Aggiornamento Debian 10: rilasciato 10.11
9 Ottobre 2021
Il progetto Debian è felice di annunciare l'undicesimo aggiornamento della
sua distribuzione oldstable Debian 10 (codice buster
).
Questo rilascio minore aggiunge principalmente correzioni e risoluzioni
di problemi di sicurezza, oltre che pochi aggiustamenti per problemi seri.
Gli annunci della sicurezza sono già stati pubblicati separatamente e sono
qui elencati quando disponibili.
Questo aggiornamento minore non costituisce una nuova versione di Debian
10 ma ne aggiorna solamente alcuni pacchetti. Non è necessario buttare
via il vecchio supporto di buster
: dopo l'installazione i pacchetti
potranno essere aggiornati all'ultima versione usando un mirror aggiornato.
Quelli che installano frequentemente gli aggiornamenti da security.debian.org non dovranno aggiornare molti pacchetti, e molti di questi aggiornamenti sono inclusi anche nel rilascio minore.
Nuove immagini per l'installazione verranno presto rese disponibili al solito indirizzo.
Per aggiornare una installazione esistente a questa revisione è sufficiente usare il sistema di gestione dei pacchetti e uno dei tanti mirror HTTP Debian. Un elenco completo dei mirror è disponibile qui:
Aggiornamenti vari
Questo aggiornamento alla versione oldstable aggiungere alcune importanti correzioni ai seguenti pacchetti:
Pacchetto | Motivo |
---|---|
atftp | Fix buffer overflow [CVE-2021-41054] |
base-files | Update for the 10.11 point release |
btrbk | Fix arbitrary code execution issue [CVE-2021-38173] |
clamav | New upstream stable release; fix clamdscan segfaults when --fdpass and --multipass are used together with ExcludePath |
commons-io | Fix path traversal issue [CVE-2021-29425] |
cyrus-imapd | Fix denial-of-service issue [CVE-2021-33582] |
debconf | Check that whiptail or dialog is actually usable |
debian-installer | Rebuild against buster-proposed-updates; update Linux ABI to 4.19.0-18 |
debian-installer-netboot-images | Rebuild against buster-proposed-updates |
distcc | Fix GCC cross-compiler links in update-distcc-symlinks and add support for clang and CUDA (nvcc) |
distro-info-data | Update included data for several releases |
dwarf-fortress | Remove undistributable prebuilt shared libraries from the source tarball |
espeak-ng | Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed |
gcc-mingw-w64 | Fix gcov handling |
gthumb | Fix heap-based buffer overflow issue [CVE-2019-20326] |
hg-git | Fix test failures with recent git versions |
htslib | Fix autopkgtest on i386 |
http-parser | Fix HTTP request smuggling issue [CVE-2019-15605] |
irssi | Fix use after free issue when sending SASL login to the server [CVE-2019-13045] |
java-atk-wrapper | Also use dbus to detect accessibility being enabled |
krb5 | Fix KDC null dereference crash on FAST request with no server field [CVE-2021-37750]; fix memory leak in krb5_gss_inquire_cred |
libdatetime-timezone-perl | New upstream stable release; update DST rules for Samoa and Jordon; confirmation of no leap second on 2021-12-31 |
libpam-tacplus | Prevent shared secrets from being added in plaintext to the system log [CVE-2020-13881] |
linux | proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159] |
linux-latest | Update to 4.19.0-18 kernel ABI |
linux-signed-amd64 | proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159] |
linux-signed-arm64 | proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159] |
linux-signed-i386 | proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159] |
mariadb-10.3 | New upstream stable release; security fixes [CVE-2021-2389 CVE-2021-2372]; fix Perl executable path in scripts |
modsecurity-crs | Fix request body bypass issue [CVE-2021-35368] |
node-ansi-regex | Fix regular expression-based denial of service issue [CVE-2021-3807] |
node-axios | Fix regular expression-based denial of service issue [CVE-2021-3749] |
node-jszip | Use a null prototype object for this.files [CVE-2021-23413] |
node-tar | Remove non-directory paths from the directory cache [CVE-2021-32803]; strip absolute paths more comprehensively [CVE-2021-32804] |
nvidia-cuda-toolkit | Fix setting of NVVMIR_LIBRARY_DIR on ppc64el |
nvidia-graphics-drivers | New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-driver-libs: Add Recommends: libnvidia-encode1 |
nvidia-graphics-drivers-legacy-390xx | New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-legacy-390xx-encode1 |
postgresql-11 | New upstream stable release; fix mis-planning of repeated application of a projection step [CVE-2021-3677]; disallow SSL renegotiation more completely |
proftpd-dfsg | Fix mod_radius leaks memory contents to radius server, cannot disable client-initiated renegotiation for FTPS, navigation into symlinked directories, mod_sftp crash when using pubkey-auth with DSA keys |
psmisc | Fix regression in killall not matching process with names longer than 15 characters |
python-uflash | Update firmware URL |
request-tracker4 | Fix login timing side-channel attack issue [CVE-2021-38562] |
ring | Fix denial of service issue in the embedded copy of pjproject [CVE-2021-21375] |
sabnzbdplus | Prevent directory escape in renamer function [CVE-2021-29488] |
shim | Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead |
shim-helpers-amd64-signed | Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead |
shim-helpers-arm64-signed | Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead |
shim-helpers-i386-signed | Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead |
shim-signed | Work around boot-breaking issues on arm64 by including an older known working version of unsigned shim on that platform; switch arm64 back to using a current unsigned build; add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead |
shiro | Fix authentication bypass issues [CVE-2020-1957 CVE-2020-11989 CVE-2020-13933 CVE-2020-17510]; update Spring Framework compatibility patch; support Guice 4 |
tzdata | Update DST rules for Samoa and Jordan; confirm the absence of a leap second on 2021-12-31 |
ublock-origin | New upstream stable release; fix denial of service issue [CVE-2021-36773] |
ulfius | Ensure memory is initialised before use [CVE-2021-40540] |
xmlgraphics-commons | Fix Server-Side Request Forgery issue [CVE-2020-11988] |
yubikey-manager | Add missing dependency on python3-pkg-resources to yubikey-manager |
Aggiornamenti della sicurezza
Questa versione include i seguenti aggiornamenti della sicurezza al rilascio oldstable. Il gruppo della sicurezza ha già rilasciato un avviso per ciascuno di essi:
Pacchetti rimossi
I seguenti pacchetti sono stati rimossi per motivi esterni alla nostra volontà:
Pacchetto | Motivo |
---|---|
birdtray | Incompatible with newer Thunderbird versions |
libprotocol-acme-perl | Only supports obsolete ACME version 1 |
Procedura di installazione di Debian
La procedura di installazione è stata aggiornata per includere gli aggiornamenti presenti in questo rilascio minore.
URL
L'elenco completo dei pacchetti che sono cambiati con questa revisione:
La attuale distribuzione oldstable:
Aggiornamenti proposti per la distribuzione oldstable:
Informazioni sulla distribuzione oldstable (note di rilascio, errata, etc.):
Annunci e informazioni sulla sicurezza:
Su Debian
Il progetto Debian è una associazione di sviluppatori di software libero che offrono volontariamente il loro tempo e il loro lavoro per produrre il sistema operativo totalmente libero Debian.
Contatti
Per maggiori informazioni, visitare le pagine web del sito Debian https://www.debian.org/, inviare email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.