Uppdaterad Debian 10; 10.11 utgiven

9 oktober 2021

Debianprojektet presenterar stolt sin elfte uppdatering till dess gamla stabila utgåva Debian 10 (med kodnamnet buster). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 10 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av buster. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den gamla stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket Orsak
atftp Fix buffer overflow [CVE-2021-41054]
base-files Update for the 10.11 point release
btrbk Fix arbitrary code execution issue [CVE-2021-38173]
clamav New upstream stable release; fix clamdscan segfaults when --fdpass and --multipass are used together with ExcludePath
commons-io Fix path traversal issue [CVE-2021-29425]
cyrus-imapd Fix denial-of-service issue [CVE-2021-33582]
debconf Check that whiptail or dialog is actually usable
debian-installer Rebuild against buster-proposed-updates; update Linux ABI to 4.19.0-18
debian-installer-netboot-images Rebuild against buster-proposed-updates
distcc Fix GCC cross-compiler links in update-distcc-symlinks and add support for clang and CUDA (nvcc)
distro-info-data Update included data for several releases
dwarf-fortress Remove undistributable prebuilt shared libraries from the source tarball
espeak-ng Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed
gcc-mingw-w64 Fix gcov handling
gthumb Fix heap-based buffer overflow issue [CVE-2019-20326]
hg-git Fix test failures with recent git versions
htslib Fix autopkgtest on i386
http-parser Fix HTTP request smuggling issue [CVE-2019-15605]
irssi Fix use after free issue when sending SASL login to the server [CVE-2019-13045]
java-atk-wrapper Also use dbus to detect accessibility being enabled
krb5 Fix KDC null dereference crash on FAST request with no server field [CVE-2021-37750]; fix memory leak in krb5_gss_inquire_cred
libdatetime-timezone-perl New upstream stable release; update DST rules for Samoa and Jordon; confirmation of no leap andra on 2021-12-31
libpam-tacplus Prevent shared secrets from being added in plaintext to the system log [CVE-2020-13881]
linux proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-latest Update to 4.19.0-18 kernel ABI
linux-signed-amd64 proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-signed-arm64 proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
linux-signed-i386 proc: Track /proc/$pid/attr/ opener mm_struct, fixing issues with lxc-attach; new upstream stable release; increase ABI version to 18; [rt] Update to 4.19.207-rt88; usb: hso: fix error handling code of hso_create_net_device [CVE-2021-37159]
mariadb-10.3 New upstream stable release; security fixes [CVE-2021-2389 CVE-2021-2372]; fix Perl executable path in scripts
modsecurity-crs Fix request body bypass issue [CVE-2021-35368]
node-ansi-regex Fix regular expression-based denial of service issue [CVE-2021-3807]
node-axios Fix regular expression-based denial of service issue [CVE-2021-3749]
node-jszip Use a null prototype object for this.files [CVE-2021-23413]
node-tar Remove non-directory paths from the directory cache [CVE-2021-32803]; strip absolute paths more comprehensively [CVE-2021-32804]
nvidia-cuda-toolkit Fix setting of NVVMIR_LIBRARY_DIR on ppc64el
nvidia-graphics-drivers New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-driver-libs: Add Recommends: libnvidia-encode1
nvidia-graphics-drivers-legacy-390xx New upstream stable release; fix denial of service issues [CVE-2021-1093 CVE-2021-1094 CVE-2021-1095]; nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-legacy-390xx-encode1
postgresql-11 New upstream stable release; fix mis-planning of repeated application of a projection step [CVE-2021-3677]; disallow SSL renegotiation more completely
proftpd-dfsg Fix mod_radius leaks memory contents to radius server, cannot disable client-initiated renegotiation for FTPS, navigation into symlinked directories, mod_sftp crash when using pubkey-auth with DSA keys
psmisc Fix regression in killall not matching process with names longer than 15 characters
python-uflash Update firmware URL
request-tracker4 Fix login timing side-channel attack issue [CVE-2021-38562]
ring Fix denial of service issue in the embedded copy of pjproject [CVE-2021-21375]
sabnzbdplus Prevent directory escape in renamer function [CVE-2021-29488]
shim Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-amd64-signed Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-arm64-signed Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-helpers-i386-signed Add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shim-signed Work around boot-breaking issues on arm64 by including an older known working version of unsigned shim on that platform; switch arm64 back to using a current unsigned build; add arm64 patch to tweak section layout and stop crashing problems; in insecure mode, don't abort if we can't create the MokListXRT variable; don't abort on grub installation failures; warn instead
shiro Fix authentication bypass issues [CVE-2020-1957 CVE-2020-11989 CVE-2020-13933 CVE-2020-17510]; update Spring Framework compatibility patch; support Guice 4
tzdata Update DST rules for Samoa and Jordan; confirm the absence of a leap andra on 2021-12-31
ublock-origin New upstream stable release; fix denial of service issue [CVE-2021-36773]
ulfius Ensure memory is initialised before use [CVE-2021-40540]
xmlgraphics-commons Fix Server-Side Request Forgery issue [CVE-2020-11988]
yubikey-manager Add missing dependency on python3-pkg-resources to yubikey-manager

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den gamla stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID Paket
DSA-4842 thunderbird
DSA-4866 thunderbird
DSA-4876 thunderbird
DSA-4897 thunderbird
DSA-4927 thunderbird
DSA-4931 xen
DSA-4932 tor
DSA-4933 nettle
DSA-4934 intel-microcode
DSA-4935 php7.3
DSA-4936 libuv1
DSA-4937 apache2
DSA-4938 linuxptp
DSA-4939 firefox-esr
DSA-4940 thunderbird
DSA-4941 linux-signed-amd64
DSA-4941 linux-signed-arm64
DSA-4941 linux-signed-i386
DSA-4941 linux
DSA-4942 systemd
DSA-4943 lemonldap-ng
DSA-4944 krb5
DSA-4945 webkit2gtk
DSA-4946 openjdk-11-jre-dcevm
DSA-4946 openjdk-11
DSA-4947 libsndfile
DSA-4948 aspell
DSA-4949 jetty9
DSA-4950 ansible
DSA-4951 bluez
DSA-4952 tomcat9
DSA-4953 lynx
DSA-4954 c-ares
DSA-4955 libspf2
DSA-4956 firefox-esr
DSA-4957 trafficserver
DSA-4958 exiv2
DSA-4959 thunderbird
DSA-4961 tor
DSA-4962 ledgersmb
DSA-4963 openssl
DSA-4964 grilo
DSA-4967 squashfs-tools
DSA-4969 firefox-esr
DSA-4970 postorius
DSA-4971 ntfs-3g
DSA-4973 thunderbird
DSA-4974 nextcloud-desktop
DSA-4975 webkit2gtk
DSA-4979 mediawiki

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket Orsak
birdtray Incompatible with newer Thunderbird versions
libprotocol-acme-perl Only supports obsolete ACME version 1

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den gamla stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/buster/ChangeLog

Den aktuella gamla stabila utgåvan:

https://deb.debian.org/debian/dists/oldstable/

Föreslagna uppdateringar till den gamla stabila utgåvan:

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Information om den gamla stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/oldstable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.