Aggiornamento Debian 10: rilasciato 10.10
19 Giugno 2021
Il progetto Debian è felice di annunciare il decimo aggiornamento della
sua distribuzione stabile Debian 10 (codice buster
).
Questo rilascio minore aggiunge principalmente correzioni e risoluzioni
di problemi di sicurezza, oltre che pochi aggiustamenti per problemi seri.
Gli annunci della sicurezza sono già stati pubblicati separatamente e sono
qui elencati quando disponibili.
Questo aggiornamento minore non costituisce una nuova versione di Debian
10 ma ne aggiorna solamente alcuni pacchetti. Non è necessario buttare
via il vecchio supporto di buster
: dopo l'installazione i pacchetti
potranno essere aggiornati all'ultima versione usando un mirror aggiornato.
Quelli che installano frequentemente gli aggiornamenti da security.debian.org non dovranno aggiornare molti pacchetti, e molti di questi aggiornamenti sono inclusi anche nel rilascio minore.
Nuove immagini per l'installazione verranno presto rese disponibili al solito indirizzo.
Per aggiornare una installazione esistente a questa revisione è sufficiente usare il sistema di gestione dei pacchetti e uno dei tanti mirror HTTP Debian. Un elenco completo dei mirror è disponibile qui:
Aggiornamenti vari
Questo aggiornamento alla versione stabile aggiungere alcune importanti correzioni ai seguenti pacchetti:
| Pacchetto | Motivo |
|---|---|
| apt | Accept suite name changes for repositories by default (e.g. stable -> oldstable) |
| awstats | Fix remote file access issues [CVE-2020-29600 CVE-2020-35176] |
| base-files | Update /etc/debian_version for the 10.10 point release |
| berusky2 | Fix segfault at startup |
| clamav | New upstream stable release; fix denial of security issue [CVE-2021-1405] |
| clevis | Fix support for TPMs that only support SHA256 |
| connman | dnsproxy: Check the length of buffers before memcpy [CVE-2021-33833] |
| crmsh | Fix code execution issue [CVE-2020-35459] |
| debian-installer | Use 4.19.0-17 Linux kernel ABI |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| dnspython | XFR: do not attempt to compare to a non-existent expirationvalue |
| dput-ng | Fix crash in the sftp uploader in case of EACCES from the server; update codenames; make dcut dmwork for non-uploading DDs; fix a TypeError in http upload exception handling; don't try and construct uploader email from system hostname in .dak-commands files |
| eterm | Fix code execution issue [CVE-2021-33477] |
| exactimage | Fix build with C++11 and OpenEXR 2.5.x |
| fig2dev | Fix buffer overflow [CVE-2021-3561]; several output fixes; rebuild testsuite during build and in autopkgtest |
| fluidsynth | Fix use-after-free issue [CVE-2021-28421] |
| freediameter | Fix denial of service issue [CVE-2020-6098] |
| fwupd | Fix generation of the vendor SBAT string; stop using dpkg-dev in fwupd.preinst; new upstream stable version |
| fwupd-amd64-signed | Sync with fwupd |
| fwupd-arm64-signed | Sync with fwupd |
| fwupd-armhf-signed | Sync with fwupd |
| fwupd-i386-signed | Sync with fwupd |
| fwupdate | Improve SBAT support |
| fwupdate-amd64-signed | Sync with fwupdate |
| fwupdate-arm64-signed | Sync with fwupdate |
| fwupdate-armhf-signed | Sync with fwupdate |
| fwupdate-i386-signed | Sync with fwupdate |
| glib2.0 | Fix several integer overflow issues [CVE-2021-27218 CVE-2021-27219]; fix a symlink attack affecting file-roller [CVE-2021-28153] |
| gnutls28 | Fix null-pointer dereference issue [CVE-2020-24659]; add several improvements to memory reallocation |
| golang-github-docker-docker-credential-helpers | Fix double free issue [CVE-2019-1020014] |
| htmldoc | Fix buffer overflow issues [CVE-2019-19630 CVE-2021-20308] |
| ipmitool | Fix buffer overflow issues [CVE-2020-5208] |
| ircii | Fix denial of service issue [CVE-2021-29376] |
| isc-dhcp | Fix buffer overrun issue [CVE-2021-25217] |
| isync | Reject funnymailbox names from IMAP LIST/LSUB [CVE-2021-20247]; fix handling of unexpected APPENDUID response code [CVE-2021-3578] |
| jackson-databind | Fix external entity expansion issue [CVE-2020-25649] and several serialization-related issues [CVE-2020-24616 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-20190] |
| klibc | malloc: Set errno on failure; fix several overflow issues [CVE-2021-31873 CVE-2021-31870 CVE-2021-31872]; cpio: Fix possible crash on 64-bit systems [CVE-2021-31871]; {set,long}jmp [s390x]: save/restore the correct FPU registers |
| libbusiness-us-usps-webtools-perl | Update to new US-USPS API |
| libgcrypt20 | Fix weak ElGamal encryption with keys not generated by GnuPG/libgcrypt [CVE-2021-40528] |
| libgetdata | Fix use after free issue [CVE-2021-20204] |
| libmateweather | Adapt to renaming of America/Godthab to America/Nuuk in tzdata |
| libxml2 | Fix out-of-bounds read in xmllint [CVE-2020-24977]; fix use-after-free issues in xmllint [CVE-2021-3516 CVE-2021-3518]; validate UTF8 in xmlEncodeEntities [CVE-2021-3517]; propagate error in xmlParseElementChildrenContentDeclPriv; fix exponential entity expansion attack [CVE-2021-3541] |
| liferea | Fix compatibility with webkit2gtk >= 2.32 |
| linux | New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81 |
| linux-latest | Update to 4.19.0-17 ABI |
| linux-signed-amd64 | New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81 |
| linux-signed-arm64 | New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81 |
| linux-signed-i386 | New upstream stable release; increase ABI to 17; [rt] Update to 4.19.193-rt81 |
| mariadb-10.3 | New upstream release; security fixes [CVE-2021-2154 CVE-2021-2166 CVE-2021-27928]; fix Innotop support; ship caching_sha2_password.so |
| mqtt-client | Fix denial of service issue [CVE-2019-0222] |
| mumble | Fix remote code execution issue [CVE-2021-27229] |
| mupdf | Fix use-after-free issue [CVE-2020-16600] and double free issue [CVE-2021-3407] |
| nmap | Update included MAC prefix list |
| node-glob-parent | Fix regular expression denial of service issue [CVE-2020-28469] |
| node-handlebars | Fix code execution issues [CVE-2019-20920 CVE-2021-23369] |
| node-hosted-git-info | Fix regular expression denial of service issue [CVE-2021-23362] |
| node-redis | Fix regular expression denial of service issue [CVE-2021-29469] |
| node-ws | Fix regular expression-related denial of service issue [CVE-2021-32640] |
| nvidia-graphics-drivers | Fix improper access control vulnerability [CVE-2021-1076] |
| nvidia-graphics-drivers-legacy-390xx | Fix improper access control vulnerability [CVE-2021-1076]; fix installation failure on Linux 5.11 release candidates |
| opendmarc | Fix heap overflow issue [CVE-2020-12460] |
| openvpn | Fix illegal client floatissue [CVE-2020-11810]; ensure key state is authenticated before sending push reply [CVE-2020-15078]; increase listen() backlog queue to 32 |
| php-horde-text-filter | Fix cross-site scripting issue [CVE-2021-26929] |
| plinth | Use session to verify first boot welcome step |
| ruby-websocket-extensions | Fix denial of service issue [CVE-2020-7663] |
| rust-rustyline | Fix build with newer rustc |
| rxvt-unicode | Disable ESC G Q escape sequence [CVE-2021-33477] |
| sabnzbdplus | Fix code execution vulnerability [CVE-2020-13124] |
| scrollz | Fix denial of service issue [CVE-2021-29376] |
| shim | New upstream release; add SBAT support; fix i386 binary relocations; don't call QueryVariableInfo() on EFI 1.10 machines (e.g. older Intel Macs); fix handling of ignore_db and user_insecure_mode; add maintainer scripts to the template packages to manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages; exit cleanly if installed on a non-EFI system; don't fail if debconf calls return errors |
| shim-helpers-amd64-signed | Sync with shim |
| shim-helpers-arm64-signed | Sync with shim |
| shim-helpers-i386-signed | Sync with shim |
| shim-signed | Update for new shim; multiple bugfixes in postinst and postrm handling; provide unsigned binaries for arm64 (see NEWS.Debian); exit cleanly if installed on a non-EFI system; don't fail if debconf calls return errors; fix documentation links; build against shim-unsigned 15.4-5~deb10u1; add explicit dependency from shim-signed to shim-signed-common |
| speedtest-cli | Handle case where ignoreidsis empty or contains empty ids |
| tnef | Fix buffer over-read issue [CVE-2019-18849] |
| uim | libuim-data: Copy Breaksfrom uim-data, fixing some upgrade scenarios |
| user-mode-linux | Rebuild against Linux kernel 4.19.194-1 |
| velocity | Fix potential arbitrary code execution issue [CVE-2020-13936] |
| wml | Fix regression in Unicode handling |
| xfce4-weather-plugin | Move to version 2.0 met.no API |
Aggiornamenti della sicurezza
Questa versione include i seguenti aggiornamenti della sicurezza al rilascio stabile. Il gruppo della sicurezza ha già rilasciato un avviso per ciascuno di essi:
Pacchetti rimossi
I seguenti pacchetti sono stati rimossi per motivi esterni alla nostra volontà:
| Pacchetto | Motivo |
|---|---|
| sogo-connector | Incompatible with current Thunderbird versions |
Procedura di installazione di Debian
La procedura di installazione è stata aggiornata per includere gli aggiornamenti presenti in questo rilascio minore.
URL
L'elenco completo dei pacchetti che sono cambiati con questa revisione:
La attuale distribuzione stabile:
Aggiornamenti proposti per la distribuzione stabile:
Informazioni sulla distribuzione stabile (note di rilascio, errata, etc.):
Annunci e informazioni sulla sicurezza:
Su Debian
Il progetto Debian è una associazione di sviluppatori di software libero che offrono volontariamente il loro tempo e il loro lavoro per produrre il sistema operativo totalmente libero Debian.
Contatti
Per maggiori informazioni, visitare le pagine web del sito Debian https://www.debian.org/, inviare email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.