Download Debian GNU/Linux 8.2
Debian is an open source operating system, which can be used for both desktops and servers, with an emphasis on stability and security. It is therefore used as the basis for various Linux distributions, including Ubuntu and Linux Mint. Version 8.2 has recently been released and has the following announcement:
Updated Debian 8: 8.2 released
The Debian project is pleased to announce the second update of its stable distribution Debian 8 (codename “jessie”). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were published separately and are referenced where applicable.
Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old “jessie” CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.
Those who frequently install updates from security.debian.org won’t have to update many packages and most updates from security.debian.org are included in this update.
New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:
Miscellaneous Bug Fixes
This stable update adds a few important corrections to the following packages:
| akonadi | Fix a bug that caused old files to be kept when they should be removed |
| apache2 | Fix conffile logic for wheezy to jessie upgrades; fix -D[efined] or Fix process deadlock when shutting down a worker; mpm_event: Fix crashes due to various race conditions |
| apt | Parse specific-arch dependencies correctly on single-arch systems; remove first package seen is native package assumption; fix endless loop in apt-get update that can cause all disk space to be used |
| bareos | Fix backup corruption on multi-volume jobs; add autopkgtests |
| base files | Update for the point release |
| binutils-mingw-w64 | Apply upstream fix to handle Visual Studio DLLs |
| bird | Correctly migrate bird6.conf from bird6 package |
| cron | Cron.service: Use KillMode=process to kill only the daemon, not running jobs |
| cross-gcc | Require bash in rules.template makefile |
| dbus | Fix a memory leak when GetConnectionCredentials is called; stop dbus-monitor replying to org.freedesktop.DBus.Peer messages, including those that another process should have replied to |
| debian installer | Add image for Seagate DockStar; add symlinks for OpenRD variants; append DTB for LaCie NAS devices that require it |
| debian-installer-launcher | Set the menu icon text in the source package to read Install Debian jessie |
| debian-installer-netboot-images | Rebuild against new debian installer |
| designate | Fix mDNS DoS through incorrect handling of large RecordSets [CVE-2015-5695] |
| dovecot | Fix SSL/TLS handshake failures leading to a crash of the login process with newer versions of OpenSSL [CVE-2015-3420]; fix mbox corruption issue |
| ejabberd | Fix logging of nicknames in muc logs and parsing of ldap_dn_filter option; postinst: restart on upgrade; logrotate: don’t signal a non-running daemon |
| flash kernel | Combine i.MX53 QSB and LOCO board entries, they are the same thing and the LOCO variant was missing DTB information, possibly causing issues during wheezy to jessie upgrades |
| fusion directory | Access javascript libraries via a path relative to FusionDirectory’s base path |
| glibc | Fix pthread_mutex_trylock with lock elision; fix gprof entry point on ppc64el; fix a buffer overflow in getanswer_r [CVE-2015-1781] |
| glusterfs | Stop creating UNIX domain sockets as FIFOs on NFS |
| gnome terminal | Open new tabs in working directory, rather than home directory |
| gnutls28 | Fix a crash in VIA PadLock asm; fix GNUTLS-SA-2015-2, which allowed MD5 signatures (which are disabled by default) in the ServerKeyExchange message |
| gosa | Fix idGenerator for patterns like {%sn[3-6}-{%givenName[3-6]}; enable CSV / LDIF import on (non-Debian-Edu) clean installations by default |
| groovy2 | Fix remote execution of untrusted code and possible DoS vulnerability [CVE-2015-3253] |
| grub installer | Correctly propagate grub-installer/force-efi-extra-removable to installed system |
| gtk+3.0 | Fix several crashes |
| haproxy | Fix a segfault when parsing a configuration file containing disabled proxy sections |
| how-can-i-help | Use HTTPS to connect to UDD |
| kick | configure: Do not add -L without argument to $LIBS |
| lame | Enable functions with SSE instructions to maintain their own properly aligned stack. Fixes crashes when called from the ocaml bindings |
| libdatetime-timezone-perl | New upstream release |
| libgee-0.8 | Fix default value of –enable-consistency-check, otherwise a very expensive debug option is turned on by default and would make a lot of applications unusably slow |
| libio-socket-ssl-perl | Make PublicSuffix::_default_data thread safe |
| libiso codes | Fix GLib critical warning if the environment variable LANGUAGE is not set |
| libvirt | Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu; fix crash on live migration; allow access to libnl-3 configuration; report original error when QMP probing fails with new QEMU |
| linux-ftpd-ssl | Fix NLST or empty directory results in segfault |
| lynx-cur | Use gnutls_set_default_priority() instead of a custom priority string, so fixing GNUTLS-SA-2015-2 in GnuTLS does not break SSL support in lynx |
| mesa | Disable asynchronous DMA on radeonsi which can cause lockups |
| motif | Disable fix for upstream bug #1565 which caused segfaults in ddd and xpdf |
| mozilla-gnome-keyring | Restore compatibility with newer Iceweasel versions |
| nbd | Fix authfile parsing |
| nss | Fix certificate chain generation to prefer stronger/newer certificates over weaker/older certs |
| ocl-icd | Fix clSVMFree never called in OpenCL ICD |
| pdf.js | Drop xul-ext-pdf.js package since it’s not compatible with iceweasel 38 |
| postgresql-9.1 | New upstream release |
| postgresql-9.4 | New upstream release |
| prosody | Fix CNAME resolution |
| python-apt | Work around a cyclic reference from Cache to its methods; LFS fixes; fix splitting of multi-lines Binary fields in dsc files; arch-qualify in compare_to_version_in_cache(); fix apt.Package.installed_files for multi-arch packages |
| python keystoneclient | Fix S3token incorrect condition expression for ssl_insecure [CVE-2015-1852] |
| python-keystonemiddleware | Fix S3Token TLS cert verification option not honored [CVE-2015-1852] |
| python report lab | Correctly handle PNGs containing transparency |
| python-swiftclient | Add missing dependency on python-pkg-resources |
| r-cran-rcurl | Build-Depend on libcurl4-openssl-dev, fixing issues with PEM certificate bundles |
| raw therapist | Fix dcraw imput sanitization errors [CVE-2015-3885] |
| request policy | Restore compatibility with newer Iceweasel versions |
| rsyslog | Disable transactions in ompgsql as they were not working properly |
| ruby2.1 | Fix Request hijacking vulnerability in Rubygems [CVE-2015-3900] |
| syslinux | Fix booting on some Chromebooks |
| systemd | Disable default DNS servers in systemd resolve; use strictly versioned dependendency on libsystemd-dev for the transitional dev packages; udev: Increase udev event timeout to 180s |
| tabmixplus | Restore compatibility with newer Iceweasel versions |
| tcpdump | Fix -Z confirmation log being sent to stdout, where it can get mixed with pcap stream data if ‘-w -‘ is used |
| torus | Revert broken patch refresh, thereby fixing rrdup_notify |
| tzdata | New upstream release |
| ufraw | Fix buffer overflow in ljpeg_start [CVE-2015-3885] |
| unattended upgrades | Make optional automatic-reboot work again; really fix adding of jessie-security |
| wesnoth-1.10 | Disallow inclusion of .pbl files from WML [CVE-2015-5069, CVE-2015-5070] |
| xemacs21 | Conflict against old transitional packages to make absolutely sure that they are removed before we try to upgrade; remove dependency from support to binary package since the binary package already has the equivalent dependency |
| xserver-xorg-video-modesetting | Don’t pretend to support rotation |
Security Updates
This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:
Removed packages
The following packages were removed due to circumstances beyond our control:
| critical | Fast-moving target, too difficult to keep updated |
| dactyl | Incompatible with newer Iceweasel versions |
| fullscreen extension | Incompatible with newer Iceweasel versions |
| netty3.1 | Dependency for non-present jetty |
| php-send-xml | security issues; useless in Debian |
| ruby filter | Broken (empty) package |
Debian Installer
The installer has been updated to add support for Seagate DockStar devices and to include the fixes incorporated into stable by the point release.
| Version number | 8.2 |
| Release status | Final |
| Operating systems | Linux |
| Website | Debian |
| Download | |
| License type | Conditions (GNU/BSD/etc.) |