The Debian Project announced the new Debian 9.1 release that includes 26 security fixes. The list of fixed problems includes the Heimdal Kerberos man-in-the-middle vulnerability, a 20 years-old vulnerability in Kerberos that was parched this week for both Microsoft and Linux distros.
“The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename
stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.” states the announcement.
“Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old
stretch media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.”
Debian 9.1 isn’t a new Debian version or bring new features, it only updates the existing packages with a special focus on cyber security.
Debian 9.1 also addresses security issues in Apache, and includes a number of Linux updates and patches for OpenVPN flaws (including recently fixed CVE-2017-7508, CVE-2017-7520, CVE-2017-7520).
The new release fixes the CVE-2017-1000381 in the c-ares function “ares_parse_naptr_reply()“, it also addresses several issues in thedwarfutils link shortener and in libquicktime.
“The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.” states the description for the CVE-2017-1000381 flaw.
For updating all packages run the following command:
apt-get update && apt-get upgrade
For downloading Debian 9.1 images, refer one of the mirrors at the following URL:
(Security Affairs – (Debian, security updates)