Aggiornamento Debian 10: rilasciato 10.11

9 Ottobre 2021

Il progetto Debian è felice di annunciare l'undicesimo aggiornamento della sua distribuzione oldstable Debian 10 (codice buster). Questo rilascio minore aggiunge principalmente correzioni e risoluzioni di problemi di sicurezza, oltre che pochi aggiustamenti per problemi seri. Gli annunci della sicurezza sono già stati pubblicati separatamente e sono qui elencati quando disponibili.

Questo aggiornamento minore non costituisce una nuova versione di Debian 10 ma ne aggiorna solamente alcuni pacchetti. Non è necessario buttare via il vecchio supporto di buster: dopo l'installazione i pacchetti potranno essere aggiornati all'ultima versione usando un mirror aggiornato.

Quelli che installano frequentemente gli aggiornamenti da security.debian.org non dovranno aggiornare molti pacchetti, e molti di questi aggiornamenti sono inclusi anche nel rilascio minore.

Nuove immagini per l'installazione verranno presto rese disponibili al solito indirizzo.

Per aggiornare una installazione esistente a questa revisione è sufficiente usare il sistema di gestione dei pacchetti e uno dei tanti mirror HTTP Debian. Un elenco completo dei mirror è disponibile qui:

https://www.debian.org/mirror/list

Aggiornamenti vari

Questo aggiornamento alla versione oldstable aggiungere alcune importanti correzioni ai seguenti pacchetti:

Pacchetto	Motivo
atftp	Fix buffer overflow [CVE-2021-41054]
base-files	Update for the 10.11 point release
btrbk	Fix arbitrary code execution issue [CVE-2021-38173]
clamav	New upstream stable release; fix clamdscan segfaults when --fdpass and --multipass are used together with ExcludePath
commons-io	Fix path traversal issue [CVE-2021-29425]
cyrus-imapd	Fix denial-of-service issue [CVE-2021-33582]
debconf	Check that whiptail or dialog is actually usable
debian-installer	Rebuild against buster-proposed-updates; update Linux ABI to 4.19.0-18
debian-installer-netboot-images	Rebuild against buster-proposed-updates
distcc	Fix GCC cross-compiler links in update-distcc-symlinks and add support for clang and CUDA (nvcc)
distro-info-data	Update included data for several releases
dwarf-fortress	Remove undistributable prebuilt shared libraries from the source tarball
espeak-ng	Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed
gcc-mingw-w64	Fix gcov handling
gthumb	Fix heap-based buffer overflow issue [CVE-2019-20326]
hg-git	Fix test failures with recent git versions
htslib	Fix autopkgtest on i386
http-parser	Fix HTTP request smuggling issue [CVE-2019-15605]
irssi	Fix use after free issue when sending SASL login to the server [CVE-2019-13045]
java-atk-wrapper	Also use dbus to detect accessibility being enabled
krb5	Fix KDC null dereference crash on FAST request with no server field [CVE-2021-37750]; fix memory leak in krb5_gss_inquire_cred
libdatetime-timezone-perl	New upstream stable release; update DST rules for Samoa and Jordon; confirmation of no leap second on 2021-12-31
libpam-tacplus	Prevent shared secrets from being added in plaintext to the system log [CVE-2020-13881]
linux	proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-latest	Update to 4.19.0-18 kernel ABI
linux-signed-amd64	proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-signed-arm64	proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-signed-i386	proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
mariadb-10.3	New upstream stable release; security fixes [CVE-2021-2389 CVE-2021-2372]; fix Perl executable path in scripts
modsecurity-crs	Fix request body bypass issue [CVE-2021-35368]
node-ansi-regex	Fix regular expression-based denial of service issue [CVE-2021-3807]
node-axios	Fix regular expression-based denial of service issue [CVE-2021-3749]
node-jszip	Use a null prototype object for this.files [CVE-2021-23413]
node-tar	Remove non-directory paths from the directory cache [CVE-2021-32803]; strip absolute paths more comprehensively [CVE-2021-32804]
nvidia-cuda-toolkit	Fix setting of NVVMIR_LIBRARY_DIR on ppc64el
nvidia-graphics-drivers	New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-driver-libs: Add Recommends: libnvidia-encode1
nvidia-graphics-drivers-legacy-390xx	New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-legacy-390xx-encode1
postgresql-11	New upstream stable release; fix mis-planning of repeated application of a projection step [CVE-2021-3677]; disallow SSL renegotiation more completely
proftpd-dfsg	Fix mod_radius leaks memory contents to radius server, cannot disable client-initiated renegotiation for FTPS, navigation into symlinked directories, mod_sftp crash when using pubkey-auth with DSA keys
psmisc	Fix regression in killall not matching process with names longer than 15 characters
python-uflash	Update firmware URL
request-tracker4	Fix login timing side-channel attack issue [CVE-2021-38562]
ring	Fix denial of service issue in the embedded copy of pjproject [CVE-2021-21375]
sabnzbdplus	Prevent directory escape in renamer function [CVE-2021-29488]
shim	Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-amd64-signed	Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-arm64-signed	Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-i386-signed	Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-signed	Work around boot-breaking issues on arm64 by including an older known working version of unsigned shim on that platform; switch arm64 back to using a current unsigned build; add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shiro	Fix authentication bypass issues [CVE-2020-1957 CVE-2020-11989 CVE-2020-13933 CVE-2020-17510]; update Spring Framework compatibility patch; support Guice 4
tzdata	Update DST rules for Samoa and Jordan; confirm the absence of a leap second on 2021-12-31
ublock-origin	New upstream stable release; fix denial of service issue [CVE-2021-36773]
ulfius	Ensure memory is initialised before use [CVE-2021-40540]
xmlgraphics-commons	Fix Server-Side Request Forgery issue [CVE-2020-11988]
yubikey-manager	Add missing dependency on python3-pkg-resources to yubikey-manager

Aggiornamenti della sicurezza

Questa versione include i seguenti aggiornamenti della sicurezza al rilascio oldstable. Il gruppo della sicurezza ha già rilasciato un avviso per ciascuno di essi:

ID avviso	Pacchetto
DSA-4842	thunderbird
DSA-4866	thunderbird
DSA-4876	thunderbird
DSA-4897	thunderbird
DSA-4927	thunderbird
DSA-4931	xen
DSA-4932	tor
DSA-4933	nettle
DSA-4934	intel-microcode
DSA-4935	php7.3
DSA-4936	libuv1
DSA-4937	apache2
DSA-4938	linuxptp
DSA-4939	firefox-esr
DSA-4940	thunderbird
DSA-4941	linux-signed-amd64
DSA-4941	linux-signed-arm64
DSA-4941	linux-signed-i386
DSA-4941	linux
DSA-4942	systemd
DSA-4943	lemonldap-ng
DSA-4944	krb5
DSA-4945	webkit2gtk
DSA-4946	openjdk-11-jre-dcevm
DSA-4946	openjdk-11
DSA-4947	libsndfile
DSA-4948	aspell
DSA-4949	jetty9
DSA-4950	ansible
DSA-4951	bluez
DSA-4952	tomcat9
DSA-4953	lynx
DSA-4954	c-ares
DSA-4955	libspf2
DSA-4956	firefox-esr
DSA-4957	trafficserver
DSA-4958	exiv2
DSA-4959	thunderbird
DSA-4961	tor
DSA-4962	ledgersmb
DSA-4963	openssl
DSA-4964	grilo
DSA-4967	squashfs-tools
DSA-4969	firefox-esr
DSA-4970	postorius
DSA-4971	ntfs-3g
DSA-4973	thunderbird
DSA-4974	nextcloud-desktop
DSA-4975	webkit2gtk
DSA-4979	mediawiki

Pacchetti rimossi

I seguenti pacchetti sono stati rimossi per motivi esterni alla nostra volontà:

Pacchetto	Motivo
birdtray	Incompatible with newer Thunderbird versions
libprotocol-acme-perl	Only supports obsolete ACME version 1

Procedura di installazione di Debian

La procedura di installazione è stata aggiornata per includere gli aggiornamenti presenti in questo rilascio minore.

URL

L'elenco completo dei pacchetti che sono cambiati con questa revisione:

https://deb.debian.org/debian/dists/buster/ChangeLog

La attuale distribuzione oldstable:

https://deb.debian.org/debian/dists/oldstable/

Aggiornamenti proposti per la distribuzione oldstable:

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Informazioni sulla distribuzione oldstable (note di rilascio, errata, etc.):

https://www.debian.org/releases/oldstable/

Annunci e informazioni sulla sicurezza:

https://www.debian.org/security/

Su Debian

Il progetto Debian è una associazione di sviluppatori di software libero che offrono volontariamente il loro tempo e il loro lavoro per produrre il sistema operativo totalmente libero Debian.

Contatti

Per maggiori informazioni, visitare le pagine web del sito Debian https://www.debian.org/, inviare email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.