تحديث دبيان 11: الإصدار 11.5

10 شتنبر 2022

يسعد مشروع دبيان الإعلان عن التحديث الخامس لتوزيعته المستقرة دبيان 11 (الاسم الرمزي bullseye). بالإضافة إلى تسوية بعض المشكلات الحرجة يصلح هذا التحديث بالأساس مشاكلات الأمان. تنبيهات الأمان أعلنت بشكل منفصل ومشار إليها فقط في هذا الإعلان.

يرجى ملاحظة أن هذا التحديث لا يشكّل إصدار جديد لدبيان 11 بل فقط تحديثات لبعض الحزم المضمّنة وبالتالي ليس بالضرورة رمي الوسائط القديمة للإصدار bullseye، يمكن تحديث الحزم باستخدام مرآة دبيان محدّثة.

الذين يثبّتون التحديثات من security.debian.org باستمرار لن يكون عليهم تحديث العديد من الحزم، أغلب التحديثات مضمّنة في هذا التحديث.

صور جديدة لأقراص التثبيت ستكون متوفرة في موضعها المعتاد.

يمكن الترقية من تثبيت آنيّ إلى هذه المراجعة بتوجيه نظام إدارة الحزم إلى إحدى مرايا HTTP الخاصة بدبيان. قائمة شاملة لمرايا دبيان على المسار:

https://www.debian.org/mirror/list

إصلاح العديد من العلاّت

أضاف هذا التحديث للإصدار المستقر بعض الإصلاحات المهمة للحزم التالية:

الحزمة السبب
avahi Fix display of URLs containing '&' in avahi-discover; do not disable timeout cleanup on watch cleanup; fix NULL pointer crashes when trying to resolve badly-formatted hostnames [CVE-2021-3502]
base-files Update /etc/debian_version for the 11.5 point release
cargo-mozilla New source package to support building of newer firefox-esr and thunderbird versions
clamav New upstream stable release
commons-daemon Fix JVM detection
curl Reject cookies with control bytes [CVE-2022-35252]
dbus-broker Fix assertion failure when disconnecting peer groups; fix memory leak; fix null pointer dereference [CVE-2022-31213]
debian-installer Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18
debian-installer-netboot-images Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18
debian-security-support Update support status of various packages
debootstrap Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots
dlt-daemon Fix double free issue [CVE-2022-31291]
dnsproxy Listen on localhost by default, rather than the possibly unavailable 192.168.168.1
dovecot Fix possible security issues when two passdb configuration entries exist with the same driver and args settings [CVE-2022-30550]
dpkg Fix conffile removal-on-upgrade handling, memory leak in remove-on-upgrade handling; Dpkg::Shlibs::Objdump: Fix apply_relocations to work with versioned symbols; add support for ARCv2 CPU; several updates and fixes to dpkg-fsys-usrunmess
fig2dev Fix double free issue [CVE-2021-37529], denial of service issue [CVE-2021-37530]; stop misplacement of embedded eps images
foxtrotgps Fix crash by ensuring that threads are always unreferenced
gif2apng Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911]
glibc Fix an off-by-one buffer overflow/underflow in getcwd() [CVE-2021-3999]; fix several overflows in wide character functions; add a few EVEX optimized string functions to fix a performance issue (up to 40%) with Skylake-X processors; make grantpt usable after multi-threaded fork; ensure that libio vtable protection is enabled
golang-github-pkg-term Fix building on newer Linux kernels
gri Use ps2pdf instead of convert for converting from PS to PDF
grub-efi-amd64-signed New upstream release
grub-efi-arm64-signed New upstream release
grub-efi-ia32-signed New upstream release
grub2 New upstream release
http-parser Unset F_CHUNKED on new Transfer-Encoding, fixing possible HTTP request smuggling issue [CVE-2020-8287]
ifenslave Fix bonded interface configurations
inetutils Fix buffer overflow issue [CVE-2019-0053], stack exhaustion issue, handling of FTP PASV responses [CVE-2021-40491], denial of service issue [CVE-2022-39028]
knot Fix IXFR to AXFR fallback with dnsmasq
krb5 Use SHA256 as Pkinit CMS Digest
libayatana-appindicator Provide compatibility for software that depends on libappindicator
libdatetime-timezone-perl Update included data
libhttp-daemon-perl Improve handling of Content-Length header [CVE-2022-31081]
libreoffice Support EUR in .hr locale; add HRK<->EUR conversion rate to Calc and the Euro Wizard; security fixes [CVE-2021-25636 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307]; fix hang accessing Evolution address books
linux New upstream stable release
linux-signed-amd64 New upstream stable release
linux-signed-arm64 New upstream stable release
linux-signed-i386 New upstream stable release
llvm-toolchain-13 New source package to support building of newer firefox-esr and thunderbird versions
lwip Fix buffer overflow issues [CVE-2020-22283 CVE-2020-22284]
mokutil New upstream version, to allow for SBAT management
node-log4js Do not create world-readable files by default [CVE-2022-21704]
node-moment Fix regular expression-based denial of service issue [CVE-2022-31129]
nvidia-graphics-drivers New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]
nvidia-graphics-drivers-legacy-390xx New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]
nvidia-graphics-drivers-tesla-450 New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]
nvidia-graphics-drivers-tesla-470 New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615]
nvidia-settings New upstream release; fix cross-building
nvidia-settings-tesla-470 New upstream release; fix cross-building
pcre2 Fix out-of-bounds read issues [CVE-2022-1586 CVE-2022-1587]
postgresql-13 Do not let extension scripts replace objects not already belonging to the extension [CVE-2022-2625]
publicsuffix Update included data
rocksdb Fix illegal instruction on arm64
sbuild Buildd::Mail: support MIME encoded Subject: header, also copy the Content-Type: header when forwarding mail
systemd Drop bundled copy of linux/if_arp.h, fixing build failures with newer kernel headers; support detection for ARM64 Hyper-V guests; detect OpenStack instance as KVM on arm
twitter-bootstrap4 Actually install CSS map files
tzdata Update timezone data for Iran and Chile
xtables-addons Support both old and new versions of security_skb_classify_flow()

تحديثات الأمان

أضافت هذه المراجعة تحديثات الأمان التالية للإصدار المستقر. سبق لفريق الأمان نشر تنبيه لكل تحديث:

معرَّف التنبيه الحزمة
DSA-5175 thunderbird
DSA-5176 blender
DSA-5177 ldap-account-manager
DSA-5178 intel-microcode
DSA-5179 php7.4
DSA-5180 chromium
DSA-5181 request-tracker4
DSA-5182 webkit2gtk
DSA-5183 wpewebkit
DSA-5184 xen
DSA-5185 mat2
DSA-5187 chromium
DSA-5188 openjdk-11
DSA-5189 gsasl
DSA-5190 spip
DSA-5191 linux-signed-amd64
DSA-5191 linux-signed-arm64
DSA-5191 linux-signed-i386
DSA-5191 linux
DSA-5192 openjdk-17
DSA-5193 firefox-esr
DSA-5194 booth
DSA-5195 thunderbird
DSA-5196 libpgjava
DSA-5197 curl
DSA-5198 jetty9
DSA-5199 xorg-server
DSA-5200 libtirpc
DSA-5201 chromium
DSA-5202 unzip
DSA-5203 gnutls28
DSA-5204 gst-plugins-good1.0
DSA-5205 ldb
DSA-5205 samba
DSA-5206 trafficserver
DSA-5207 linux-signed-amd64
DSA-5207 linux-signed-arm64
DSA-5207 linux-signed-i386
DSA-5207 linux
DSA-5208 epiphany-browser
DSA-5209 net-snmp
DSA-5210 webkit2gtk
DSA-5211 wpewebkit
DSA-5213 schroot
DSA-5214 kicad
DSA-5215 open-vm-tools
DSA-5216 libxslt
DSA-5217 firefox-esr
DSA-5218 zlib
DSA-5219 webkit2gtk
DSA-5220 wpewebkit
DSA-5221 thunderbird
DSA-5222 dpdk

الحزم المزالة

الحزم التالية أزيلت لأسباب خارجة عن سيطرتنا:

الحزمة السبب
evenement Unmaintained; only needed for already-removed movim
php-cocur-slugify Unmaintained; only needed for already-removed movim
php-defuse-php-encryption Unmaintained; only needed for already-removed movim
php-dflydev-fig-cookies Unmaintained; only needed for already-removed movim
php-embed Unmaintained; only needed for already-removed movim
php-fabiang-sasl Unmaintained; only needed for already-removed movim
php-markdown Unmaintained; only needed for already-removed movim
php-raintpl Unmaintained; only needed for already-removed movim
php-react-child-process Unmaintained; only needed for already-removed movim
php-react-http Unmaintained; only needed for already-removed movim
php-respect-validation Unmaintained; only needed for already-removed movim
php-robmorgan-phinx Unmaintained; only needed for already-removed movim
ratchet-pawl Unmaintained; only needed for already-removed movim
ratchet-rfc6455 Unmaintained; only needed for already-removed movim
ratchetphp Unmaintained; only needed for already-removed movim
reactphp-cache Unmaintained; only needed for already-removed movim
reactphp-dns Unmaintained; only needed for already-removed movim
reactphp-event-loop Unmaintained; only needed for already-removed movim
reactphp-promise-stream Unmaintained; only needed for already-removed movim
reactphp-promise-timer Unmaintained; only needed for already-removed movim
reactphp-socket Unmaintained; only needed for already-removed movim
reactphp-stream Unmaintained; only needed for already-removed movim

مُثبِّت دبيان

حدِّث المُثبِّت ليتضمن الإصلاحات المندرجة في هذا الإصدار المستقر.

المسارات

القائمة الكاملة للحزم المغيّرة في هذه المراجعة:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

التوزيعة المستقرة الحالية:

https://deb.debian.org/debian/dists/stable/

التحديثات المقترحة للتوزيعة المستقرة:

https://deb.debian.org/debian/dists/proposed-updates

معلومات حول التوزيعة المستقرة (ملاحظات الإصدار والأخطاء إلخ):

https://www.debian.org/releases/stable/

معلومات وإعلانات الأمان:

https://www.debian.org/security/

حول دبيان

مشروع دبيان هو اتحاد لمطوري البرمجيات الحرة تطوعوا بالوقت والمجهود لإنتاج نظام تشعيل دبيان حر بالكامل.

معلومات الاتصال

لمزيد من المعلومات يرجى زيارة موقع دبيان https://www.debian.org/ أو إرسال بريد إلكتروني إلى <press@debian.org> أو الاتصال بفريق إصدار المستقرة على <debian-release@lists.debian.org>.