Aggiornata Debian 11: rialscio di 11.9

10 Febbraio 2024

Il progetto Debian è felice di annunciare il quarto aggiornamento della distribuzione stabile Debian 11 (nome in codice bullseye). Questo aggiornamento minore aggiunge soluzioni di problemi di sicurezza, oltre ad alcune correzioni per problemi seri. I bollettini della sicurezza sono già stati pubblicati separatamente e sono qui elencati dove possibile.

Notare che questo rilascio minore non è una nuova versione di Debian 11 ma solo un aggiornamento di alcuni pacchetti che ne fanno parte. Non è necessario buttare via il vecchio supporto di installazione di bullseye. Dopo l'installazione i pacchetti verranno aggiornati alle ultime versioni usando uno qualsiasi dei mirror Debian aggiornati.

Coloro che aggiornano il sistema frequentemente tramite security.debian.org non avranno molti pacchetti da aggiornare, e molti di questi sono inclusi nel rilascio minore.

Nuove immagini per l'installazione saranno presto disponibili nelle posizioni usuali.

Aggiornare una installazione esistente a questa revisione, può essere fatto configurando il sistema di gestione dei pacchetti per puntare ad uno dei tanti mirror HTTP Debian. Un elenco completo di questi mirror è disponibile qui:

https://www.debian.org/mirror/list

Risoluzione di problemi vari

L'aggiornamento della stable precedente aggiunge alcune importanti correzioni ai seguenti pacchetti (in inglese):

Pacchetto	Motivo
axis	Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743]
base-files	Update for the 11.9 point release
cifs-utils	Fix non-parallel builds
compton	Remove recommendation of picom
conda-package-handling	Skip unreliable tests
conmon	Do not hang when forwarding container stdout/stderr with lots of output
crun	Fix containers with systemd as their init system, when using newer kernel versions
debian-installer	Increase Linux kernel ABI to 5.10.0-28; rebuild against proposed-updates
debian-installer-netboot-images	Rebuild against proposed-updates
debian-ports-archive-keyring	Add Debian Ports Archive Automatic Signing Key (2025)
debian-security-support	Mark tor, consul and xen as end-of-life; limit samba support to non-AD DC use cases; match golang packages with regular expression; drop version-based checking; add chromium to security-support-ended.deb11; add tiles and libspring-java to security-support-limited
debootstrap	Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles
distro-info	Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date
distro-info-data	Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates
dpdk	New upstream stable release
dropbear	Fix security measure bypass issue [CVE-2021-36369]; fix terrapin attack [CVE-2023-48795]
exuberant-ctags	Fix arbitrary command execution issue [CVE-2022-4515]
filezilla	Prevent terrapin exploit [CVE-2023-48795]
gimp	Remove old versions of separately packaged dds plugin
glib2.0	Align with upstream stable fixes; fix denial of service issues [CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 CVE-2023-32636]
glibc	Fix a memory corruption in qsort() when using nontransitive comparison functions.
gnutls28	Security fix for timing sidechannel attack [CVE-2023-5981]
imagemagick	Various security fixes [CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]
jqueryui	Fix cross-site scripting issue [CVE-2022-31160]
knewstuff	Ensure correct ProvidersUrl to fix denial of service
libdatetime-timezone-perl	Update included timezone data
libde265	Fix segmentation violation in the function decoder_context::process_slice_segment_header [CVE-2023-27102]; fix heap buffer overflow in the function derive_collocated_motion_vectors [CVE-2023-27103]; fix buffer over-read in pic_parameter_set::dump [CVE-2023-43887]; fix buffer overflow in the slice_segment_header function [CVE-2023-47471]; fix buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
libmateweather	Update included location data; update data server URL
libpod	Fix incorrect handling of supplementary groups [CVE-2022-2989]
libsolv	Enable zstd compression support
libspreadsheet-parsexlsx-perl	Fix possible memory bomb [CVE-2024-22368]; fix XML External Entity issue [CVE-2024-23525]
linux	New upstream stable release; increase ABI to 28
linux-signed-amd64	New upstream stable release; increase ABI to 28
linux-signed-arm64	New upstream stable release; increase ABI to 28
linux-signed-i386	New upstream stable release; increase ABI to 28
llvm-toolchain-16	New backported package to support builds of newer chromium versions; build-dep on llvm-spirv instead of llvm-spirv-16
mariadb-10.5	New upstream stable release; fix denial of service issue [CVE-2023-22084]
minizip	Reject overflows of zip header fields [CVE-2023-45853]
modsecurity-apache	Fix protection bypass issues [CVE-2022-48279 CVE-2023-24021]
nftables	Fix incorrect bytecode generation
node-dottie	Fix prototype pollution issue [CVE-2023-26132]
node-url-parse	Fix authorisation bypass issue [CVE-2022-0512]
node-xml2js	Fix prototype pollution issue [CVE-2023-0842]
nvidia-graphics-drivers	New upstream release [CVE-2023-31022]
nvidia-graphics-drivers-tesla-470	New upstream release [CVE-2023-31022]
opendkim	Properly delete Authentication-Results headers [CVE-2022-48521]
perl	Prevent buffer overflow via illegal Unicode property [CVE-2023-47038]
plasma-desktop	Fix denial of service bug in discover
plasma-discover	Fix denial of service bug; fix build failure
postfix	New upstream stable release; address SMTP smuggling issue [CVE-2023-51764]
postgresql-13	New upstream stable release; fix SQL injection issue [CVE-2023-39417]
postgresql-common	Fix autopkgtests
python-cogent	Skip parallel tests on single-CPU systems
python-django-imagekit	Avoid triggering path traversal detection in tests
python-websockets	Fix predictable duration issue [CVE-2021-33880]
pyzoltan	Build on single core systems
ruby-aws-sdk-core	Include VERSION file in package
spip	Fix cross-site scripting issue
swupdate	Prevent acquiring root privileges through inappropriate socket mode
symfony	Ensure CodeExtension's filters properly escape their input [CVE-2023-46734]
tar	Fix boundary checking in base-256 decoder [CVE-2022-48303], handling of extended header prefixes [CVE-2023-39804]
tinyxml	Fix assertion issue [CVE-2023-34194]
tzdata	Update included timezone data
unadf	Fix stack buffer overflow issue [CVE-2016-1243]; fix arbitary code execution issue [CVE-2016-1244]
usb.ids	Update included data list
vlfeat	Fix FTBFS with newer ImageMagick
weborf	Fix denial of service issue
wolfssl	Fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], key disclosure issue [CVE-2022-42961], predictable buffer in input keying material [CVE-2023-3724]
xerces-c	Fix use-after-free issue [CVE-2018-1311]; fix integer overflow issue [CVE-2023-37536]
zeromq3	Fix fork() detection with gcc 7; update copyright relicense statement

Aggiornamenti della sicurezza

Questa revisione contiene i seguenti aggiornamenti per la sicurezza del rilascio stabile precedente. Il gruppo della sicurezza ha già rilasciato i bollettini per ciascuno di questi aggionamenti::

ID del bollettino	Pacchetto
DSA-5496	firefox-esr
DSA-5499	chromium
DSA-5506	firefox-esr
DSA-5508	chromium
DSA-5509	firefox-esr
DSA-5511	mosquitto
DSA-5512	exim4
DSA-5513	thunderbird
DSA-5514	glibc
DSA-5515	chromium
DSA-5516	libxpm
DSA-5517	libx11
DSA-5518	libvpx
DSA-5519	grub-efi-amd64-signed
DSA-5519	grub-efi-arm64-signed
DSA-5519	grub-efi-ia32-signed
DSA-5519	grub2
DSA-5520	mediawiki
DSA-5522	tomcat9
DSA-5523	curl
DSA-5524	libcue
DSA-5526	chromium
DSA-5527	webkit2gtk
DSA-5528	node-babel7
DSA-5530	ruby-rack
DSA-5531	roundcube
DSA-5533	gst-plugins-bad1.0
DSA-5534	xorg-server
DSA-5535	firefox-esr
DSA-5536	chromium
DSA-5537	openjdk-11
DSA-5538	thunderbird
DSA-5539	node-browserify-sign
DSA-5540	jetty9
DSA-5542	request-tracker4
DSA-5543	open-vm-tools
DSA-5544	zookeeper
DSA-5545	vlc
DSA-5546	chromium
DSA-5547	pmix
DSA-5548	openjdk-17
DSA-5549	trafficserver
DSA-5550	cacti
DSA-5551	chromium
DSA-5554	postgresql-13
DSA-5556	chromium
DSA-5557	webkit2gtk
DSA-5558	netty
DSA-5560	strongswan
DSA-5561	firefox-esr
DSA-5563	intel-microcode
DSA-5564	gimp
DSA-5565	gst-plugins-bad1.0
DSA-5566	thunderbird
DSA-5567	tiff
DSA-5569	chromium
DSA-5570	nghttp2
DSA-5571	rabbitmq-server
DSA-5572	roundcube
DSA-5573	chromium
DSA-5574	libreoffice
DSA-5576	xorg-server
DSA-5577	chromium
DSA-5579	freeimage
DSA-5581	firefox-esr
DSA-5582	thunderbird
DSA-5584	bluez
DSA-5585	chromium
DSA-5586	openssh
DSA-5587	curl
DSA-5588	putty
DSA-5590	haproxy
DSA-5591	libssh
DSA-5592	libspreadsheet-parseexcel-perl
DSA-5594	linux-signed-amd64
DSA-5594	linux-signed-arm64
DSA-5594	linux-signed-i386
DSA-5594	linux
DSA-5595	chromium
DSA-5597	exim4
DSA-5598	chromium
DSA-5599	phpseclib
DSA-5600	php-phpseclib
DSA-5602	chromium
DSA-5603	xorg-server
DSA-5604	openjdk-11
DSA-5605	thunderbird
DSA-5606	firefox-esr
DSA-5608	gst-plugins-bad1.0
DSA-5613	openjdk-17
DSA-5614	zbar
DSA-5615	runc

Pacchetti rimossi

Il seguente pacchetto è stato rimosso dalla distribuzione:

Pacchetto	Motivo
gimp-dds	Integrated in gimp>=2.10

Istallatore Debian

La procedura di installazione è stata aggiornata per includere le correzioni presenti in questo aggiornamento della stable precedente.

URL

L'elenco completo dei pacchetti cambiati in questa revisione:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

La distribuzione stable precedente:

https://deb.debian.org/debian/dists/oldstable/

Aggiornamenti proposti per la distribuzione stable precedente

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Informazioni sulla distribuzione stable precedente (note di rilascio, errata, etc.):

https://www.debian.org/releases/oldstable/

Annunci e informazioni della sicurezza:

https://www.debian.org/security/

Su Debian

Il progetto Debian è una associazione di sviluppatori di software libero che volontariamente offrono il loro tempo e il loro lavoro per produrre il sistema operativo completamente libero Debian.

Contatti

Per maggiori informazioni visitare le pagine web Debian https://www.debian.org/, mandare un email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.