Aggiornamento Debian 10: rilasciato 10.10

19 Giugno 2021

Il progetto Debian è felice di annunciare il decimo aggiornamento della sua distribuzione stabile Debian 10 (codice buster). Questo rilascio minore aggiunge principalmente correzioni e risoluzioni di problemi di sicurezza, oltre che pochi aggiustamenti per problemi seri. Gli annunci della sicurezza sono già stati pubblicati separatamente e sono qui elencati quando disponibili.

Questo aggiornamento minore non costituisce una nuova versione di Debian 10 ma ne aggiorna solamente alcuni pacchetti. Non è necessario buttare via il vecchio supporto di buster: dopo l'installazione i pacchetti potranno essere aggiornati all'ultima versione usando un mirror aggiornato.

Quelli che installano frequentemente gli aggiornamenti da security.debian.org non dovranno aggiornare molti pacchetti, e molti di questi aggiornamenti sono inclusi anche nel rilascio minore.

Nuove immagini per l'installazione verranno presto rese disponibili al solito indirizzo.

Per aggiornare una installazione esistente a questa revisione è sufficiente usare il sistema di gestione dei pacchetti e uno dei tanti mirror HTTP Debian. Un elenco completo dei mirror è disponibile qui:

https://www.debian.org/mirror/list

Aggiornamenti vari

Questo aggiornamento alla versione stabile aggiungere alcune importanti correzioni ai seguenti pacchetti:

Pacchetto Motivo
apt Accept suite name changes for repositories by default (e.g. stable -> oldstable)
awstats Fix remote file access issues [CVE-2020-29600 CVE-2020-35176]
base-files Update /etc/debian_version for the 10.10 point release
berusky2 Fix segfault at startup
clamav New upstream stable release; fix denial of security issue [CVE-2021-1405]
clevis Fix support for TPMs that only support SHA256
connman dnsproxy: Check the length of buffers before memcpy [CVE-2021-33833]
crmsh Fix code execution issue [CVE-2020-35459]
debian-installer Use 4.19.0-17 Linux kernel ABI
debian-installer-netboot-images Rebuild against proposed-updates
dnspython XFR: do not attempt to compare to a non-existent expiration value
dput-ng Fix crash in the sftp uploader in case of EACCES from the server; update codenames; make dcut dm work for non-uploading DDs; fix a TypeError in http upload exception handling; don't try and construct uploader email from system hostname in .dak-commands files
eterm Fix code execution issue [CVE-2021-33477]
exactimage Fix build with C++11 and OpenEXR 2.5.x
fig2dev Fix buffer overflow [CVE-2021-3561]; several output fixes; rebuild testsuite during build and in autopkgtest
fluidsynth Fix use-after-free issue [CVE-2021-28421]
freediameter Fix denial of service issue [CVE-2020-6098]
fwupd Fix generation of the vendor SBAT string; stop using dpkg-dev in fwupd.preinst; new upstream stable version
fwupd-amd64-signed Sync with fwupd
fwupd-arm64-signed Sync with fwupd
fwupd-armhf-signed Sync with fwupd
fwupd-i386-signed Sync with fwupd
fwupdate Improve SBAT support
fwupdate-amd64-signed Sync with fwupdate
fwupdate-arm64-signed Sync with fwupdate
fwupdate-armhf-signed Sync with fwupdate
fwupdate-i386-signed Sync with fwupdate
glib2.0 Fix several integer overflow issues [CVE-2021-27218 CVE-2021-27219]; fix a symlink attack affecting file-roller [CVE-2021-28153]
gnutls28 Fix null-pointer dereference issue [CVE-2020-24659]; add several improvements to memory reallocation
golang-github-docker-docker-credential-helpers Fix double free issue [CVE-2019-1020014]
htmldoc Fix buffer overflow issues [CVE-2019-19630 CVE-2021-20308]
ipmitool Fix buffer overflow issues [CVE-2020-5208]
ircii Fix denial of service issue [CVE-2021-29376]
isc-dhcp Fix buffer overrun issue [CVE-2021-25217]
isync Reject funny mailbox names from IMAP LIST/LSUB [CVE-2021-20247]; fix handling of unexpected APPENDUID response code [CVE-2021-3578]
jackson-databind Fix external entity expansion issue [CVE-2020-25649] and several serialization-related issues [CVE-2020-24616 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-20190]
klibc malloc: Set errno on failure; fix several overflow issues [CVE-2021-31873 CVE-2021-31870 CVE-2021-31872]; cpio: Fix possible crash on 64-bit systems [CVE-2021-31871]; {set,long}jmp [s390x]: save/restore the correct FPU registers
libbusiness-us-usps-webtools-perl Update to new US-USPS API
libgcrypt20 Fix weak ElGamal encryption with keys not generated by GnuPG/libgcrypt [CVE-2021-40528]
libgetdata Fix use after free issue [CVE-2021-20204]
libmateweather Adapt to renaming of America/Godthab to America/Nuuk in tzdata
libxml2 Fix out-of-bounds read in xmllint [CVE-2020-24977]; fix use-after-free issues in xmllint [CVE-2021-3516 CVE-2021-3518]; validate UTF8 in xmlEncodeEntities [CVE-2021-3517]; propagate error in xmlParseElementChildrenContentDeclPriv; fix exponential entity expansion attack [CVE-2021-3541]
liferea Fix compatibility with webkit2gtk >= 2.32
linux New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81
linux-latest Update to 4.19.0-17 ABI
linux-signed-amd64 New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81
linux-signed-arm64 New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81
linux-signed-i386 New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81
mariadb-10.3 New upstream release; security fixes [CVE-2021-2154 CVE-2021-2166 CVE-2021-27928]; fix Innotop support; ship caching_sha2_password.so
mqtt-client Fix denial of service issue [CVE-2019-0222]
mumble Fix remote code execution issue [CVE-2021-27229]
mupdf Fix use-after-free issue [CVE-2020-16600] and double free issue [CVE-2021-3407]
nmap Update included MAC prefix list
node-glob-parent Fix regular expression denial of service issue [CVE-2020-28469]
node-handlebars Fix code execution issues [CVE-2019-20920 CVE-2021-23369]
node-hosted-git-info Fix regular expression denial of service issue [CVE-2021-23362]
node-redis Fix regular expression denial of service issue [CVE-2021-29469]
node-ws Fix regular expression-related denial of service issue [CVE-2021-32640]
nvidia-graphics-drivers Fix improper access control vulnerability [CVE-2021-1076]
nvidia-graphics-drivers-legacy-390xx Fix improper access control vulnerability [CVE-2021-1076]; fix installation failure on Linux 5.11 release candidates
opendmarc Fix heap overflow issue [CVE-2020-12460]
openvpn Fix illegal client float issue [CVE-2020-11810]; ensure key state is authenticated before sending push reply [CVE-2020-15078]; increase listen() backlog queue to 32
php-horde-text-filter Fix cross-site scripting issue [CVE-2021-26929]
plinth Use session to verify first boot welcome step
ruby-websocket-extensions Fix denial of service issue [CVE-2020-7663]
rust-rustyline Fix build with newer rustc
rxvt-unicode Disable ESC G Q escape sequence [CVE-2021-33477]
sabnzbdplus Fix code execution vulnerability [CVE-2020-13124]
scrollz Fix denial of service issue [CVE-2021-29376]
shim New upstream release; add SBAT support; fix i386 binary relocations; don't call QueryVariableInfo() on EFI 1.10 machines (e.g. older Intel Macs); fix handling of ignore_db and user_insecure_mode; add maintainer scripts to the template packages to manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages; exit cleanly if installed on a non-EFI system; don't fail if debconf calls return errors
shim-helpers-amd64-signed Sync with shim
shim-helpers-arm64-signed Sync with shim
shim-helpers-i386-signed Sync with shim
shim-signed Update for new shim; multiple bugfixes in postinst and postrm handling; provide unsigned binaries for arm64 (see NEWS.Debian); exit cleanly if installed on a non-EFI system; don't fail if debconf calls return errors; fix documentation links; build against shim-unsigned 15.4-5~deb10u1; add explicit dependency from shim-signed to shim-signed-common
speedtest-cli Handle case where ignoreids is empty or contains empty ids
tnef Fix buffer over-read issue [CVE-2019-18849]
uim libuim-data: Copy Breaks from uim-data, fixing some upgrade scenarios
user-mode-linux Rebuild against Linux kernel 4.19.194-1
velocity Fix potential arbitrary code execution issue [CVE-2020-13936]
wml Fix regression in Unicode handling
xfce4-weather-plugin Move to version 2.0 met.no API

Aggiornamenti della sicurezza

Questa versione include i seguenti aggiornamenti della sicurezza al rilascio stabile. Il gruppo della sicurezza ha già rilasciato un avviso per ciascuno di essi:

ID avviso Pacchetto
DSA-4848 golang-1.11
DSA-4865 docker.io
DSA-4873 squid
DSA-4874 firefox-esr
DSA-4875 openssl
DSA-4877 webkit2gtk
DSA-4878 pygments
DSA-4879 spamassassin
DSA-4880 lxml
DSA-4881 curl
DSA-4882 openjpeg2
DSA-4883 underscore
DSA-4884 ldb
DSA-4885 netty
DSA-4886 chromium
DSA-4887 lib3mf
DSA-4888 xen
DSA-4889 mediawiki
DSA-4890 ruby-kramdown
DSA-4891 tomcat9
DSA-4892 python-bleach
DSA-4893 xorg-server
DSA-4894 php-pear
DSA-4895 firefox-esr
DSA-4896 wordpress
DSA-4898 wpa
DSA-4899 openjdk-11-jre-dcevm
DSA-4899 openjdk-11
DSA-4900 gst-plugins-good1.0
DSA-4901 gst-libav1.0
DSA-4902 gst-plugins-bad1.0
DSA-4903 gst-plugins-base1.0
DSA-4904 gst-plugins-ugly1.0
DSA-4905 shibboleth-sp
DSA-4907 composer
DSA-4908 libhibernate3-java
DSA-4909 bind9
DSA-4910 libimage-exiftool-perl
DSA-4912 exim4
DSA-4913 hivex
DSA-4914 graphviz
DSA-4915 postgresql-11
DSA-4916 prosody
DSA-4918 ruby-rack-cors
DSA-4919 lz4
DSA-4920 libx11
DSA-4921 nginx
DSA-4922 hyperkitty
DSA-4923 webkit2gtk
DSA-4924 squid
DSA-4925 firefox-esr
DSA-4926 lasso
DSA-4928 htmldoc
DSA-4929 rails
DSA-4930 libwebp

Pacchetti rimossi

I seguenti pacchetti sono stati rimossi per motivi esterni alla nostra volontà:

Pacchetto Motivo
sogo-connector Incompatible with current Thunderbird versions

Procedura di installazione di Debian

La procedura di installazione è stata aggiornata per includere gli aggiornamenti presenti in questo rilascio minore.

URL

L'elenco completo dei pacchetti che sono cambiati con questa revisione:

http://ftp.debian.org/debian/dists/buster/ChangeLog

La attuale distribuzione stabile:

http://ftp.debian.org/debian/dists/stable/

Aggiornamenti proposti per la distribuzione stabile:

http://ftp.debian.org/debian/dists/proposed-updates

Informazioni sulla distribuzione stabile (note di rilascio, errata, etc.):

https://www.debian.org/releases/stable/

Annunci e informazioni sulla sicurezza:

https://www.debian.org/security/

Su Debian

Il progetto Debian è una associazione di sviluppatori di software libero che offrono volontariamente il loro tempo e il loro lavoro per produrre il sistema operativo totalmente libero Debian.

Contatti

Per maggiori informazioni, visitare le pagine web del sito Debian https://www.debian.org/, inviare email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.