تحديث دبيان 11: الإصدار 11.3
26 مارس 2022
يسعد مشروع دبيان الإعلان عن التحديث الثالث لتوزيعته المستقرة دبيان 11 (الاسم الرمزي bullseye
).
بالإضافة إلى تسوية بعض المشكلات الحرجة يصلح هذا التحديث بالأساس مشاكلات الأمان. تنبيهات الأمان أعلنت بشكل منفصل ومشار إليها فقط في هذا الإعلان.
يرجى ملاحظة أن هذا التحديث لا يشكّل إصدار جديد لدبيان 11 بل فقط تحديثات لبعض الحزم المضمّنة
وبالتالي ليس بالضرورة رمي الوسائط القديمة للإصدار bullseye
، يمكن تحديث الحزم باستخدام مرآة دبيان محدّثة.
الذين يثبّتون التحديثات من security.debian.org باستمرار لن يكون عليهم تحديث العديد من الحزم، أغلب التحديثات مضمّنة في هذا التحديث.
صور جديدة لأقراص التثبيت ستكون متوفرة في موضعها المعتاد.
يمكن الترقية من تثبيت آنيّ إلى هذه المراجعة بتوجيه نظام إدارة الحزم إلى إحدى مرايا HTTP الخاصة بدبيان. قائمة شاملة لمرايا دبيان على المسار:
إصلاح العديد من العلاّت
أضاف هذا التحديث للإصدار المستقر بعض الإصلاحات المهمة للحزم التالية:
الحزمة | السبب |
---|---|
apache-log4j1.2 | Resolve security issues [CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307], by removing support for the JMSSink, JDBCAppender, JMSAppender and Apache Chainsaw modules |
apache-log4j2 | Fix remote code execution issue [CVE-2021-44832] |
apache2 | New upstream release; fix crash due to random memory read [CVE-2022-22719]; fix HTTP request smuggling issue [CVE-2022-22720]; fix out-of-bounds write issues [CVE-2022-22721 CVE-2022-23943] |
atftp | Fix information leak issue [CVE-2021-46671] |
base-files | Update for the 11.3 point release |
bible-kjv | Fix off-by-one-error in search |
chrony | Allow reading the chronyd configuration file that timemaster(8) generates |
cinnamon | Fix crash when adding an online account with login |
clamav | New upstream stable release; fix denial of service issue [CVE-2022-20698] |
cups-filters | Apparmor: allow reading from Debian Edu's cups-browsed configuration file |
dask.distributed | Fix undesired listening of workers on public interfaces [CVE-2021-42343]; fix compatibility with Python 3.9 |
debian-installer | Rebuild against proposed-updates; update Linux kernel ABI to 5.10.0-13 |
debian-installer-netboot-images | Rebuild against proposed-updates |
debian-ports-archive-keyring | Add Debian Ports Archive Automatic Signing Key (2023); move the 2021 signing key to the removed keyring |
django-allauth | Fix OpenID support |
djbdns | Raise the axfrdns, dnscache, and tinydns data limit |
dpdk | New upstream stable release |
e2guardian | Fix missing SSL certificate validation issue [CVE-2021-44273] |
epiphany-browser | Work around a bug in GLib, fixing a UI process crash |
espeak-ng | Drop spurious 50ms delay while processing events |
espeakup | debian/espeakup.service: Protect espeakup from system overloads |
fcitx5-chinese-addons | fcitx5-table: add missing dependencies on fcitx5-module-pinyinhelper and fcitx5-module-punctuation |
flac | Fix out-of-bounds write issue [CVE-2021-0561] |
freerdp2 | Disable additional debug logging |
galera-3 | New upstream release |
galera-4 | New upstream release |
gbonds | Use Treasury API for redemption data |
glewlwyd | Fix possible privilege escalation |
glibc | Fix bad conversion from ISO-2022-JP-3 with iconv [CVE-2021-43396]; fix buffer overflow issues [CVE-2022-23218 CVE-2022-23219]; fix use-after-free issue [CVE-2021-33574]; stop replacing older versions of /etc/nsswitch.conf; simplify the check for supported kernel versions, as 2.x kernels are no longer supported; support installation on kernels with a release number greater than 255 |
glx-alternatives | After initial setup of the diversions, install a minimal alternative to the diverted files so that libraries are not missing until glx-alternative-mesa processes its triggers |
gnupg2 | scd: Fix CCID driver for SCM SPR332/SPR532; avoid network interaction in generator, which can lead to hangs |
gnuplot | Fix division by zero [CVE-2021-44917] |
golang-1.15 | Fix IsOnCurve for big.Int values that are not valid coordinates [CVE-2022-23806]; math/big: prevent large memory consumption in Rat.SetString [CVE-2022-23772]; cmd/go: prevent branches from materializing into versions [CVE-2022-23773]; fix stack exhaustion compiling deeply nested expressions [CVE-2022-24921] |
golang-github-containers-common | Update seccomp support to enable use of newer kernel versions |
golang-github-opencontainers-specs | Update seccomp support to enable use of newer kernel versions |
gtk+3.0 | Fix missing search results when using NFS; prevent Wayland clipboard handling from locking up in certain corner cases; improve printing to mDNS-discovered printers |
heartbeat | Fix creation of /run/heartbeat on systems using systemd |
htmldoc | Fix out-of-bounds read issue [CVE-2022-0534] |
installation-guide | Update documentation and translations |
intel-microcode | Update included microcode; mitigate some security issues [CVE-2020-8694 CVE-2020-8695 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120] |
ldap2zone | Use mktemprather than the deprecated tempfile, avoiding warnings |
lemonldap-ng | Fix auth process in password-testing plugins [CVE-2021-40874] |
libarchive | Fix extracting hardlinks to symlinks; fix handling of symlink ACLs [CVE-2021-23177]; never follow symlinks when setting file flags [CVE-2021-31566] |
libdatetime-timezone-perl | Update included data |
libgdal-grass | Rebuild against grass 7.8.5-1+deb11u1 |
libpod | Update seccomp support to enable use of newer kernel versions |
libxml2 | Fix use-after-free issue [CVE-2022-23308] |
linux | New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13 |
linux-signed-amd64 | New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13 |
linux-signed-arm64 | New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13 |
linux-signed-i386 | New upstream stable release; [rt] Update to 5.10.106-rt64; increase ABI to 13 |
mariadb-10.5 | New upstream release; security fixes [CVE-2021-35604 CVE-2021-46659 CVE-2021-46661 CVE-2021-46662 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46667 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052] |
mpich | Add Breaks: on older versions of libmpich1.0-dev, resolving some upgrade issues |
mujs | Fix buffer overflow issue [CVE-2021-45005] |
mutter | Backport various fixes from upstream's stable branch |
node-cached-path-relative | Fix prototype pollution issue [CVE-2021-23518] |
node-fetch | Don't forward secure headers to third party domains [CVE-2022-0235] |
node-follow-redirects | Don't send Cookie header across domains [CVE-2022-0155]; don't send confidential headers across schemes [CVE-2022-0536] |
node-markdown-it | Fix regular expression-based denial of service issue [CVE-2022-21670] |
node-nth-check | Fix regular expression-based denial of service issue [CVE-2021-3803] |
node-prismjs | Escape markup in command line output [CVE-2022-23647]; update minified files to ensure that Regular Expression Denial of Service issue is resolved [CVE-2021-3801] |
node-trim-newlines | Fix regular expression-based denial of service issue [CVE-2021-33623] |
nvidia-cuda-toolkit | cuda-gdb: Disable non-functional python support causing segmentation faults; use a snapshot of openjdk-8-jre (8u312-b07-1) |
nvidia-graphics-drivers-tesla-450 | New upstream release; fix denial of service issues [CVE-2022-21813 CVE-2022-21814]; nvidia-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template |
nvidia-modprobe | New upstream release |
openboard | Fix application icon |
openssl | New upstream release; fix armv8 pointer authentication |
openvswitch | Fix use-after-free issue [CVE-2021-36980]; fix installation of libofproto |
ostree | Fix compatibility with eCryptFS; avoid infinite recursion when recovering from certain errors; mark commits as partial before downloading; fix an assertion failure when using a backport or local build of GLib >= 2.71; fix the ability to fetch OSTree content from paths containing non-URI characters (such as backslashes) or non-ASCII |
pdb2pqr | Fix compatibility of propka with Python 3.8 or above |
php-crypt-gpg | Prevent additional options being passed to GPG [CVE-2022-24953] |
php-laravel-framework | Fix cross-site scripting issue [CVE-2021-43808], missing blocking of executable content upload [CVE-2021-43617] |
phpliteadmin | Fix cross-site scripting issue [CVE-2021-46709] |
prips | Fix infinite wrapping if a range reaches 255.255.255.255; fix CIDR output with addresses that differ in their first bit |
pypy3 | Fix build failures by removing extraneous #endif from import.h |
python-django | Fix denial of service issue [CVE-2021-45115], information disclosure issue [CVE-2021-45116], directory traversal issue [CVE-2021-45452]; fix a traceback around the handling of RequestSite/get_current_site() due to a circular import |
python-pip | Avoid a race-condition when using zip-imported dependencies |
rust-cbindgen | New upstream stable release to support builds of newer firefox-esr and thunderbird versions |
s390-dasd | Stop passing deprecated -f option to dasdfmt |
schleuder | Migrate boolean values to integers, if the ActiveRecord SQLite3 connection adapter is in use, restoring functionality |
sphinx-bootstrap-theme | Fix search functionality |
spip | Fix several cross-site scripting issues |
symfony | Fix CVE injection issue [CVE-2021-41270] |
systemd | Fix uncontrolled recursion in systemd-tmpfiles [CVE-2021-3997]; demote systemd-timesyncd from Depends to Recommends, removing a dependency cycle; fix failure to bind mount a directory into a container using machinectl; fix regression in udev resulting in long delays when processing partitions with the same label; fix a regression when using systemd-networkd in an unprivileged LXD container |
sysvinit | Fix parsing of shutdown +0; clarify that when called with a timeshutdown will not exit |
tasksel | Install CUPS for all *-desktop tasks, as task-print-service no longer exists |
usb.ids | Update included data |
weechat | Fix denial of service issue [CVE-2021-40516] |
wolfssl | Fix several issues related to OCSP-handling [CVE-2021-3336 CVE-2021-37155 CVE-2021-38597] and TLS1.3 support [CVE-2021-44718 CVE-2022-25638 CVE-2022-25640] |
xserver-xorg-video-intel | Fix SIGILL crash on non-SSE2 CPUs |
xterm | Fix buffer overflow issue [CVE-2022-24130] |
zziplib | Fix denial of service issue [CVE-2020-18442] |
تحديثات الأمان
أضافت هذه المراجعة تحديثات الأمان التالية للإصدار المستقر. سبق لفريق الأمان نشر تنبيه لكل تحديث:
الحزم المزالة
الحزم التالية أزيلت لأسباب خارجة عن سيطرتنا:
الحزمة | السبب |
---|---|
angular-maven-plugin | No longer useful |
minify-maven-plugin | No longer useful |
مُثبِّت دبيان
حدِّث المُثبِّت ليتضمن الإصلاحات المندرجة في هذا الإصدار المستقر.
المسارات
القائمة الكاملة للحزم المغيّرة في هذه المراجعة:
التوزيعة المستقرة الحالية:
التحديثات المقترحة للتوزيعة المستقرة:
معلومات حول التوزيعة المستقرة (ملاحظات الإصدار والأخطاء إلخ):
معلومات وإعلانات الأمان:
حول دبيان
مشروع دبيان هو اتحاد لمطوري البرمجيات الحرة تطوعوا بالوقت والمجهود لإنتاج نظام تشعيل دبيان حر بالكامل.
معلومات الاتصال
لمزيد من المعلومات يرجى زيارة موقع دبيان https://www.debian.org/ أو إرسال بريد إلكتروني إلى <press@debian.org> أو الاتصال بفريق إصدار المستقرة على <debian-release@lists.debian.org>.