Aggiornata Debian 11: rilascio di 11.10

29 Giugno 2024

Il progetto Debian è felice di annunciare il decimo aggiornamento della distribuzione precedentemente stabile Debian 11 (nome in codice bullseye). Questo aggiornamento minore aggiunge principalmente soluzioni a problemi di sicurezza, oltre ad alcune correzioni a problemi seri. I bollettini di sicurezza sono già stati pubblicati separatamente e sono elencati ove possibile.

Si prega di notare che questo aggiornamento minore non è una nuova versione di Debian 11 ma solo un aggiornamento dei pacchetti che ne fanno parte. Non è necessario buttar via il vecchio supporto di installazione di bullseye. Dopo l'installazione, i pacchetti saranno aggiornati alle ultime versioni usando uno qualsiasi dei mirror Debian aggiornati.

Coloro che aggiornano il sistema frequentemente tramite security.debian.org non avranno molti pacchetti da aggiornare, e molti di questi sono inclusi nel rilascio minore.

Le nuove immagini di installazione saranno presto disponibili nelle posizioni usuali.

Aggiornare un'installazione esistente a questa revisione, può essere fatto configurando il sistema di gestione di pacchetti e facendolo puntare a uno dei tanti mirror HTTP Debian. Una lista completa dei mirror è disponibile qui:

https://www.debian.org/mirror/list

Risoluzione di problemi vari

Questo aggiornamento aggiunge alcune importanti correzioni ai seguenti pacchetti (in inglese):

Pacchetto Motivo
allegro5 Fix buffer overflow issues [CVE-2021-36489]
amavisd-new Handle multiple boundary parameters that contain conflicting values [CVE-2024-28054]
bart Fix build test failures by relaxing a floating-point comparison
bart-cuda Fix build test failures by relaxing a floating-point comparison
base-files Update for the point release
cloud-init-22.4.2 Introduce later-versioned replacement for cloud-init package
cpu Provide exactly one definition of globalLdap in ldap plugin
curl Fix memory leak when HTTP/2 server push is aborted [CVE-2024-2398]
debian-installer Increase Linux kernel ABI to 5.10.0-30; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debsig-verify Rebuild for outdated Built-Using
deets Rebuild for outdated Built-Using
distro-info-data Declare intentions for bullseye/bookworm; fix past data; add Ubuntu 24.10
django-mailman3 Scrub messages before archiving
dns-root-data Update root hints; update expired security information
emacs Protect against unsafe remote resources [CVE-2024-30203 CVE-2024-30204 CVE-2024-30205]; fix memory leak in patch for CVE-2022-48337
galera-4 New upstream bugfix release; update upstream release signing key; prevent date-related test failures
gdk-pixbuf ANI: Reject files with multiple anih chunks [CVE-2022-48622]; ANI: Reject files with multiple INAM or IART chunks; ANI: Validate anih chunk size
glib2.0 Fix a (rare) memory leak
gnutls28 Fix assertion failure verifying a certificate chain with a cycle of cross signatures [CVE-2024-0567]; fix timing side-channel attack inside RSA-PSK key exchange [CVE-2024-0553]
gross Fix stack-based buffer overflow [CVE-2023-52159]
hovercraft Depend on python3-setuptools
imlib2 Fix heap-buffer overflow vulnerability when using the tgaflip function in loader_tga.c [CVE-2024-25447 CVE-2024-25448 CVE-2024-25450]
intel-microcode Fixes for INTEL-SA-INTEL-SA-00972 [CVE-2023-39368], INTEL-SA-INTEL-SA-00982 [CVE-2023-38575], INTEL-SA-INTEL-SA-00898 [CVE-2023-28746], INTEL-SA-INTEL-SA-00960 [CVE-2023-22655] and INTEL-SA-INTEL-SA-01045 [CVE-2023-43490]; mitigate for INTEL-SA-01051 [CVE-2023-45733], INTEL-SA-01052 [CVE-2023-46103], INTEL-SA-01036 [CVE-2023-45745, CVE-2023-47855] and unspecified functional issues on various Intel processors
jose Fix potential denial-of-service issue [CVE-2023-50967]
json-smart Fix excessive recursion leading to stack overflow [CVE-2023-1370]; fix denial of service via crafted request [CVE-2021-31684]
lacme Fix post-issuance validation logic
libapache2-mod-auth-openidc Fix missing input validation leading to DoS [CVE-2024-24814]
libjwt Fix a timing side channel via strcmp() [CVE-2024-25189]
libkf5ksieve Prevent leaking passwords into server-side logs
libmicrohttpd Fix out of bounds read with crafted POST requests [CVE-2023-27371]
libssh2 Fix out of bounds memory check in _libssh2_packet_add [CVE-2020-22218]
links2 Rebuild for outdated Built-Using
nano Fix malicious symlink issue [CVE-2024-5742]
ngircd Respect SSLConnect option for incoming connections; server certificate validation on server links (S2S-TLS); METADATA: Fix unsetting cloakhost
nvidia-graphics-drivers End support for Tesla 450 drivers; build libnvidia-fbc1 for arm64; upstream security fixes [CVE-2022-42265 CVE-2024-0074 CVE-2024-0078]; new upstream stable release; security fixes [CVE-2024-0090 CVE-2024-0092]; fix build on ppc64el
nvidia-graphics-drivers-tesla-450 Convert to transitional packages
nvidia-graphics-drivers-tesla-470 New upstream LTS release [CVE-2024-0074 CVE-2024-0078 CVE-2022-42265 CVE-2024-0090 CVE-2024-0092]; fix build on ppc64el
nvidia-settings New upstream bugfix release; build for ppc64el
org-mode Protect against unsafe remote resources [CVE-2024-30203 CVE-2024-30204 CVE-2024-30205]
php-composer-xdebug-handler Force system dependency loading
php-doctrine-annotations Force system dependency loading
php-phpseclib Force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
php-proxy-manager Force system dependency loading
php-symfony-contracts Force system dependency loading
php-zend-code Force system dependency loading
phpseclib Force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
postfix Upstream bugfix release
postgresql-13 New upstream stable release
pypdf2 Fix quadratic runtime with malformed PDF missing xref marker [CVE-2023-36810]; fix infinite loop with crafted input [CVE-2022-24859]
python-aiosmtpd Fix SMTP smuggling issue [CVE-2024-27305]; fix STARTTLS unencrypted command injection issue [CVE-2024-34083]
python-dnslib Validate transaction ID in client.py
python-idna Fix denial of service issue [CVE-2024-3651]
python-stdnum Fix FTBFS when test date is not far enough in the future
qtbase-opensource-src Security fixes [CVE-2022-25255 CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 CVE-2023-51714 CVE-2024-25580]
reportbug Fix suite name to codename mappings to reflect the bookworm release
rust-cbindgen-web New source package to support builds of newer Firefox ESR versions
rustc-web Support firefox-esr and thunderbird in bullseye for LTS
sendmail Fix SMTP smuggling issue [CVE-2023-51765]; add forgotten configuration for rejecting NUL by default
symfony Force system dependency loading; DateTypeTest: ensure submitted year is accepted choice
systemd Meson: drop arch filtering in syscall list; unset TZ before timezone-sensitive unit tests are run
wpa Fix authentication bypass issue [CVE-2023-52160]

Aggiornamenti della sicurezza

Questa revisione aggiunge i seguenti aggiornamenti di sicurezza al rilascio precedentemente stabile. Il Team di Sicurezza ha già rilasciato bollettini per ognuno di essi:

ID del bollettino Pacchetto
DSA-5146 puma
DSA-5360 emacs
DSA-5575 webkit2gtk
DSA-5580 webkit2gtk
DSA-5596 asterisk
DSA-5616 ruby-sanitize
DSA-5618 webkit2gtk
DSA-5619 libgit2
DSA-5620 unbound
DSA-5621 bind9
DSA-5622 postgresql-13
DSA-5624 edk2
DSA-5625 engrampa
DSA-5627 firefox-esr
DSA-5628 imagemagick
DSA-5630 thunderbird
DSA-5631 iwd
DSA-5632 composer
DSA-5635 yard
DSA-5637 squid
DSA-5638 libuv1
DSA-5640 openvswitch
DSA-5641 fontforge
DSA-5643 firefox-esr
DSA-5644 thunderbird
DSA-5645 firefox-esr
DSA-5646 cacti
DSA-5647 samba
DSA-5650 util-linux
DSA-5651 mediawiki
DSA-5652 py7zr
DSA-5653 gtkwave
DSA-5657 xorg-server
DSA-5659 trafficserver
DSA-5660 php7.4
DSA-5662 apache2
DSA-5663 firefox-esr
DSA-5664 jetty9
DSA-5666 flatpak
DSA-5667 tomcat9
DSA-5669 guix
DSA-5670 thunderbird
DSA-5671 openjdk-11
DSA-5672 openjdk-17
DSA-5673 glibc
DSA-5678 glibc
DSA-5679 less
DSA-5681 linux-signed-amd64
DSA-5681 linux-signed-arm64
DSA-5681 linux-signed-i386
DSA-5681 linux
DSA-5682 glib2.0
DSA-5682 gnome-shell
DSA-5684 webkit2gtk
DSA-5685 wordpress
DSA-5686 dav1d
DSA-5688 atril
DSA-5690 libreoffice
DSA-5691 firefox-esr
DSA-5692 ghostscript
DSA-5693 thunderbird
DSA-5695 webkit2gtk
DSA-5698 ruby-rack
DSA-5700 python-pymysql
DSA-5702 gst-plugins-base1.0
DSA-5703 linux-signed-amd64
DSA-5703 linux-signed-arm64
DSA-5703 linux-signed-i386
DSA-5703 linux
DSA-5704 pillow
DSA-5707 vlc
DSA-5709 firefox-esr
DSA-5711 thunderbird
DSA-5713 libndp
DSA-5714 roundcube
DSA-5715 composer

Pacchetti rimossi

I seguenti pacchetti sono stati rimossi a causa di circostanze fuori dal nostro controllo:

Pacchetto Motivo
phppgadmin Security issues
pytest-salt-factories Only needed for to-be-removed salt
pytest-testinfra Only needed for to-be-removed salt
salt Unsupportable, unmaintained
snort Security concerns, unmaintained

Installatore Debian

L'installatore è stato aggiornato per includere le correzioni di questo aggiornamento minore.

URL

La lista completa dei pacchetti modificati in questa revisione:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

La distribuzione precedentemente stabile attuale

https://deb.debian.org/debian/dists/oldstable/

Aggiornamenti proposti per la distribuzione precedentemente stabile:

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Informazioni sulla distribuzione precedentemente stabile (note di rilascio, errata, ecc.):

https://www.debian.org/releases/oldstable/

Annunci e informazioni di sicurezza:

https://www.debian.org/security/

Su Debian

Il progetto Debian è un'associazione di sviluppatori di software libero che volontariamente offrono il loro tempo libero e il loro lavoro per produrre il sistema operativo libero Debian.

Contatti

Per maggiori informazioni si prega di visitare il sito web https://www.debian.org/, mandare un'e-mail a <press@debian.org>, o contattare il Team di rilascio stabile all'indirizzo <debian-release@lists.debian.org>.