Forum: >>> Magnum BBS <<<

Updated Debian 11: 11.10 released (1/2)

From Jean-Pierre Giraud@21:1/5 to All on Sun Jun 30 00:20:01 2024

------------------------------------------------------------------------
The Debian Project https://www.debian.org/ Updated Debian 11: 11.10 released press@debian.org
June 29th, 2024 https://www.debian.org/News/2024/2024062902 ------------------------------------------------------------------------

The Debian project is pleased to announce the tenth update of its
oldstable distribution Debian 11 (codename "bullseye"). This point
release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.

Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:

https://www.debian.org/mirror/list

Miscellaneous Bugfixes
----------------------

This oldstable update adds a few important corrections to the following packages:

+--------------------------+------------------------------------------+
| Package | Reason | +--------------------------+------------------------------------------+
| allegro5 [1] | Fix buffer overflow issues [CVE-2021- |
| | 36489] |
| | |
| amavisd-new [2] | Handle multiple boundary parameters that |
| | contain conflicting values [CVE-2024- |
| | 28054] |
| | |
| bart [3] | Fix build test failures by relaxing a |
| | floating-point comparison |
| | |
| bart-cuda [4] | Fix build test failures by relaxing a |
| | floating-point comparison |
| | |
| base-files [5] | Update for the point release |
| | |
| cloud-init-22.4.2 [6] | Introduce later-versioned replacement |
| | for cloud-init package |
| | |
| cpu [7] | Provide exactly one definition of |
| | globalLdap in ldap plugin |
| | |
| curl [8] | Fix memory leak when HTTP/2 server push |
| | is aborted [CVE-2024-2398] |
| | |
| debian-installer [9] | Increase Linux kernel ABI to 5.10.0-30; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [10] | |
| | |
| debsig-verify [11] | Rebuild for outdated Built-Using |
| | |
| deets [12] | Rebuild for outdated Built-Using |
| | |
| distro-info-data [13] | Declare intentions for bullseye/ |
| | bookworm; fix past data; add Ubuntu |
| | 24.10 |
| | |
| django-mailman3 [14] | Scrub messages before archiving |
| | |
| dns-root-data [15] | Update root hints; update expired |
| | security information |
| | |
| emacs [16] | Protect against unsafe remote resources |
| | [CVE-2024-30203 CVE-2024-30204 CVE-2024- |
| | 30205]; fix memory leak in patch for |
| | CVE-2022-48337 |
| | |
| galera-4 [17] | New upstream bugfix release; update |
| | upstream release signing key; prevent |
| | date-related test failures |
| | |
| gdk-pixbuf [18] | ANI: Reject files with multiple anih |
| | chunks [CVE-2022-48622]; ANI: Reject |
| | files with multiple INAM or IART chunks; |
| | ANI: Validate anih chunk size |
| | |
| glib2.0 [19] | Fix a (rare) memory leak |
| | |
| gnutls28 [20] | Fix assertion failure verifying a |
| | certificate chain with a cycle of cross |
| | signatures [CVE-2024-0567]; fix timing |
| | side-channel attack inside RSA-PSK key |
| | exchange [CVE-2024-0553] |
| | |
| gross [21] | Fix stack-based buffer overflow |
| | [CVE-2023-52159] |
| | |
| hovercraft [22] | Depend on python3-setuptools |
| | |
| imlib2 [23] | Fix heap-buffer overflow vulnerability |
| | when using the tgaflip function in |
| | loader_tga.c [CVE-2024-25447 CVE-2024- |
| | 25448 CVE-2024-25450] |
| | |
| intel-microcode [24] | Fixes for INTEL-SA-INTEL-SA-00972 |
| | [CVE-2023-39368], INTEL-SA-INTEL- |
| | SA-00982 [CVE-2023-38575], INTEL-SA- |
| | INTEL-SA-00898 [CVE-2023-28746], INTEL- |
| | SA-INTEL-SA-00960 [CVE-2023-22655] and |
| | INTEL-SA-INTEL-SA-01045 [CVE-2023- |
| | 43490]; mitigate for INTEL-SA-01051 |
| | [CVE-2023-45733], INTEL-SA-01052 |
| | [CVE-2023-46103], INTEL-SA-01036 |
| | [CVE-2023-45745, CVE-2023-47855] and |
| | unspecified functional issues on various |
| | Intel processors |
| | |
| jose [25] | Fix potential denial-of-service issue |
| | [CVE-2023-50967] |
| | |
| json-smart [26] | Fix excessive recursion leading to stack |
| | overflow [CVE-2023-1370]; fix denial of |
| | service via crafted request [CVE-2021- |
| | 31684] |
| | |
| lacme [27] | Fix post-issuance validation logic |
| | |
| libapache2-mod-auth- | Fix missing input validation leading to |
| openidc [28] | DoS [CVE-2024-24814] |
| | |
| libjwt [29] | Fix a timing side channel via strcmp() |
| | [CVE-2024-25189] |
| | |
| libkf5ksieve [30] | Prevent leaking passwords into server- |
| | side logs |
| | |
| libmicrohttpd [31] | Fix out of bounds read with crafted POST |
| | requests [CVE-2023-27371] |
| | |
| libssh2 [32] | Fix out of bounds memory check in |
| | _libssh2_packet_add [CVE-2020-22218] |
| | |
| links2 [33] | Rebuild for outdated Built-Using |
| | |
| nano [34] | Fix malicious symlink issue [CVE-2024- |
| | 5742] |
| | |
| ngircd [35] | Respect "SSLConnect" option for |
| | incoming connections; server certificate |
| | validation on server links (S2S-TLS); |
| | METADATA: Fix unsetting "cloakhost" |
| | |
| nvidia-graphics- | End support for Tesla 450 drivers; build |
| drivers [36] | libnvidia-fbc1 for arm64; upstream |
| | security fixes [CVE-2022-42265 CVE-2024- |
| | 0074 CVE-2024-0078]; new upstream stable |
| | release; security fixes [CVE-2024-0090 |
| | CVE-2024-0092]; fix build on ppc64el |
| | |
| nvidia-graphics-drivers- | Convert to transitional packages |
| tesla-450 [37] | |
| | |
| nvidia-graphics-drivers- | New upstream LTS release [CVE-2024-0074 |
| tesla-470 [38] | CVE-2024-0078 CVE-2022-42265 CVE-2024- |
| | 0090 CVE-2024-0092]; fix build on |
| | ppc64el |
| | |
| nvidia-settings [39] | New upstream bugfix release; build for |
| | ppc64el |
| | |
| org-mode [40] | Protect against unsafe remote resources |
| | [CVE-2024-30203 CVE-2024-30204 CVE-2024- |
| | 30205] |
| | |
| php-composer-xdebug- | Force system dependency loading |
| handler [41] | |
| | |
| php-doctrine- | Force system dependency loading |
| annotations [42] | |
| | |
| php-phpseclib [43] | Force system dependency loading; guard |
| | isPrime() and randomPrime() for |
| | BigInteger [CVE-2024-27354]; limit OID |
| | length in ASN1 [CVE-2024-27355]; fix |
| | BigInteger getLength() |
| | |
| php-proxy-manager [44] | Force system dependency loading |
| | |
| php-symfony- | Force system dependency loading |
| contracts [45] | |
| | |
| php-zend-code [46] | Force system dependency loading |
| | |
| phpseclib [47] | Force system dependency loading; guard |
| | isPrime() and randomPrime() for |
| | BigInteger [CVE-2024-27354]; limit OID |
| | length in ASN1 [CVE-2024-27355]; fix |
| | BigInteger getLength() |
| | |
| postfix [48] | Upstream bugfix release |
| | |
| postgresql-13 [49] | New upstream stable release |
| | |
| pypdf2 [50] | Fix quadratic runtime with malformed PDF |
| | missing xref marker [CVE-2023-36810]; |
| | fix infinite loop with crafted input |
| | [CVE-2022-24859] |
| | |
| python-aiosmtpd [51] | Fix SMTP smuggling issue [CVE-2024- |
| | 27305]; fix STARTTLS unencrypted command |
| | injection issue [CVE-2024-34083] |
| | |
| python-dnslib [52] | Validate transaction ID in client.py |
| | |
| python-idna [53] | Fix denial of service issue [CVE-2024- |
| | 3651] |
| | |
| python-stdnum [54] | Fix FTBFS when test date is not far |
| | enough in the future |
| | |
| qtbase-opensource- | Security fixes [CVE-2022-25255 CVE-2023- |
| src [55] | 24607 CVE-2023-32762 CVE-2023-32763 |
| | CVE-2023-33285 CVE-2023-34410 CVE-2023- |
| | 37369 CVE-2023-38197 CVE-2023-51714 |
| | CVE-2024-25580] |
| | |
| reportbug [56] | Fix suite name to codename mappings to |
| | reflect the bookworm release |
| | |
| rust-cbindgen-web [57] | New source package to support builds of |
| | newer Firefox ESR versions |
| | |
| rustc-web [58] | Support firefox-esr and thunderbird in |
| | bullseye for LTS |
| | |
| sendmail [59] | Fix SMTP smuggling issue [CVE-2023- |
| | 51765]; add forgotten configuration for |
| | rejecting NUL by defualt |
| | |
| symfony [60] | Force system dependency loading; |
| | DateTypeTest: ensure submitted year is |
| | accepted choice |
| | |
| systemd [61] | Meson: drop arch filtering in syscall |
| | list; unset TZ before timezone-sensitive |
| | unit tests are run |
| | |
| wpa [62] | Fix authentication bypass issue |
| | [CVE-2023-52160] |
| | | +--------------------------+------------------------------------------+

1: https://packages.debian.org/src:allegro5
2: https://packages.debian.org/src:amavisd-new
3: https://packages.debian.org/src:bart
4: https://packages.debian.org/src:bart-cuda
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:cloud-init-22.4.2
7: https://packages.debian.org/src:cpu
8: https://packages.debian.org/src:curl
9: https://packages.debian.org/src:debian-installer
10: https://packages.debian.org/src:debian-installer-netboot-images
11: https://packages.debian.org/src:debsig-verify
12: https://packages.debian.org/src:deets
13: https://packages.debian.org/src:distro-info-data
14: https://packages.debian.org/src:django-mailman3
15: https://packages.debian.org/src:dns-root-data
16: https://packages.debian.org/src:emacs
17: https://packages.debian.org/src:galera-4
18: https://packages.debian.org/src:gdk-pixbuf
19: https://packages.debian.org/src:glib2.0
20: https://packages.debian.org/src:gnutls28
21: https://packages.debian.org/src:gross
22: https://packages.debian.org/src:hovercraft
23: https://packages.debian.org/src:imlib2
24: https://packages.debian.org/src:intel-microcode
25: https://packages.debian.org/src:jose
26: https://packages.debian.org/src:json-smart
27: https://packages.debian.org/src:lacme
28: https://packages.debian.org/src:libapache2-mod-auth-openidc
29: https://packages.debian.org/src:libjwt
30: https://packages.debian.org/src:libkf5ksieve
31: https://packages.debian.org/src:libmicrohttpd
32: https://packages.debian.org/src:libssh2
33: https://packages.debian.org/src:links2
34: https://packages.debian.org/src:nano
35: https://packages.debian.org/src:ngircd
36: https://packages.debian.org/src:nvidia-graphics-drivers
37: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
38: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470
39: https://packages.debian.org/src:nvidia-settings
40: https://packages.debian.org/src:org-mode
41: https://packages.debian.org/src:php-composer-xdebug-handler
42: https://packages.debian.org/src:php-doctrine-annotations
43: https://packages.debian.org/src:php-phpseclib
44: https://packages.debian.org/src:php-proxy-manager
45: https://packages.debian.org/src:php-symfony-contracts
46: https://packages.debian.org/src:php-zend-code
47: https://packages.debian.org/src:phpseclib
48: https://packages.debian.org/src:postfix
49: https://packages.debian.org/src:postgresql-13
50: https://packages.debian.org/src:pypdf2
51: https://packages.debian.org/src:python-aiosmtpd
52: https://packages.debian.org/src:python-dnslib
53: https://packages.debian.org/src:python-idna
54: https://packages.debian.org/src:python-stdnum
55: https://packages.debian.org/src:qtbase-opensource-src
56: https://packages.debian.org/src:reportbug
57: https://packages.debian.org/src:rust-cbindgen-web
58: https://packages.debian.org/src:rustc-web
59: https://packages.debian.org/src:sendmail
60: https://packages.debian.org/src:symfony
61: https://packages.debian.org/src:systemd
62: https://packages.debian.org/src:wpa

Security Updates
----------------

This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:

+----------------+---------------------------+
| Advisory ID | Package | +----------------+---------------------------+
| DSA-5146 [63] | puma [64] |
| | |
| DSA-5360 [65] | emacs [66] |
| | |
| DSA-5575 [67] | webkit2gtk [68] |
| | |
| DSA-5580 [69] | webkit2gtk [70] |
| | |
| DSA-5596 [71] | asterisk [72] |
| | |
| DSA-5616 [73] | ruby-sanitize [74] |
| | |
| DSA-5618 [75] | webkit2gtk [76] |
| | |
| DSA-5619 [77] | libgit2 [78] |
| | |
| DSA-5620 [79] | unbound [80] |
| | |
| DSA-5621 [81] | bind9 [82] |
| | |
| DSA-5622 [83] | postgresql-13 [84] |
| | |
| DSA-5624 [85] | edk2 [86] |
| | |
| DSA-5625 [87] | engrampa [88] |
| | |
| DSA-5627 [89] | firefox-esr [90] |
| | |
| DSA-5628 [91] | imagemagick [92] |
| | |
| DSA-5630 [93] | thunderbird [94] |
| | |
| DSA-5631 [95] | iwd [96] |
| | |
| DSA-5632 [97] | composer [98] |
| | |
| DSA-5635 [99] | yard [100] |
| | |
| DSA-5637 [101] | squid [102] |
| | |
| DSA-5638 [103] | libuv1 [104] |
| | |
| DSA-5640 [105] | openvswitch [106] |
| | |
| DSA-5641 [107] | fontforge [108] |
| | |
| DSA-5643 [109] | firefox-esr [110] |
| | |
| DSA-5644 [111] | thunderbird [112] |
| | |
| DSA-5645 [113] | firefox-esr [114] |
| | |
| DSA-5646 [115] | cacti [116] |
| | |
| DSA-5647 [117] | samba [118] |
| | |
| DSA-5650 [119] | util-linux [120] |
| | |
| DSA-5651 [121] | mediawiki [122] |
| | |
| DSA-5652 [123] | py7zr [124] |
| | |
| DSA-5653 [125] | gtkwave [126] |
| | |
| DSA-5657 [127] | xorg-server [128] |
| | |
| DSA-5659 [129] | trafficserver [130] |
| | |
| DSA-5660 [131] | php7.4 [132] |
| | |
| DSA-5662 [133] | apache2 [134] |
| | |
| DSA-5663 [135] | firefox-esr [136] |
| | |
| DSA-5664 [137] | jetty9 [138] |
| | |
| DSA-5666 [139] | flatpak [140] |
| | |
| DSA-5667 [141] | tomcat9 [142] |
| | |
| DSA-5669 [143] | guix [144] |
| | |
| DSA-5670 [145] | thunderbird [146] |
| | |
| DSA-5671 [147] | openjdk-11 [148] |
| | |
| DSA-5672 [149] | openjdk-17 [150] |
| | |
| DSA-5673 [151] | glibc [152] |
| | |
| DSA-5678 [153] | glibc [154] |
| | |
| DSA-5679 [155] | less [156] |
| | |
| DSA-5681 [157] | linux-signed-amd64 [158] |
| | |
| DSA-5681 [159] | linux-signed-arm64 [160] |
| | |
| DSA-5681 [161] | linux-signed-i386 [162] |
| | |
| DSA-5681 [163] | linux [164] |
| | |
| DSA-5682 [165] | glib2.0 [166] |
| | |
| DSA-5682 [167] | gnome-shell [168] |
| | |
| DSA-5684 [169] | webkit2gtk [170] |
| | |
| DSA-5685 [171] | wordpress [172] |
| | |
| DSA-5686 [173] | dav1d [174] |
| | |
| DSA-5688 [175] | atril [176] |
| | |
| DSA-5690 [177] | libreoffice [178] |
| | |
| DSA-5691 [179] | firefox-esr [180] |
| | |
| DSA-5692 [181] | ghostscript [182] |
| | |
| DSA-5693 [183] | thunderbird [184] |
| | |
| DSA-5695 [185] | webkit2gtk [186] |
| | |
| DSA-5698 [187] | ruby-rack [188] |
| | |
| DSA-5700 [189] | python-pymysql [190] |
| | |
| DSA-5702 [191] | gst-plugins-base1.0 [192] |
| | |
| DSA-5703 [193] | linux-signed-amd64 [194] |
| | |
| DSA-5703 [195] | linux-signed-arm64 [196] |
| | |
| DSA-5703 [197] | linux-signed-i386 [198] |
| | |
| DSA-5703 [199] | linux [200] |
| | |
| DSA-5704 [201] | pillow [202] |
| | |
| DSA-5707 [203] | vlc [204] |
| | |
| DSA-5709 [205] | firefox-esr [206] |
| | |
| DSA-5711 [207] | thunderbird [208] |
| | |
| DSA-5713 [209] | libndp [210] |
| | |
| DSA-5714 [211] | roundcube [212] |
| | |
| DSA-5715 [213] | composer [214] |
| | | +----------------+---------------------------+

63: https://www.debian.org/security/2022/dsa-5146
64: https://packages.debian.org/src:puma
65: https://www.debian.org/security/2023/dsa-5360
66: https://packages.debian.org/src:emacs
67: https://www.debian.org/security/2023/dsa-5575
68: https://packages.debian.org/src:webkit2gtk
69: https://www.debian.org/security/2023/dsa-5580
70: https://packages.debian.org/src:webkit2gtk
71: https://www.debian.org/security/2024/dsa-5596
72: https://packages.debian.org/src:asterisk
73: https://www.debian.org/security/2024/dsa-5616
74: https://packages.debian.org/src:ruby-sanitize
75: https://www.debian.org/security/2024/dsa-5618
76: https://packages.debian.org/src:webkit2gtk
77: https://www.debian.org/security/2024/dsa-5619
78: https://packages.debian.org/src:libgit2
79: https://www.debian.org/security/2024/dsa-5620
80: https://packages.debian.org/src:unbound
81: https://www.debian.org/security/2024/dsa-5621
82: https://packages.debian.org/src:bind9
83: https://www.debian.org/security/2024/dsa-5622
84: https://packages.debian.org/src:postgresql-13
85: https://www.debian.org/security/2024/dsa-5624
86: https://packages.debian.org/src:edk2
87: https://www.debian.org/security/2024/dsa-5625
88: https://packages.debian.org/src:engrampa
89: https://www.debian.org/security/2024/dsa-5627
90: https://packages.debian.org/src:firefox-esr
91: https://www.debian.org/security/2024/dsa-5628
92: https://packages.debian.org/src:imagemagick
93: https://www.debian.org/security/2024/dsa-5630
94: https://packages.debian.org/src:thunderbird
95: https://www.debian.org/security/2024/dsa-5631
96: https://packages.debian.org/src:iwd
97: https://www.debian.org/security/2024/dsa-5632
98: https://packages.debian.org/src:composer
99: https://www.debian.org/security/2024/dsa-5635
100: https://packages.debian.org/src:yard
101: https://www.debian.org/security/2024/dsa-5637
102: https://packages.debian.org/src:squid
103: https://www.debian.org/security/2024/dsa-5638
104: https://packages.debian.org/src:libuv1
105: https://www.debian.org/security/2024/dsa-5640
106: https://packages.debian.org/src:openvswitch
107: https://www.debian.org/security/2024/dsa-5641
108: https://packages.debian.org/src:fontforge
109: https://www.debian.org/security/2024/dsa-5643
110: https://packages.debian.org/src:firefox-esr
111: https://www.debian.org/security/2024/dsa-5644
112: https://packages.debian.org/src:thunderbird
113: https://www.debian.org/security/2024/dsa-5645
114: https://packages.debian.org/src:firefox-esr
115: https://www.debian.org/security/2024/dsa-5646
116: https://packages.debian.org/src:cacti
117: https://www.debian.org/security/2024/dsa-5647
118: https://packages.debian.org/src:samba
119: https://www.debian.org/security/2024/dsa-5650
120: https://packages.debian.org/src:util-linux
121: https://www.debian.org/security/2024/dsa-5651
122: https://packages.debian.org/src:mediawiki
123: https://www.debian.org/security/2024/dsa-5652
124: https://packages.debian.org/src:py7zr
125: https://www.debian.org/security/2024/dsa-5653
126: https://packages.debian.org/src:gtkwave

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Guest
  Thu Dec 26 05:34:50 2024
  from /bin/busybox Cat /proc/self/ex via Raw
- Gwylbert
  Thu Dec 26 05:25:03 2024
  from Sydney, Nsw via Telnet
- Guest
  Thu Dec 26 04:02:03 2024
  from /bin/busybox Cat /proc/self/ex via Raw
- Gwylbert
  Thu Dec 26 00:08:06 2024
  from Sydney, Nsw via Telnet
- Bob Worm
  Wed Dec 25 23:09:42 2024
  from Wales, Uk via Telnet
- Guest
  Wed Dec 25 19:36:50 2024
  from /bin/busybox Cat /proc/self/ex via Raw
- Keyop
  Wed Dec 25 16:24:41 2024
  from Huddersfield, West Yorkshire via SSH
- Daniel Garrod
  Wed Dec 25 16:22:01 2024
  from Cambridge, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	379
Nodes:	16 (2 / 14)
Uptime:	43:31:43
Calls:	8,141
Calls today:	4
Files:	13,085
Messages:	5,857,951

Updated Debian 11: 11.10 released (1/2)

Who's Online

Recent Visitors

System Info