------------------------------------------------------------------------
The Debian Project
https://www.debian.org/
Updated Debian 11: 11.9 released
press@debian.org
February 10th, 2024
https://www.debian.org/News//2024/2024021002
------------------------------------------------------------------------
The Debian project is pleased to announce the ninth update of its
oldstable distribution Debian 11 (codename "bullseye"). This point
release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list [1]
1:
https://www.debian.org/News/mirror/list
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following packages:
+---------------------+-------------------------------------------------------------+
| Package | Reason |
+---------------------+-------------------------------------------------------------+
| axis [2] | Filter out unsupported protocols in the client
class |
| | ServiceFactory [CVE-2023-40743] |
| | |
| base-files [3] | Update for the 11.9 point release |
| | |
| cifs-utils [4] | Fix non-parallel builds |
| | |
| compton [5] | Remove recommendation of picom |
| | |
| conda-package- | Skip unreliable tests |
| handling [6] | |
| | |
| conmon [7] | Do not hang when forwarding container stdout/stderr
with |
| | lots of output |
| | |
| crun [8] | Fix containers with systemd as their init system,
when |
| | using newer kernel versions |
| | |
| debian- | Increase Linux kernel ABI to 5.10.0-28; rebuild
against |
| installer [9] | proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [10] | |
| | |
| debian-ports- | Add Debian Ports Archive Automatic Signing Key (2025) |
| archive- | |
| keyring [11] | |
| | |
| debian-security- | Mark tor, consul and xen as end-of-life; limit
samba |
| support [12] | support to non-AD DC use cases; match golang packages with |
| | regular expression; drop version-based checking;
add |
| | chromium to security-support-ended.deb11; add tiles
and |
| | libspring-java to security-support-limited
|
| | |
| debootstrap [13] | Backport merged-/usr support changes from trixie: implement |
| | merged-/usr by post-merging, default to merged-/usr
for |
| | suites newer than bookworm in all profiles
|
| | |
| distro-info [14] | Update tests for distro-info-data 0.58+deb12u1, which |
| | adjusted Debian 7's EoL date |
| | |
| distro-info- | Add Ubuntu 24.04 LTS Noble Numbat; fix several End
Of Life |
| data [15] | dates |
| | |
| dpdk [16] | New upstream stable release |
| | |
| dropbear [17] | Fix security measure bypass issue [CVE-2021-36369];
fix |
| | "terrapin" attack [CVE-2023-48795]
|
| | |
| exuberant- | Fix arbitrary command execution issue [CVE-2022-4515] |
| ctags [18] | |
| | |
| filezilla [19] | Prevent "terrapin" exploit [CVE-2023-48795] |
| | |
| gimp [20] | Remove old versions of separately packaged dds
plugin |
| | |
| glib2.0 [21] | Align with upstream stable fixes; fix denial of service |
| | issues [CVE-2023-32665 CVE-2023-32611
CVE-2023-29499 |
| | CVE-2023-32636] |
| | |
| glibc [22] | Fix a memory corruption in "qsort()" when using
|
| | nontransitive comparison functions. |
| | |
| gnutls28 [23] | Security fix for timing sidechannel attack [CVE-2023-5981] |
| | |
| imagemagick [24] | Various security fixes [CVE-2021-20241 CVE-2021-20243 |
| | CVE-2021-20244 CVE-2021-20245 CVE-2021-20246
CVE-2021-20309 |
| | CVE-2021-3574 CVE-2021-39212 CVE-2021-4219
CVE-2022-1114 |
| | CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]
|
| | |
| jqueryui [25] | Fix cross-site scripting issue [CVE-2022-31160] |
| | |
| knewstuff [26] | Ensure correct ProvidersUrl to fix denial of service |
| | |
| libdatetime- | Update included timezone data |
| timezone-perl [27] | |
| | |
| libde265 [28] | Fix segmentation violation in the function |
| | "decoder_context::process_slice_segment_header"
[CVE-2023- |
| | 27102]; fix heap buffer overflow in the function
|
| | "derive_collocated_motion_vectors" [CVE-2023-27103]; fix |
| | buffer over-read in "pic_parameter_set::dump"
[CVE-2023- |
| | 43887]; fix buffer overflow in the "slice_segment_header" |
| | function [CVE-2023-47471]; fix buffer overflow
issues |
| | [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
|
| | |
| libmateweather [29] | Update included location data; update data server
URL |
| | |
| libpod [30] | Fix incorrect handling of supplementary groups [CVE-2022- |
| | 2989] |
| | |
| libsolv [31] | Enable zstd compression support |
| | |
| libspreadsheet- | Fix possible memory bomb [CVE-2024-22368]; fix XML External |
| parsexlsx-perl [32] | Entity issue [CVE-2024-23525] |
| | |
| linux [33] | New upstream stable release; increase ABI to 28
|
| | |
| linux-signed- | New upstream stable release; increase ABI to 28 |
| amd64 [34] | |
| | |
| linux-signed- | New upstream stable release; increase ABI to 28 |
| arm64 [35] | |
| | |
| linux-signed- | New upstream stable release; increase ABI to 28 |
| i386 [36] | |
| | |
| llvm- | New backported package to support builds of newer
chromium |
| toolchain-16 [37] | versions; build-dep on "llvm-spirv" instead of "llvm- |
| | spirv-16" |
| | |
| mariadb-10.5 [38] | New upstream stable release; fix denial of service issue |
| | [CVE-2023-22084] |
| | |
| minizip [39] | Reject overflows of zip header fields [CVE-2023-45853] |
| | |
| modsecurity- | Fix protection bypass issues [CVE-2022-48279 CVE-2023- |
| apache [40] | 24021] |
| | |
| nftables [41] | Fix incorrect bytecode generation |
| | |
| node-dottie [42] | Fix prototype pollution issue [CVE-2023-26132] |
| | |
| node-url-parse [43] | Fix authorisation bypass issue [CVE-2022-0512] |
| | |
| node-xml2js [44] | Fix prototype pollution issue [CVE-2023-0842] |
| | |
| nvidia-graphics- | New upstream release [CVE-2023-31022] |
| drivers [45] | |
| | |
| nvidia-graphics- | New upstream release [CVE-2023-31022] |
| drivers- | |
| tesla-470 [46] | |
| | |
| opendkim [47] | Properly delete Authentication-Results headers [CVE-2022- |
| | 48521] |
| | |
| perl [48] | Prevent buffer overflow via illegal Unicode property |
| | [CVE-2023-47038] |
| | |
| plasma-desktop [49] | Fix denial of service bug in discover |
| | |
| plasma- | Fix denial of service bug; fix build failure
|
| discover [50] | |
| | |
| postfix [51] | New upstream stable release; address SMTP smuggling
issue |
| | [CVE-2023-51764] |
| | |
| postgresql-13 [52] | New upstream stable release; fix SQL injection
issue |
| | [CVE-2023-39417] |
| | |
| postgresql- | Fix autopkgtests |
| common [53] | |
| | |
| python-cogent [54] | Skip parallel tests on single-CPU systems |
| | |
| python-django- | Avoid triggering path traversal detection in tests |
| imagekit [55] | |
| | |
| python- | Fix predictable duration issue [CVE-2021-33880]
|
| websockets [56] | |
| | |
| pyzoltan [57] | Build on single core systems |
| | |
| ruby-aws-sdk- | Include VERSION file in package |
| core [58] | |
| | |
| spip [59] | Fix cross-site scripting issue |
| | |
| swupdate [60] | Prevent acquiring root privileges through inappropriate |
| | socket mode |
| | |
| symfony [61] | Ensure CodeExtension's filters properly escape their input |
| | [CVE-2023-46734] |
| | |
| tar [62] | Fix boundary checking in base-256 decoder [CVE-2022-48303], |
| | handling of extended header prefixes
[CVE-2023-39804] |
| | |
| tinyxml [63] | Fix assertion issue [CVE-2023-34194] |
| | |
| tzdata [64] | Update included timezone data |
| | |
| unadf [65] | Fix stack buffer overflow issue [CVE-2016-1243];
fix |
| | arbitary code execution issue [CVE-2016-1244]
|
| | |
| usb.ids [66] | Update included data list |
| | |
| vlfeat [67] | Fix FTBFS with newer ImageMagick |
| | |
| weborf [68] | Fix denial of service issue |
| | |
| wolfssl [69] | Fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], |
| | key disclosure issue [CVE-2022-42961], predictable
buffer |
| | in input keying material [CVE-2023-3724]
|
| | |
| xerces-c [70] | Fix use-after-free issue [CVE-2018-1311]; fix integer |
| | overflow issue [CVE-2023-37536] |
| | |
| zeromq3 [71] | Fix "fork()" detection with gcc 7; update copyright |
| | relicense statement |
| | |
+---------------------+-------------------------------------------------------------+
2:
https://packages.debian.org/src:axis
3:
https://packages.debian.org/src:base-files
4:
https://packages.debian.org/src:cifs-utils
5:
https://packages.debian.org/src:compton
6:
https://packages.debian.org/src:conda-package-handling
7:
https://packages.debian.org/src:conmon
8:
https://packages.debian.org/src:crun
9:
https://packages.debian.org/src:debian-installer
10:
https://packages.debian.org/src:debian-installer-netboot-images
11:
https://packages.debian.org/src:debian-ports-archive-keyring
12:
https://packages.debian.org/src:debian-security-support
13:
https://packages.debian.org/src:debootstrap
14:
https://packages.debian.org/src:distro-info
15:
https://packages.debian.org/src:distro-info-data
16:
https://packages.debian.org/src:dpdk
17:
https://packages.debian.org/src:dropbear
18:
https://packages.debian.org/src:exuberant-ctags
19:
https://packages.debian.org/src:filezilla
20:
https://packages.debian.org/src:gimp
21:
https://packages.debian.org/src:glib2.0
22:
https://packages.debian.org/src:glibc
23:
https://packages.debian.org/src:gnutls28
24:
https://packages.debian.org/src:imagemagick
25:
https://packages.debian.org/src:jqueryui
26:
https://packages.debian.org/src:knewstuff
27:
https://packages.debian.org/src:libdatetime-timezone-perl
28:
https://packages.debian.org/src:libde265
29:
https://packages.debian.org/src:libmateweather
30:
https://packages.debian.org/src:libpod
31:
https://packages.debian.org/src:libsolv
32:
https://packages.debian.org/src:libspreadsheet-parsexlsx-perl
33:
https://packages.debian.org/src:linux
34:
https://packages.debian.org/src:linux-signed-amd64
35:
https://packages.debian.org/src:linux-signed-arm64
36:
https://packages.debian.org/src:linux-signed-i386
37:
https://packages.debian.org/src:llvm-toolchain-16
38:
https://packages.debian.org/src:mariadb-10.5
39:
https://packages.debian.org/src:minizip
40:
https://packages.debian.org/src:modsecurity-apache
41:
https://packages.debian.org/src:nftables
42:
https://packages.debian.org/src:node-dottie
43:
https://packages.debian.org/src:node-url-parse
44:
https://packages.debian.org/src:node-xml2js
45:
https://packages.debian.org/src:nvidia-graphics-drivers
46:
https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470 47:
https://packages.debian.org/src:opendkim
48:
https://packages.debian.org/src:perl
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)