSA-4666 | openldap |
| DSA-4668 | openjdk-8 |
| DSA-4670 | tiff |
| DSA-4671 | vlc |
| DSA-4673 | tomcat8 |
| DSA-4674 | roundcube |
| DSA-4675 | graphicsmagick |
| DSA-4676 | salt |
| DSA-4677 | wordpress |
| DSA-4678 | firefox-esr |
| DSA-4683 | thunderbird |
| DSA-4685 | apt |
| DSA-4686 | apache-log4j1.2 |
| DSA-4687 | exim4 |
| DSA-4688 | dpdk |
| DSA-4689 | bind9 |
| DSA-4692 | netqmail |
| DSA-4693 | drupal7 |
| DSA-4695 | firefox-esr |
| DSA-4698 | linux |
| DSA-4700 | roundcube |
| DSA-4701 | intel-microcode |
| DSA-4702 | thunderbird |
| DSA-4703 | mysql-connector-java |
| DSA-4704 | vlc |
| DSA-4705 | python-django |
| DSA-4706 | drupal7 |
| DSA-4707 | mutt |
| DSA-4711 | coturn |
| DSA-4713 | firefox-esr |
| DSA-4715 | imagemagick |
| DSA-4717 | php7.0 |
| DSA-4718 | thunderbird |
Общие методы уменьшения проблемы с совместимостью
Совместимы ли Ваши приложения с Windows 7, поможет определить подключение Application Compatibility Toolkit (ACT)
5.5. ACT также помогает определить, как будут влиять на Ваши приложения апгрейды. Так же Вы функции ACT могут
использоваться для:
- Проверки своих приложений, устройств и компьютера на совместимость с новой версией операционной системы
Windows - Проверки совместимости обновления Windows
- Подключения в сообщество ACT и совместной оценки риска с другими пользователями ACT
- Тестирования своих Веб-приложений и Веб-сайтов на возможность проблем совместимости с новыми выпусками и
обновлениями системы защиты Internet Explorer.
Методы уменьшения проблем с совместимостью
Уменьшение проблем с совместимостью приложения обычно зависит от различных факторов,
таких как тип приложения и текущей поддержки приложения. Некоторые из общих методов включают следующее:
- Изменение конфигурации существующего приложения: Вы можете использовать инструменты, Compatibility
Administrator или Standard User Analyzer (устанавливается с ACT), для обнаружения проблемы и создания
исправления данного приложения, что решит проблему совместимости. - Применение обновлений или пакетов обновлений к приложению: обновления или пакеты обновлений могут помочь
решить многие из проблем с совместимостью и дать возможность приложению работать в новой среде операционной
системы. - Апгрейд приложения до совместимого релиза: если более новая, совместимая версия приложения существует,
лучшее решение — обновить до более новой версии. - Изменение конфигурации безопасности: как пример, Защищенный режим Internet Explorer может быть смягчен,
добавив сайт в список надежных сайтов или выключив Защищенный режим (что не рекомендуется). - Запуск приложения в виртуализированной среде: если все другие методы недоступны, для решения проблем Вы
можете запустить приложение в более раннем релизе Windows, используя инструменты виртуализации, такие как PC
Microsoft Virtual и Microsoft Virtual Server. - Использование функций совместимости приложения: проблемы приложения, такие как управление версиями
операционной системы, могут быть смягчены, запуском приложения в режиме эмуляции. К этому режиму можно
получить доступ, щелкнув правой кнопкой по ярлыку или .exe файлу и применяя режим эмуляции более ранней
версии Windows на вкладки «Совместимость» (Свойства ->
Совместимость). Так же, чтобы помочь в конфигурировании режима эмуляции с приложением, Вы
можете использовать «Мастер Совместимости Программ». Эту функцию можно найти так:
«Панель управления» -> «Программы» -> «Выполнение программ,
созданных для предыдущих версий Windows». - Выбор другого приложения, которое выполняет ту же самую функцию, но не имеет проблем с совместимостью: если
другое совместимое приложение доступно, Вы можете использовать его.
Security Updates
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4826 | nodejs |
| DSA-4844 | dnsmasq |
| DSA-4845 | openldap |
| DSA-4846 | chromium |
| DSA-4847 | connman |
| DSA-4849 | firejail |
| DSA-4850 | libzstd |
| DSA-4851 | subversion |
| DSA-4853 | spip |
| DSA-4854 | webkit2gtk |
| DSA-4855 | openssl |
| DSA-4856 | php7.3 |
| DSA-4857 | bind9 |
| DSA-4858 | chromium |
| DSA-4859 | libzstd |
| DSA-4860 | openldap |
| DSA-4861 | screen |
| DSA-4862 | firefox-esr |
| DSA-4863 | nodejs |
| DSA-4864 | python-aiohttp |
| DSA-4865 | docker.io |
| DSA-4867 | grub-efi-amd64-signed |
| DSA-4867 | grub-efi-arm64-signed |
| DSA-4867 | grub-efi-ia32-signed |
| DSA-4867 | grub2 |
| DSA-4868 | flatpak |
| DSA-4869 | tiff |
| DSA-4870 | pygments |
| DSA-4871 | tor |
| DSA-4872 | shibboleth-sp |
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:
| Package | Reason |
|---|---|
| avahi | Remove avahi-daemon-check-dns mechanism, which is no longer needed |
| base-files | Update /etc/debian_version for the 10.9 point release |
| cloud-init | Avoid logging generated passwords to world-readable log files |
| debian-archive-keyring | Add bullseye keys; retire jessie keys |
| debian-installer | Use 4.19.0-16 Linux kernel ABI |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| exim4 | Fix use of concurrent TLS connections under GnuTLS; fix TLS certificate verification with CNAMEs; README.Debian: document the limitation/extent of server certificate verification in the default configuration |
| fetchmail | No longer report System error during SSL_connect(): Success; remove OpenSSL version check |
| fwupd | Add SBAT support |
| fwupd-amd64-signed | Add SBAT support |
| fwupd-arm64-signed | Add SBAT support |
| fwupd-armhf-signed | Add SBAT support |
| fwupd-i386-signed | Add SBAT support |
| fwupdate | Add SBAT support |
| fwupdate-amd64-signed | Add SBAT support |
| fwupdate-arm64-signed | Add SBAT support |
| fwupdate-armhf-signed | Add SBAT support |
| fwupdate-i386-signed | Add SBAT support |
| gdnsd | Fix stack overflow with overly-large IPv6 addresses |
| groff | Rebuild against ghostscript 9.27 |
| hwloc-contrib | Enable support for the ppc64el architecture |
| intel-microcode | Update various microcode |
| iputils | Fix ping rounding errors; fix tracepath target corruption |
| jquery | Fix untrusted code execution vulnerabilities |
| libbsd | Fix out-of-bounds read issue |
| libpano13 | Fix format string vulnerability |
| libreoffice | Do not load encodings.py from current directoy |
| linux | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-latest | Update to -15 kernel ABI; update for -16 kernel ABI |
| linux-signed-amd64 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-signed-arm64 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| linux-signed-i386 | New upstream stable release; update ABI to -16; rotate secure boot signing keys; rt: update to 4.19.173-rt72 |
| lirc | Normalize embedded ${DEB_HOST_MULTIARCH} value in /etc/lirc/lirc_options.conf to find unmodified configuration files on all architectures; recommend gir1.2-vte-2.91 instead of non-existent gir1.2-vte |
| m2crypto | Fix test failure with recent OpenSSL versions |
| openafs | Fix outgoing connections after unix epoch time 0x60000000 (14 January 2021) |
| portaudio19 | Handle EPIPE from alsa_snd_pcm_poll_descriptors, fixing crash |
| postgresql-11 | New upstream stable release; fix information leakage in constraint-violation error messages ; fix CREATE INDEX CONCURRENTLY to wait for concurrent prepared transactions |
| privoxy | Security issues |
| python3.7 | Fix CRLF injection in http.client ; fix buffer overflow in PyCArg_repr in _ctypes/callproc.c |
| redis | Fix a series of integer overflow issues on 32-bit systems |
| ruby-mechanize | Fix command injection issue |
| systemd | core: make sure to restore the control command id, too, fixing a segfault; seccomp: allow turning off of seccomp filtering via an environment variable |
| uim | libuim-data: Perform symlink_to_dir conversion of /usr/share/doc/libuim-data in the resurrected package for clean upgrades from stretch |
| xcftools | Fix integer overflow vulnerability |
| xterm | Correct upper-limit for selection buffer, accounting for combining characters |
Removed packages
The following packages were removed due to circumstances beyond our control:
| Package | Reason |
|---|---|
| certificatepatrol | Incompatible with newer Firefox ESR versions |
| colorediffs-extension | Incompatible with newer Thunderbird versions |
| dynalogin | Depends on to-be-removed simpleid |
| enigmail | Incompatible with newer Thunderbird versions |
| firefox-esr | No longer supported (requires nodejs) |
| firefox-esr | No longer supported (needs newer rustc) |
| getlive | Broken due to Hotmail changes |
| gplaycli | Broken by Google API changes |
| kerneloops | Upstream service no longer available |
| libmicrodns | Security issues |
| libperlspeak-perl | Security issues; unmaintained |
| mathematica-fonts | Relies on unavailable download location |
| pdns-recursor | Security issues; unsupported |
| predictprotein | Depends on to-be-removed profphd |
| profphd | Unusable |
| quotecolors | Incompatible with newer Thunderbird versions |
| selenium-firefoxdriver | Incompatible with newer Firefox ESR versions |
| simpleid | Does not work with PHP7 |
| simpleid-ldap | Depends on to-be-removed simpleid |
| torbirdy | Incompatible with newer Thunderbird versions |
| weboob | Unmaintained; already removed from later releases |
| yahoo2mbox | Broken for several years |
Security Updates
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:
| Advisory ID | Package |
|---|---|
| DSA-3876 | otrs2 |
| DSA-3877 | tor |
| DSA-3882 | request-tracker4 |
| DSA-3884 | gnutls28 |
| DSA-3885 | irssi |
| DSA-3886 | linux |
| DSA-3887 | glibc |
| DSA-3888 | exim4 |
| DSA-3890 | spip |
| DSA-3891 | tomcat8 |
| DSA-3893 | jython |
| DSA-3895 | flatpak |
| DSA-3896 | apache2 |
| DSA-3897 | drupal7 |
| DSA-3900 | openvpn |
| DSA-3901 | libgcrypt20 |
| DSA-3902 | jabberd2 |
| DSA-3903 | tiff |
| DSA-3904 | bind9 |
| DSA-3905 | xorg-server |
| DSA-3906 | undertow |
| DSA-3907 | spice |
| DSA-3908 | nginx |
| DSA-3910 | knot |
| DSA-3911 | evince |
| DSA-3912 | heimdal |
Security Updates
This revision adds the following security updates to the oldstable release.
The Security Team has already released an advisory for each of these
updates:
| Advisory ID | Package |
|---|---|
| DSA-4474 | firefox-esr |
| DSA-4479 | firefox-esr |
| DSA-4509 | apache2 |
| DSA-4509 | subversion |
| DSA-4511 | nghttp2 |
| DSA-4516 | firefox-esr |
| DSA-4517 | exim4 |
| DSA-4518 | ghostscript |
| DSA-4519 | libreoffice |
| DSA-4522 | faad2 |
| DSA-4523 | thunderbird |
| DSA-4525 | ibus |
| DSA-4526 | opendmarc |
| DSA-4528 | bird |
| DSA-4529 | php7.0 |
| DSA-4530 | expat |
| DSA-4531 | linux |
| DSA-4532 | spip |
| DSA-4535 | e2fsprogs |
| DSA-4537 | file-roller |
| DSA-4539 | openssl |
| DSA-4540 | openssl1.0 |
| DSA-4541 | libapreq2 |
| DSA-4542 | jackson-databind |
| DSA-4543 | sudo |
| DSA-4545 | mediawiki |
| DSA-4547 | tcpdump |
| DSA-4548 | openjdk-8 |
| DSA-4549 | firefox-esr |
| DSA-4550 | file |
| DSA-4552 | php7.0 |
| DSA-4554 | ruby-loofah |
| DSA-4555 | pam-python |
| DSA-4557 | libarchive |
| DSA-4559 | proftpd-dfsg |
| DSA-4560 | simplesamlphp |
| DSA-4564 | linux |
| DSA-4565 | intel-microcode |
| DSA-4567 | dpdk |
| DSA-4568 | postgresql-common |
| DSA-4569 | ghostscript |
| DSA-4571 | thunderbird |
| DSA-4573 | symfony |
| DSA-4574 | redmine |
| DSA-4576 | php-imagick |
| DSA-4578 | libvpx |
| DSA-4580 | firefox-esr |
| DSA-4581 | git |
| DSA-4582 | davical |
| DSA-4584 | spamassassin |
| DSA-4585 | thunderbird |
| DSA-4587 | ruby2.3 |
| DSA-4588 | python-ecdsa |
| DSA-4589 | debian-edu-config |
| DSA-4590 | cyrus-imapd |
| DSA-4591 | cyrus-sasl2 |
| DSA-4592 | mediawiki |
| DSA-4593 | freeimage |
| DSA-4594 | openssl1.0 |
| DSA-4595 | debian-lan-config |
| DSA-4596 | tomcat8 |
| DSA-4596 | tomcat-native |
| DSA-4597 | netty |
| DSA-4598 | python-django |
| DSA-4600 | firefox-esr |
| DSA-4601 | ldm |
| DSA-4602 | xen |
| DSA-4603 | thunderbird |
| DSA-4604 | cacti |
| DSA-4607 | openconnect |
| DSA-4609 | python-apt |
| DSA-4611 | opensmtpd |
| DSA-4612 | prosody-modules |
| DSA-4614 | sudo |
| DSA-4615 | spamassassin |
Miscellaneous Bugfixes
This stable update adds a few important corrections to the following
packages:
| Package | Reason |
|---|---|
| 3dchess | Reduce wasteful CPU consumption |
| adwaita-icon-theme | Fix malformed send-to-symbolic icon |
| anope | Fix incorrect mail-transport-agent relationship |
| apt | Reset failure reason when connection was successful, so later errors are reported as such and not as connection failurewarnings; http: A response with Content-Length: 0 has no content, so don’t try to read it; use port from SRV record instead of initial port |
| avogadro | Update eigen3 patches |
| base-files | Update for the 9.1 point release |
| c-ares | Security fix |
| debian-edu-doc | Update Debian Edu Stretch manual from the wiki; update translations |
| debsecan | Add support for stretch and buster; Python needs https_proxy for proxy configuration with https:// URLs |
| devscripts | debchange: target stretch-backports with —bpo; support $codename{,-{proposed-updates,security}}; bts: add support for the new a11ytag |
| dgit | Multiple bugfixes |
| dovecot | Fix syntax errors when sending Solr queries |
| dwarfutils | Security fixes |
| fpc | Fix conversion from local time to UTC |
| galternatives | Fix blank window when displaying properties |
| geolinks | Fix python3 dependencies |
| gnats | gnats-user: do not fail to purge if /var/lib/gnats/gnats-db is not empty |
| gnome-settings-daemon | Do not add the USkeyboard layout by default for new users, for some reason, this layout was preferred over the system configured one on the first login; preserve NumLock state between sessions by default |
| gnuplot | Fix memory corruption vulnerability |
| gnutls28 | Fix breakage with AES-GCM in-place encryption and decryption on aarch64 |
| grub-installer | Fix support for systems with a large number of disks |
| intel-microcode | Update included microcode |
| libclamunrar | Fix arbitrary memory write |
| libopenmpt | Security fixes: out-of-bounds read while loading a malfomed PLM file; arbitrary code execution by a crafted PSM file ; various security fixes |
| libquicktime | Security fixes |
| linux-latest | Revert changes to debug symbol meta-packages |
| nagios-nrpe | Restore previous SSL defaults |
| nvidia-graphics-drivers | Bump Pre-Depends: nvidia-installer-cleanup to (>= 20151021) for smoother upgrades from jessie |
| octave-ocs | Fix loading package functions |
| open-iscsi | Speed up Debian Installer when iSCSI is not used |
| openssh | Fix incoming compression statistics |
| openstack-debian-images | Also add security updates for non wheezy/jessie |
| os-prober | EFI — look for dosinstead of msdos |
| osinfo-db | Improve support for Stretch and Jessie |
| partman-base | Protect the firmware area on all mmcblk devices (and not only on mmcblk0) from being clobbered during guided partitioning |
| pdns-recursor | Add 2017 DNSSEC root key |
| perl | Backport various Getopt-Long fixes from upstream 2.49..2.51; backport upstream patch fixing regexp Malformed UTF-8 character; apply upstream base.pm no-dot-in-inc fix |
| phpunit | Security fix: arbitrary PHP code execution via HTTP POST |
| protozero | Fix data_view equality operator |
| pulseaudio | Fix copyright file |
| pykde4 | Drop bindings for plasma webview bindings; they’re obsolete and non-functional |
| python-colorlog | Fix python3 dependencies |
| python-imaplib2 | Fix python3 dependencies |
| python-plumbum | Fix python3 dependencies |
| qgis | Fix missing Breaks/Replaces against python-qgis-common |
| request-tracker4 | Handle configuration permissions correctly following RT_SiteConfig.d changes |
| retext | Backport upstream fix for crash in XSettings code; fix syntax in appdata XML file |
| rkhunter | Disable remote updates |
| socat | Fix signals leading to possible 100% CPU usage |
| squashfs-tools | Fix corruption of large files; fix rare race condition |
| systemd | Fix out-of-bounds write in systemd-resolved ; be truly quiet in systemctl -q is-enabled; improve RLIMIT_NOFILE handling; debian/extra/rules: Use updated U2F ruleset |
| thermald | Add Broadwell-GT3E and Kabylake support |
| unrar-nonfree | Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters |
| win32-loader | Replace all mirror urls with deb.debian.org; drop bz2 compression for source |
![Oбновление debian gnu/linux 8 "jessie" до debian 9 "stretch" методом in-place upgrade [вики it-kb]](https://smartshop124.ru/wp-content/uploads/7/4/8/748df0cc82871cc6047e4802357e64ec.jpeg)
