Debian Linux has hit version 9.1.

The new release rolls up 26 security fixes that have landed since June. This one, which landed last week, is worth plucking out of the noise, with Debian joining others in patching the Heimdal Kerberos man-in-the-middle bug.

There are also fixes in Apache, a bunch of Linux updates, and various OpenVPN fixes (some of which we've written about).

There are 55 package fixes name-checked in the point release, some of which also have CVEs but aren't listed as security patches.

The c-ares resolver gets a fix for CVE-2017-1000381; there are several fixes in the dwarfutils link shortener; seven bugs are fixed in libquicktime , and among the systemd patches is one to deal with an out-of-bounds write in its resolver.

Finally, since the SixXS IPv6 tunnel broker has shut down, its matching Debian package, its corresponding aiccu package received its death-note. ®