Aggiornata Debian 11: rialscio di 11.9

10 Febbraio 2024

Il progetto Debian è felice di annunciare il quarto aggiornamento della distribuzione stabile Debian 11 (nome in codice bullseye). Questo aggiornamento minore aggiunge soluzioni di problemi di sicurezza, oltre ad alcune correzioni per problemi seri. I bollettini della sicurezza sono già stati pubblicati separatamente e sono qui elencati dove possibile.

Notare che questo rilascio minore non è una nuova versione di Debian 11 ma solo un aggiornamento di alcuni pacchetti che ne fanno parte. Non è necessario buttare via il vecchio supporto di installazione di bullseye. Dopo l'installazione i pacchetti verranno aggiornati alle ultime versioni usando uno qualsiasi dei mirror Debian aggiornati.

Coloro che aggiornano il sistema frequentemente tramite security.debian.org non avranno molti pacchetti da aggiornare, e molti di questi sono inclusi nel rilascio minore.

Nuove immagini per l'installazione saranno presto disponibili nelle posizioni usuali.

Aggiornare una installazione esistente a questa revisione, può essere fatto configurando il sistema di gestione dei pacchetti per puntare ad uno dei tanti mirror HTTP Debian. Un elenco completo di questi mirror è disponibile qui:

https://www.debian.org/mirror/list

Risoluzione di problemi vari

L'aggiornamento della stable precedente aggiunge alcune importanti correzioni ai seguenti pacchetti (in inglese):

Pacchetto Motivo
axis Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743]
base-files Update for the 11.9 point release
cifs-utils Fix non-parallel builds
compton Remove recommendation of picom
conda-package-handling Skip unreliable tests
conmon Do not hang when forwarding container stdout/stderr with lots of output
crun Fix containers with systemd as their init system, when using newer kernel versions
debian-installer Increase Linux kernel ABI to 5.10.0-28; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debian-ports-archive-keyring Add Debian Ports Archive Automatic Signing Key (2025)
debian-security-support Mark tor, consul and xen as end-of-life; limit samba support to non-AD DC use cases; match golang packages with regular expression; drop version-based checking; add chromium to security-support-ended.deb11; add tiles and libspring-java to security-support-limited
debootstrap Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles
distro-info Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date
distro-info-data Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates
dpdk New upstream stable release
dropbear Fix security measure bypass issue [CVE-2021-36369]; fix terrapin attack [CVE-2023-48795]
exuberant-ctags Fix arbitrary command execution issue [CVE-2022-4515]
filezilla Prevent terrapin exploit [CVE-2023-48795]
gimp Remove old versions of separately packaged dds plugin
glib2.0 Align with upstream stable fixes; fix denial of service issues [CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 CVE-2023-32636]
glibc Fix a memory corruption in qsort() when using nontransitive comparison functions.
gnutls28 Security fix for timing sidechannel attack [CVE-2023-5981]
imagemagick Various security fixes [CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]
jqueryui Fix cross-site scripting issue [CVE-2022-31160]
knewstuff Ensure correct ProvidersUrl to fix denial of service
libdatetime-timezone-perl Update included timezone data
libde265 Fix segmentation violation in the function decoder_context::process_slice_segment_header [CVE-2023-27102]; fix heap buffer overflow in the function derive_collocated_motion_vectors [CVE-2023-27103]; fix buffer over-read in pic_parameter_set::dump [CVE-2023-43887]; fix buffer overflow in the slice_segment_header function [CVE-2023-47471]; fix buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
libmateweather Update included location data; update data server URL
libpod Fix incorrect handling of supplementary groups [CVE-2022-2989]
libsolv Enable zstd compression support
libspreadsheet-parsexlsx-perl Fix possible memory bomb [CVE-2024-22368]; fix XML External Entity issue [CVE-2024-23525]
linux New upstream stable release; increase ABI to 28
linux-signed-amd64 New upstream stable release; increase ABI to 28
linux-signed-arm64 New upstream stable release; increase ABI to 28
linux-signed-i386 New upstream stable release; increase ABI to 28
llvm-toolchain-16 New backported package to support builds of newer chromium versions; build-dep on llvm-spirv instead of llvm-spirv-16
mariadb-10.5 New upstream stable release; fix denial of service issue [CVE-2023-22084]
minizip Reject overflows of zip header fields [CVE-2023-45853]
modsecurity-apache Fix protection bypass issues [CVE-2022-48279 CVE-2023-24021]
nftables Fix incorrect bytecode generation
node-dottie Fix prototype pollution issue [CVE-2023-26132]
node-url-parse Fix authorisation bypass issue [CVE-2022-0512]
node-xml2js Fix prototype pollution issue [CVE-2023-0842]
nvidia-graphics-drivers New upstream release [CVE-2023-31022]
nvidia-graphics-drivers-tesla-470 New upstream release [CVE-2023-31022]
opendkim Properly delete Authentication-Results headers [CVE-2022-48521]
perl Prevent buffer overflow via illegal Unicode property [CVE-2023-47038]
plasma-desktop Fix denial of service bug in discover
plasma-discover Fix denial of service bug; fix build failure
postfix New upstream stable release; address SMTP smuggling issue [CVE-2023-51764]
postgresql-13 New upstream stable release; fix SQL injection issue [CVE-2023-39417]
postgresql-common Fix autopkgtests
python-cogent Skip parallel tests on single-CPU systems
python-django-imagekit Avoid triggering path traversal detection in tests
python-websockets Fix predictable duration issue [CVE-2021-33880]
pyzoltan Build on single core systems
ruby-aws-sdk-core Include VERSION file in package
spip Fix cross-site scripting issue
swupdate Prevent acquiring root privileges through inappropriate socket mode
symfony Ensure CodeExtension's filters properly escape their input [CVE-2023-46734]
tar Fix boundary checking in base-256 decoder [CVE-2022-48303], handling of extended header prefixes [CVE-2023-39804]
tinyxml Fix assertion issue [CVE-2023-34194]
tzdata Update included timezone data
unadf Fix stack buffer overflow issue [CVE-2016-1243]; fix arbitary code execution issue [CVE-2016-1244]
usb.ids Update included data list
vlfeat Fix FTBFS with newer ImageMagick
weborf Fix denial of service issue
wolfssl Fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], key disclosure issue [CVE-2022-42961], predictable buffer in input keying material [CVE-2023-3724]
xerces-c Fix use-after-free issue [CVE-2018-1311]; fix integer overflow issue [CVE-2023-37536]
zeromq3 Fix fork() detection with gcc 7; update copyright relicense statement

Aggiornamenti della sicurezza

Questa revisione contiene i seguenti aggiornamenti per la sicurezza del rilascio stabile precedente. Il gruppo della sicurezza ha già rilasciato i bollettini per ciascuno di questi aggionamenti::

ID del bollettino Pacchetto
DSA-5496 firefox-esr
DSA-5499 chromium
DSA-5506 firefox-esr
DSA-5508 chromium
DSA-5509 firefox-esr
DSA-5511 mosquitto
DSA-5512 exim4
DSA-5513 thunderbird
DSA-5514 glibc
DSA-5515 chromium
DSA-5516 libxpm
DSA-5517 libx11
DSA-5518 libvpx
DSA-5519 grub-efi-amd64-signed
DSA-5519 grub-efi-arm64-signed
DSA-5519 grub-efi-ia32-signed
DSA-5519 grub2
DSA-5520 mediawiki
DSA-5522 tomcat9
DSA-5523 curl
DSA-5524 libcue
DSA-5526 chromium
DSA-5527 webkit2gtk
DSA-5528 node-babel7
DSA-5530 ruby-rack
DSA-5531 roundcube
DSA-5533 gst-plugins-bad1.0
DSA-5534 xorg-server
DSA-5535 firefox-esr
DSA-5536 chromium
DSA-5537 openjdk-11
DSA-5538 thunderbird
DSA-5539 node-browserify-sign
DSA-5540 jetty9
DSA-5542 request-tracker4
DSA-5543 open-vm-tools
DSA-5544 zookeeper
DSA-5545 vlc
DSA-5546 chromium
DSA-5547 pmix
DSA-5548 openjdk-17
DSA-5549 trafficserver
DSA-5550 cacti
DSA-5551 chromium
DSA-5554 postgresql-13
DSA-5556 chromium
DSA-5557 webkit2gtk
DSA-5558 netty
DSA-5560 strongswan
DSA-5561 firefox-esr
DSA-5563 intel-microcode
DSA-5564 gimp
DSA-5565 gst-plugins-bad1.0
DSA-5566 thunderbird
DSA-5567 tiff
DSA-5569 chromium
DSA-5570 nghttp2
DSA-5571 rabbitmq-server
DSA-5572 roundcube
DSA-5573 chromium
DSA-5574 libreoffice
DSA-5576 xorg-server
DSA-5577 chromium
DSA-5579 freeimage
DSA-5581 firefox-esr
DSA-5582 thunderbird
DSA-5584 bluez
DSA-5585 chromium
DSA-5586 openssh
DSA-5587 curl
DSA-5588 putty
DSA-5590 haproxy
DSA-5591 libssh
DSA-5592 libspreadsheet-parseexcel-perl
DSA-5594 linux-signed-amd64
DSA-5594 linux-signed-arm64
DSA-5594 linux-signed-i386
DSA-5594 linux
DSA-5595 chromium
DSA-5597 exim4
DSA-5598 chromium
DSA-5599 phpseclib
DSA-5600 php-phpseclib
DSA-5602 chromium
DSA-5603 xorg-server
DSA-5604 openjdk-11
DSA-5605 thunderbird
DSA-5606 firefox-esr
DSA-5608 gst-plugins-bad1.0
DSA-5613 openjdk-17
DSA-5614 zbar
DSA-5615 runc

Pacchetti rimossi

Il seguente pacchetto è stato rimosso dalla distribuzione:

Pacchetto Motivo
gimp-dds Integrated in gimp>=2.10

Istallatore Debian

La procedura di installazione è stata aggiornata per includere le correzioni presenti in questo aggiornamento della stable precedente.

URL

L'elenco completo dei pacchetti cambiati in questa revisione:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

La distribuzione stable precedente:

https://deb.debian.org/debian/dists/oldstable/

Aggiornamenti proposti per la distribuzione stable precedente

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Informazioni sulla distribuzione stable precedente (note di rilascio, errata, etc.):

https://www.debian.org/releases/oldstable/

Annunci e informazioni della sicurezza:

https://www.debian.org/security/

Su Debian

Il progetto Debian è una associazione di sviluppatori di software libero che volontariamente offrono il loro tempo e il loro lavoro per produrre il sistema operativo completamente libero Debian.

Contatti

Per maggiori informazioni visitare le pagine web Debian https://www.debian.org/, mandare un email a <press@debian.org> o contattare il gruppo del rilascio stabile a <debian-release@lists.debian.org>.