주의: 이 번역은 원문보다 오래되었습니다.

데비안 11 업데이트: 11.6 나옴

2022년 12월 17일

데비안 프로젝트는 데비안 11 (codename bullseye)의 여섯번째 업데이드를 알려드리게 되어 기쁩니다 . 이 포인트(point) 릴리스는 몇몇 심각한 문제의 조치 및 보안 이슈와 관련된 수정을 주로 담고 있습니다. 보안 권고는 이미 개별적으로 공개되었고 활용 가능한 곳에서 참조될 수 있습니다.

포인트 릴리스는 데비안 11의 새 버전을 만드는 것이 아니며, 포함된 일부 패키지만 업데이트 한다는 것을 주의하세요. 이전 버전의 bullseye 미디어를 버릴 필요 없습니다. 설치 후, 최신 데비안 미러를 이용하여 패키지를 현재 버전으로 업그레이드 할 수 있습니다.

security.debian.org의 업데이트를 자주 설치하는 사람들은 패키지를 많이 업데이트하지 않아도 되며, 해당 업데이트는 대부분 포인트 릴리스에 포함되어있습니다.

새 설치 이미지는 정규 위치(다운로드 페이지, ftp 서버 등)에 곧 공개될 겁니다

패키지 관리 시스템이 수많은 데비안 HTTP 미러 중 하나를 가리키게 해서 기존 설치를 이 개정판으로 업그레이드할 수 있습니다. 포괄적인 미러 서버 목록:

https://www.debian.org/mirror/list

기타 버그 고침

이 안정(stable) 업데이트는 아래 패키지에 몇몇 중요한 수정을 했습니다:

패키지	까닭
awstats	Fix cross site scripting issue [CVE-2022-46391]
base-files	Update /etc/debian_version for the 11.6 point release
binfmt-support	Run binfmt-support.service after systemd-binfmt.service
clickhouse	Fix out-of-bounds read issues [CVE-2021-42387 CVE-2021-42388], buffer overflow issues [CVE-2021-43304 CVE-2021-43305]
containerd	CRI plugin: Fix goroutine leak during Exec [CVE-2022-23471]
core-async-clojure	Fix build failures in test suite
dcfldd	Fix SHA1 output on big-endian architectures
debian-installer	Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-20
debian-installer-netboot-images	Rebuild against proposed-updates
debmirror	Add non-free-firmware to the default section list
distro-info-data	Add Ubuntu 23.04, Lunar Lobster; update Debian ELTS end dates; correct Debian 8 (jessie) release date
dojo	Fix prototype pollution issue [CVE-2021-23450]
dovecot-fts-xapian	Generate dependency on dovecot ABI version in use during build
efitools	Fix intermittent build failure due to incorrect dependency in makefile
evolution	Move Google Contacts addressbooks to CalDAV since the Google Contacts API has been turned off
evolution-data-server	Move Google Contacts addressbooks to CalDAV since the Google Contacts API has been turned off; fix compatibility with Gmail OAuth changes
evolution-ews	Fix retrieval of user certificates belonging to contacts
g810-led	Control device access with uaccess instead of making everything world-writable [CVE-2022-46338]
glibc	Fix regression in wmemchr and wcslen on CPUs that have AVX2 but not BMI2 (e.g. Intel Haswell)
golang-github-go-chef-chef	Fix intermittent test failure
grub-efi-amd64-signed	Don't strip Xen binaries, so they work again; include fonts in the memdisk build for EFI images; fix bug in core file code so errors are handled better; bump Debian SBAT level to 4
grub-efi-arm64-signed	Don't strip Xen binaries, so they work again; include fonts in the memdisk build for EFI images; fix bug in core file code so errors are handled better; bump Debian SBAT level to 4
grub-efi-ia32-signed	Don't strip Xen binaries, so they work again; include fonts in the memdisk build for EFI images; fix bug in core file code so errors are handled better; bump Debian SBAT level to 4
grub2	Don't strip Xen binaries, so they work again; include fonts in the memdisk build for EFI images; fix bug in core file code so errors are handled better; bump Debian SBAT level to 4
hydrapaper	Add missing dependeny on python3-pil
isoquery	Fix test failure caused by a French translation change in the iso-codes package
jtreg6	New package, required to build newer openjdk-11 versions
lemonldap-ng	Improve session destroy propagation [CVE-2022-37186]
leptonlib	Fix divide-by-zero [CVE-2022-38266]
libapache2-mod-auth-mellon	Fix open redirect issue [CVE-2021-3639]
libbluray	Fix BD-J support with recent Oracle Java updates
libconfuse	Fix a heap-based buffer over-read in cfg_tilde_expand [CVE-2022-40320]
libdatetime-timezone-perl	Update included data
libtasn1-6	Fix out-of-bounds read issue [CVE-2021-46848]
libvncserver	Fix memory leak [CVE-2020-29260]; support larger screen sizes
linux	New upstream stable release; increase ABI to 20; [rt] Update to 5.10.158-rt77
linux-signed-amd64	New upstream stable release; increase ABI to 20; [rt] Update to 5.10.158-rt77
linux-signed-arm64	New upstream stable release; increase ABI to 20; [rt] Update to 5.10.158-rt77
linux-signed-i386	New upstream stable release; increase ABI to 20; [rt] Update to 5.10.158-rt77
mariadb-10.5	New upstream stable release; security fixes [CVE-2018-25032 CVE-2021-46669 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-32081 CVE-2022-32082 CVE-2022-32083 CVE-2022-32084 CVE-2022-32085 CVE-2022-32086 CVE-2022-32087 CVE-2022-32088 CVE-2022-32089 CVE-2022-32091]
mod-wsgi	Drop X-Client-IP header when it is not a trusted header [CVE-2022-2255]
mplayer	Fix several security issues [CVE-2022-38850 CVE-2022-38851 CVE-2022-38855 CVE-2022-38858 CVE-2022-38860 CVE-2022-38861 CVE-2022-38863 CVE-2022-38864 CVE-2022-38865 CVE-2022-38866]
mutt	Fix gpgme crash when listing keys in a public key block, and public key block listing for old versions of gpgme
nano	Fix crashes and a potential data loss issue
nftables	Fix off-by-one / double free error
node-hawk	Parse URLs using stdlib [CVE-2022-29167]
node-loader-utils	Fix prototype pollution issue [CVE-2022-37599 CVE-2022-37601], regular expression-based denial of service issue [CVE-2022-37603]
node-minimatch	Improve protection against regular expression-based denial of service [CVE-2022-3517]; fix regression in patch for CVE-2022-3517
node-qs	Fix prototype pollution issue [CVE-2022-24999]
node-xmldom	Fix prototype pollution issue [CVE-2022-37616]; prevent insertion of non-well-formed nodes [CVE-2022-39353]
nvidia-graphics-drivers	New upstream release; security fixes [CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34679 CVE-2022-34680 CVE-2022-34682 CVE-2022-42254 CVE-2022-42255 CVE-2022-42256 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259 CVE-2022-42260 CVE-2022-42261 CVE-2022-42262 CVE-2022-42263 CVE-2022-42264]
nvidia-graphics-drivers-legacy-390xx	New upstream release; security fixes [CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34680 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259]
nvidia-graphics-drivers-tesla-450	New upstream release; security fixes [CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34679 CVE-2022-34680 CVE-2022-34682 CVE-2022-42254 CVE-2022-42256 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259 CVE-2022-42260 CVE-2022-42261 CVE-2022-42262 CVE-2022-42263 CVE-2022-42264]
nvidia-graphics-drivers-tesla-470	New upstream release; security fixes [CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34679 CVE-2022-34680 CVE-2022-34682 CVE-2022-42254 CVE-2022-42255 CVE-2022-42256 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259 CVE-2022-42260 CVE-2022-42261 CVE-2022-42262 CVE-2022-42263 CVE-2022-42264]
omnievents	Add missing dependency on libjs-jquery to the omnievents-doc package
onionshare	Fix denial of service issue [CVE-2022-21689], HTML injection issue [CVE-2022-21690]
openvpn-auth-radius	Support verify-client-cert directive
postfix	New upstream stable release
postgresql-13	New upstream stable release
powerline-gitstatus	Fix command injection via malicious repository config [CVE-2022-42906]
pysubnettree	Fix module build
speech-dispatcher	Reduce espeak buffer size to avoid synth artifacts
spf-engine	Fix pyspf-milter failing to start due to an invalid import statement
tinyexr	Fix heap overflow issues [CVE-2022-34300 CVE-2022-38529]
tinyxml	Fix infinite loop [CVE-2021-42260]
tzdata	Update data for Fiji, Mexico and Palestine; update leap seconds list
virglrenderer	Fix out-of-bounds write issue [CVE-2022-0135]
x2gothinclient	Make the x2gothinclient-minidesktop package provide the lightdm-greeter virtual package
xfig	Fix buffer overflow issue [CVE-2021-40241]

보안 업데이트

이 개정판은 아래의 보안 업데이트를 안정(stable) 릴리스에 추가합니다. 보안팀은 각 업데이트에 대해서 이미 권고사항을 공개했습니다.

권고 ID	패키지
DSA-5212	chromium
DSA-5223	chromium
DSA-5224	poppler
DSA-5225	chromium
DSA-5226	pcs
DSA-5227	libgoogle-gson-java
DSA-5228	gdk-pixbuf
DSA-5229	freecad
DSA-5230	chromium
DSA-5231	connman
DSA-5232	tinygltf
DSA-5233	e17
DSA-5234	fish
DSA-5235	bind9
DSA-5236	expat
DSA-5239	gdal
DSA-5240	webkit2gtk
DSA-5241	wpewebkit
DSA-5242	maven-shared-utils
DSA-5243	lighttpd
DSA-5244	chromium
DSA-5245	chromium
DSA-5246	mediawiki
DSA-5247	barbican
DSA-5248	php-twig
DSA-5249	strongswan
DSA-5250	dbus
DSA-5251	isc-dhcp
DSA-5252	libreoffice
DSA-5253	chromium
DSA-5254	python-django
DSA-5255	libksba
DSA-5256	bcel
DSA-5257	linux-signed-arm64
DSA-5257	linux-signed-amd64
DSA-5257	linux-signed-i386
DSA-5257	linux
DSA-5258	squid
DSA-5260	lava
DSA-5261	chromium
DSA-5263	chromium
DSA-5264	batik
DSA-5265	tomcat9
DSA-5266	expat
DSA-5267	pysha3
DSA-5268	ffmpeg
DSA-5269	pypy3
DSA-5270	ntfs-3g
DSA-5271	libxml2
DSA-5272	xen
DSA-5273	webkit2gtk
DSA-5274	wpewebkit
DSA-5275	chromium
DSA-5276	pixman
DSA-5277	php7.4
DSA-5278	xorg-server
DSA-5279	wordpress
DSA-5280	grub-efi-amd64-signed
DSA-5280	grub-efi-arm64-signed
DSA-5280	grub-efi-ia32-signed
DSA-5280	grub2
DSA-5281	nginx
DSA-5283	jackson-databind
DSA-5285	asterisk
DSA-5286	krb5
DSA-5287	heimdal
DSA-5288	graphicsmagick
DSA-5289	chromium
DSA-5290	commons-configuration2
DSA-5291	mujs
DSA-5292	snapd
DSA-5293	chromium
DSA-5294	jhead
DSA-5295	chromium
DSA-5296	xfce4-settings
DSA-5297	vlc
DSA-5298	cacti
DSA-5299	openexr

데비안 설치관리자

설치 관리자는 포인트 릴리스에서 안정(stable) 릴리스와 병합된 수정 사항을 포함하도록 업데이트 되었습니다.

URL

개정판에서 변경된 패키지의 전체 리스트:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

현재 안정 배포:

https://deb.debian.org/debian/dists/stable/

안정(stable) 배포판에 제안된 업데이트(proposed-update):

https://deb.debian.org/debian/dists/proposed-updates

안정(stable) 배포판 정보 (릴리스 노트, 정오표 등):

https://www.debian.org/releases/stable/

보안 알림 및 정보:

https://www.debian.org/security/

데비안에 관해

데비안 프로젝트는 완전한 자유 운영체제인 데비안을 제작하기 위해 자신의 시간과 노력을 자원하는 자유 소프트웨어 개발자의 모임입니다

연락처 정보

더 많은 정보를 원하면 https://www.debian.org/에 있는 데비안 웹 페이지를 방문하거나, <press@debian.org>으로 이메일을 보내세요. 또는 <debian-release@lists.debian.org>로 보내서 안정(stable) 릴리스 팀으로 연락하세요.