Uppdaterad Debian 10; 10.5 utgiven
1 augusti 2020
Debianprojektet presenterar stolt sin femte uppdatering till dess
stabila utgåva Debian 10 (med kodnamnet buster
).
Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem,
tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner
har redan publicerats separat och refereras när de finns tillgängliga.
Denna punktutgåva adresserar även Debians säkerhetsbulletin: DSA-4735-1 grub2 -- säkerhetsuppdatering som täcker flera CVE-problem rörande GRUB2 UEFI SecureBoots sårbarheter 'BootHole'.
Vänligen notera att punktutgåvan inte innebär en ny version av Debian
10 utan endast uppdaterar några av de inkluderade paketen. Det behövs
inte kastas bort gamla media av buster
. Efter installationen
kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad
Debianspegling..
De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.
Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.
En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:
Blandade felrättningar
Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:
Paket | Orsak |
---|---|
appstream-glib | Fix build failures in 2020 and later |
asunder | Use gnudb instead of freedb by default |
b43-fwcutter | Ensure removal succeeds under non-English locales; do not fail removal if some files no longer exist; fix missing dependencies on pciutils and ca-certificates |
balsa | Provide server identity when validating certificates, allowing successful validation when using the glib-networking patch for CVE-2020-13645 |
base-files | Update for the point release |
batik | Fix server-side request forgery via xlink:href attributes [CVE-2019-17566] |
borgbackup | Fix index corruption bug leading to data loss |
bundler | Update required version of ruby-molinillo |
c-icap-modules | Add support for ClamAV 0.102 |
cacti | Fix issue where UNIX timestamps after September 13th 2020 were rejected as graph start / end; fix remote code execution [CVE-2020-7237], cross-site scripting [CVE-2020-7106], CSRF issue [CVE-2020-13231]; disabling a user account does not immediately invalidate permissions [CVE-2020-13230] |
calamares-settings-debian | Enable displaymanager module, fixing autologin options; use xdg-user-dir to specify Desktop directory |
clamav | New upstream release; security fixes [CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3327 CVE-2020-3481] |
cloud-init | New upstream release |
commons-configuration2 | Prevent object creation when loading YAML files [CVE-2020-1953] |
confget | Fix the Python module's handling of values containing = |
dbus | New upstream stable release; prevent a denial of service issue [CVE-2020-12049]; prevent use-after-free if two usernames share a uid |
debian-edu-config | Fix loss of dynamically allocated IPv4 address |
debian-installer | Update Linux ABI to 4.19.0-10 |
debian-installer-netboot-images | Rebuild against proposed-updates |
debian-ports-archive-keyring | Increase the expiration date of the 2020 key (84C573CD4E1AFD6C) by one year; add Debian Ports Archive Automatic Signing Key (2021); move the 2018 key (ID: 06AED62430CB581C) to the removed keyring |
debian-security-support | Update support status of several packages |
dpdk | New upstream release |
exiv2 | Adjust overly restrictive security patch [CVE-2018-10958 and CVE-2018-10999]; fix denial of service issue [CVE-2018-16336] |
fdroidserver | Fix Litecoin address validation |
file-roller | Security fix [CVE-2020-11736] |
freerdp2 | Fix smartcard logins; security fixes [CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526] |
fwupd | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
fwupd-amd64-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
fwupd-arm64-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
fwupd-armhf-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
fwupd-i386-signed | New upstream release; fix possible signature verification issue [CVE-2020-10759]; use rotated Debian signing keys |
fwupdate | Use rotated Debian signing keys |
fwupdate-amd64-signed | Use rotated Debian signing keys |
fwupdate-arm64-signed | Use rotated Debian signing keys |
fwupdate-armhf-signed | Use rotated Debian signing keys |
fwupdate-i386-signed | Use rotated Debian signing keys |
gist | Avoid deprecated authorization API |
glib-networking | Return bad identity error if identity is unset [CVE-2020-13645]; break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645 breaks balsa's certificate verification |
gnutls28 | Fix TL1.2 resumption errors; fix memory leak; handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers; fix verification error with alternate chains |
intel-microcode | Downgrade some microcodes to previously issued versions, working around hangs on boot on Skylake-U/Y and Skylake Xeon E3 |
jackson-databind | Fix multiple security issues affecting BeanDeserializerFactory [CVE-2020-9548 CVE-2020-9547 CVE-2020-9546 CVE-2020-8840 CVE-2020-14195 CVE-2020-14062 CVE-2020-14061 CVE-2020-14060 CVE-2020-11620 CVE-2020-11619 CVE-2020-11113 CVE-2020-11112 CVE-2020-11111 CVE-2020-10969 CVE-2020-10968 CVE-2020-10673 CVE-2020-10672 CVE-2019-20330 CVE-2019-17531 and CVE-2019-17267] |
jameica | Add mckoisqldb to classpath, allowing use of SynTAX plugin |
jigdo | Fix HTTPS support in jigdo-lite and jigdo-mirror |
ksh | Fix environment variable restriction issue [CVE-2019-14868] |
lemonldap-ng | Fix nginx configuration regression introduced by the fix for CVE-2019-19791 |
libapache-mod-jk | Rename Apache configuration file so it can be automatically enabled and disabled |
libclamunrar | New upstream stable release; add an unversioned meta-package |
libembperl-perl | Handle error pages from Apache >= 2.4.40 |
libexif | Security fixes [CVE-2020-12767 CVE-2020-0093 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114]; fix buffer overflow [CVE-2020-0182] and integer overflow [CVE-2020-0198] |
libinput | Quirks: add trackpoint integration attribute |
libntlm | Fix buffer overflow [CVE-2019-17455] |
libpam-radius-auth | Fix buffer overflow in password field [CVE-2015-9542] |
libunwind | Fix segfaults on mips; manually enable C++ exception support only on i386 and amd64 |
libyang | Fix cache corruption crash, CVE-2019-19333, CVE-2019-19334 |
linux | New upstream stable release |
linux-latest | Update for 4.19.0-10 kernel ABI |
linux-signed-amd64 | New upstream stable release |
linux-signed-arm64 | New upstream stable release |
linux-signed-i386 | New upstream stable release |
lirc | Fix conffile management |
mailutils | maidag: drop setuid privileges for all delivery operations but mda [CVE-2019-18862] |
mariadb-10.3 | New upstream stable release; security fixes [CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 CVE-2020-13249]; fix regression in RocksDB ZSTD detection |
mod-gnutls | Fix a possible segfault on failed TLS handshake; fix test failures |
multipath-tools | kpartx: use correct path to partx in udev rule |
mutt | Don't check IMAP PREAUTH encryption if $tunnel is in use |
mydumper | Link against libm |
nfs-utils | statd: take user-id from /var/lib/nfs/sm [CVE-2019-3689]; don't make /var/lib/nfs owned by statd |
nginx | Fix error page request smuggling vulnerability [CVE-2019-20372] |
nmap | Update default key size to 2048 bits |
node-dot-prop | Fix regression introduced in CVE-2020-8116 fix |
node-handlebars | Disallow calling helperMissingand blockHelperMissingdirectly [CVE-2019-19919] |
node-minimist | Fix prototype pollution [CVE-2020-7598] |
nvidia-graphics-drivers | New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967] |
nvidia-graphics-drivers-legacy-390xx | New upstream stable release; security fixes [CVE-2020-5963 CVE-2020-5967] |
openstack-debian-images | Install resolvconf if installing cloud-init |
pagekite | Avoid issues with expiry of shipped SSL certificates by using those from the ca-certificates package |
pdfchain | Fix crash at startup |
perl | Fix multiple regular expression related security issues [CVE-2020-10543 CVE-2020-10878 CVE-2020-12723] |
php-horde | Fix cross-site scripting vulnerability [CVE-2020-8035] |
php-horde-gollem | Fix cross-site scripting vulnerability in breadcrumb output [CVE-2020-8034] |
pillow | Fix multiple out-of-bounds read issues [CVE-2020-11538 CVE-2020-10378 CVE-2020-10177] |
policyd-rate-limit | Fix issues in accounting due to socket reuse |
postfix | New upstream stable release; fix segfault in the tlsproxy client role when the server role was disabled; fix maillog_file_rotate_suffix default value used the minute instead of the month; fix several TLS related issues; README.Debian fixes |
python-markdown2 | Fix cross-site scripting issue [CVE-2020-11888] |
python3.7 | Avoid infinite loop when reading specially crafted TAR files using the tarfile module [CVE-2019-20907]; resolve hash collisions for IPv4Interface and IPv6Interface [CVE-2020-14422]; fix denial of service issue in urllib.request.AbstractBasicAuthHandler [CVE-2020-8492] |
qdirstat | Fix saving of user-configured MIME categories |
raspi3-firmware | Fix typo that could lead to unbootable systems |
resource-agents | IPsrcaddr: make protooptional to fix regression when used without NetworkManager |
ruby-json | Fix unsafe object creation vulnerability [CVE-2020-10663] |
shim | Use rotated Debian signing keys |
shim-helpers-amd64-signed | Use rotated Debian signing keys |
shim-helpers-arm64-signed | Use rotated Debian signing keys |
shim-helpers-i386-signed | Use rotated Debian signing keys |
speedtest-cli | Pass correct headers to fix upload speed test |
ssvnc | Fix out-of-bounds write [CVE-2018-20020], infinite loop [CVE-2018-20021], improper initialisation [CVE-2018-20022], potential denial-of-service [CVE-2018-20024] |
storebackup | Fix possible privilege escalation vulnerability [CVE-2020-7040] |
suricata | Fix dropping privileges in nflog runmode |
tigervnc | Don't use libunwind on armel, armhf or arm64 |
transmission | Fix possible denial of service issue [CVE-2018-10756] |
wav2cdr | Use C99 fixed-size integer types to fix runtime assertion on 64bit architectures other than amd64 and alpha |
zipios++ | Security fix [CVE-2019-13453] |
Säkerhetsuppdateringar
Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:
Borttagna paket
Följande paket har tagits bort på grund av omständigheter utom vår kontroll:
Paket | Orsak |
---|---|
golang-github-unknwon-cae | Security issues; unmaintained |
janus | Not supportable in stable |
mathematica-fonts | Relies on unavailable download location |
matrix-synapse | Security issues; unsupportable |
selenium-firefoxdriver | Incompatible with newer Firefox ESR versions |
Debianinstalleraren
Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.
URLer
Den fullständiga listan på paket som har förändrats i denna revision:
Den aktuella stabila utgåvan:
Föreslagna uppdateringar till den stabila utgåvan:
Information om den stabila utgåvan (versionsfakta, kända problem osv.):
Säkerhetsbulletiner och information:
Om Debian
Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.
Kontaktinformation
För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.