1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • Re: Debian DSA-5095-1 : linux - security update

    From Ben Hutchings@21:1/5 to Sona Das on Thu Mar 17 01:10:01 2022
    XPost: linux.debian.user

    On Wed, 2022-03-16 at 23:46 +0530, Sona Das wrote:
    Hi Team,

    We are having High level threat in our Debian systems detected by our vulnerability scanners
    Debian DSA-5095-1 : linux - security update

    Debian DSA-4994-1 : bind9 - security update

    We tried to upgrade our Debian systems using the Debian repo but the affected packages didn’t received the package upgrade which takes care of the vulnerability. Below packages are affected and are not getting upgraded:
    linux-headers-5.10.0-10-amd64_5.10.84-1

    This was replaced by linux-headers-5.10.0-11-amd64. So long as you
    install the metapackage linux-headers-amd64, replacements like this
    should be upgraded automatically.

    libirs-export161_1:9.11.19+dfsg-2.1

    This is the only version available in Debian. It is built separately
    from bind9 and is only used by the ISC DHCP server.

    Ben.

    --
    Ben Hutchings
    Make three consecutive correct guesses and you will be considered
    an expert.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmIye/oACgkQ57/I7JWG EQlOIg//euav5QDLbFtx46tZ47X8pJCUtoXoHfoaAcyhYYCm8JZyVbLk5L2wVW2A BdXGP+7SCH+1giFV9pjl3DGfouVo/QCOR7yFwcyOnJwAGzMxoisLl9gBDm+a6uJS no8hhMBCsx89x9aqfTXTDimVEeNLDemC2VHGriTazplPom75T+K+IxfLcmpXAfsN A47IzqG8IRZ2FkM1QQyLCS+dHjbaxmpNwvaDI8sEWSrcjXBbsJmBLJu+moV7zQsS xr3Ywo4aWOryUoE27YmUPxIQrW/dM2ygdJgHsD3hUWo+Ic11kTcBQ2z7FDb1Kuk0 QullbN4+XdQFA1VSli1chRnRpihMDnO/dePifNquuhSdsEy1mggOAmy+LEjylIS9 E9CXklJrDt/LH4iXr+WO5PoVO4qvhypljWXqKveG4Ce9Uc4OTHV+7R/heD3Gyhvs FxuV+eq3N1zNTSqHOY8qimDb5s04pRd7UoaA9Q+yUOvHiYdFZomOviaGO78EyZ3y j1Bfs6BzIdIM3h1IsU7pXSBEEfCWUYG/R0rnrxdkiuOeYBuMF9ZIKSkxErxGmkY4 WhdxMs3fSG4G/HFJGaakPfL/O+eFXb58DyLeCSfcl7xFlQ1FrL/HKdry24R6uQSF 6CGtim9ELIlLKPFchz0i+z+U4FyvdokHiYCt3yxoRtpX6cZGCQY=
    =k7kQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sona Das@21:1/5 to All on Thu Mar 17 15:20:01 2022
    XPost: linux.debian.user

    But whenever I tried to upgrade my linux-header it still remains on linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.

    As per the below url the security vulnerability for Debian 11 is resolved in version 5.10.103-1, but my "apt-get upgrade” doesn’t upgrade the linux-headers to the latest fixed version

    https://security-tracker.debian.org/tracker/CVE-2022-23222 <https://security-tracker.debian.org/tracker/CVE-2022-23222>

    Im using the below repository urls in my sources.list to update my Debian system

    deb http://deb.debian.org/debian/ bullseye main
    deb-src http://deb.debian.org/debian/ bullseye main
    deb http://deb.debian.org/debian/ bullseye-updates main contrib
    deb-src http://deb.debian.org/debian/ bullseye-updates main contrib
    deb http://security.debian.org/debian-security bullseye-security main contrib deb-src http://security.debian.org/debian-security bullseye-security main contrib

    On 17-Mar-2022, at 5:38 AM, Ben Hutchings <ben@decadent.org.uk> wrote:

    On Wed, 2022-03-16 at 23:46 +0530, Sona Das wrote:
    Hi Team,

    We are having High level threat in our Debian systems detected by our vulnerability scanners
    Debian DSA-5095-1 : linux - security update

    Debian DSA-4994-1 : bind9 - security update

    We tried to upgrade our Debian systems using the Debian repo but the affected packages didn’t received the package upgrade which takes care of the vulnerability. Below packages are affected and are not getting upgraded:
    linux-headers-5.10.0-10-amd64_5.10.84-1

    This was replaced by linux-headers-5.10.0-11-amd64. So long as you
    install the metapackage linux-headers-amd64, replacements like this
    should be upgraded automatically.

    libirs-export161_1:9.11.19+dfsg-2.1

    This is the only version available in Debian. It is built separately
    from bind9 and is only used by the ISC DHCP server.

    Ben.

    --
    Ben Hutchings
    Make three consecutive correct guesses and you will be considered
    an expert.


    Best regards,
    Sona Das
    ---
    +91 7021926734 / 9768458639


    CONFIDENTIALITY. This email and any attachments are confidential to Alef Edge, and may also be privileged, except where the email states it can be disclosed. If this email is received in error, please do not disclose the contents to anyone, notify the
    sender by return email, and delete this email (and any attachments) from your system.


    --


    CONFIDENTIALITY. This email and any attachments are confidential to Alef Edge Inc., and may also be privileged, except where the email states it can
    be disclosed. If this email is received in error, please do not disclose the contents to anyone, notify the sender by return email, and delete this email (and any attachments) from your system.

    <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">But whenever I tried to upgrade my linux-header it still remains
    on li
  • From Peter Wienemann@21:1/5 to Sona Das on Thu Mar 17 16:40:01 2022
    XPost: linux.debian.user

    Hi Sona,

    On 17.03.22 15:02, Sona Das wrote:
    But whenever I tried to upgrade my linux-header it still remains on linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.

    have you verified that the metapackage linux-headers-amd64 is installed
    on your system - as suggested by Ben (see below)?

    On 17-Mar-2022, at 5:38 AM, Ben Hutchings <ben@decadent.org.uk
    <mailto:ben@decadent.org.uk>> wrote:
    So long as you
    install the metapackage linux-headers-amd64, replacements like this
    should be upgraded automatically.

    You can check its status using

    dpkg -l linux-headers-amd64

    Best regards,

    Peter

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thorsten Glaser@21:1/5 to All on Sat Mar 19 01:50:01 2022
    XPost: linux.debian.user

    "apt-get upgrade” doesn’t upgrade the linux-headers to the latest
    fixed version

    You need “apt-get upgrade --with-new-pkgs” at the very least to keep
    a stable system up-to-date. I use “apt-get --purge dist-upgrade” myself while keeping an eye on what packages apt wants to remove with that.

    bye,
    //mirabilos
    --
    When he found out that the m68k port was in a pretty bad shape, he did
    not, like many before him, shrug and move on; instead, he took it upon
    himself to start compiling things, just so he could compile his shell.
    How's that for dedication. -- Wouter, about my Debian/m68k revival

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)