تحديث دبيان 11: الإصدار 11.5
10 شتنبر 2022
يسعد مشروع دبيان الإعلان عن التحديث الخامس لتوزيعته المستقرة دبيان 11 (الاسم الرمزي bullseye
).
بالإضافة إلى تسوية بعض المشكلات الحرجة يصلح هذا التحديث بالأساس مشاكلات الأمان. تنبيهات الأمان أعلنت بشكل منفصل ومشار إليها فقط في هذا الإعلان.
يرجى ملاحظة أن هذا التحديث لا يشكّل إصدار جديد لدبيان 11 بل فقط تحديثات لبعض الحزم المضمّنة
وبالتالي ليس بالضرورة رمي الوسائط القديمة للإصدار bullseye
، يمكن تحديث الحزم باستخدام مرآة دبيان محدّثة.
الذين يثبّتون التحديثات من security.debian.org باستمرار لن يكون عليهم تحديث العديد من الحزم، أغلب التحديثات مضمّنة في هذا التحديث.
صور جديدة لأقراص التثبيت ستكون متوفرة في موضعها المعتاد.
يمكن الترقية من تثبيت آنيّ إلى هذه المراجعة بتوجيه نظام إدارة الحزم إلى إحدى مرايا HTTP الخاصة بدبيان. قائمة شاملة لمرايا دبيان على المسار:
إصلاح العديد من العلاّت
أضاف هذا التحديث للإصدار المستقر بعض الإصلاحات المهمة للحزم التالية:
الحزمة | السبب |
---|---|
avahi | Fix display of URLs containing '&' in avahi-discover; do not disable timeout cleanup on watch cleanup; fix NULL pointer crashes when trying to resolve badly-formatted hostnames [CVE-2021-3502] |
base-files | Update /etc/debian_version for the 11.5 point release |
cargo-mozilla | New source package to support building of newer firefox-esr and thunderbird versions |
clamav | New upstream stable release |
commons-daemon | Fix JVM detection |
curl | Reject cookies with control bytes[CVE-2022-35252] |
dbus-broker | Fix assertion failure when disconnecting peer groups; fix memory leak; fix null pointer dereference [CVE-2022-31213] |
debian-installer | Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18 |
debian-installer-netboot-images | Rebuild against proposed-updates; increase Linux kernel ABI to 5.10.0-18 |
debian-security-support | Update support status of various packages |
debootstrap | Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots |
dlt-daemon | Fix double free issue [CVE-2022-31291] |
dnsproxy | Listen on localhost by default, rather than the possibly unavailable 192.168.168.1 |
dovecot | Fix possible security issues when two passdb configuration entries exist with the same driver and args settings [CVE-2022-30550] |
dpkg | Fix conffile removal-on-upgrade handling, memory leak in remove-on-upgrade handling; Dpkg::Shlibs::Objdump: Fix apply_relocations to work with versioned symbols; add support for ARCv2 CPU; several updates and fixes to dpkg-fsys-usrunmess |
fig2dev | Fix double free issue [CVE-2021-37529], denial of service issue [CVE-2021-37530]; stop misplacement of embedded eps images |
foxtrotgps | Fix crash by ensuring that threads are always unreferenced |
gif2apng | Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911] |
glibc | Fix an off-by-one buffer overflow/underflow in getcwd() [CVE-2021-3999]; fix several overflows in wide character functions; add a few EVEX optimized string functions to fix a performance issue (up to 40%) with Skylake-X processors; make grantpt usable after multi-threaded fork; ensure that libio vtable protection is enabled |
golang-github-pkg-term | Fix building on newer Linux kernels |
gri | Use ps2pdfinstead of convertfor converting from PS to PDF |
grub-efi-amd64-signed | New upstream release |
grub-efi-arm64-signed | New upstream release |
grub-efi-ia32-signed | New upstream release |
grub2 | New upstream release |
http-parser | Unset F_CHUNKED on new Transfer-Encoding, fixing possible HTTP request smuggling issue [CVE-2020-8287] |
ifenslave | Fix bonded interface configurations |
inetutils | Fix buffer overflow issue [CVE-2019-0053], stack exhaustion issue, handling of FTP PASV responses [CVE-2021-40491], denial of service issue [CVE-2022-39028] |
knot | Fix IXFR to AXFR fallback with dnsmasq |
krb5 | Use SHA256 as Pkinit CMS Digest |
libayatana-appindicator | Provide compatibility for software that depends on libappindicator |
libdatetime-timezone-perl | Update included data |
libhttp-daemon-perl | Improve handling of Content-Length header [CVE-2022-31081] |
libreoffice | Support EUR in .hr locale; add HRK<->EUR conversion rate to Calc and the Euro Wizard; security fixes [CVE-2021-25636 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307]; fix hang accessing Evolution address books |
linux | New upstream stable release |
linux-signed-amd64 | New upstream stable release |
linux-signed-arm64 | New upstream stable release |
linux-signed-i386 | New upstream stable release |
llvm-toolchain-13 | New source package to support building of newer firefox-esr and thunderbird versions |
lwip | Fix buffer overflow issues [CVE-2020-22283 CVE-2020-22284] |
mokutil | New upstream version, to allow for SBAT management |
node-log4js | Do not create world-readable files by default [CVE-2022-21704] |
node-moment | Fix regular expression-based denial of service issue [CVE-2022-31129] |
nvidia-graphics-drivers | New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615] |
nvidia-graphics-drivers-legacy-390xx | New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615] |
nvidia-graphics-drivers-tesla-450 | New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615] |
nvidia-graphics-drivers-tesla-470 | New upstream release; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615] |
nvidia-settings | New upstream release; fix cross-building |
nvidia-settings-tesla-470 | New upstream release; fix cross-building |
pcre2 | Fix out-of-bounds read issues [CVE-2022-1586 CVE-2022-1587] |
postgresql-13 | Do not let extension scripts replace objects not already belonging to the extension [CVE-2022-2625] |
publicsuffix | Update included data |
rocksdb | Fix illegal instruction on arm64 |
sbuild | Buildd::Mail: support MIME encoded Subject: header, also copy the Content-Type: header when forwarding mail |
systemd | Drop bundled copy of linux/if_arp.h, fixing build failures with newer kernel headers; support detection for ARM64 Hyper-V guests; detect OpenStack instance as KVM on arm |
twitter-bootstrap4 | Actually install CSS map files |
tzdata | Update timezone data for Iran and Chile |
xtables-addons | Support both old and new versions of security_skb_classify_flow() |
تحديثات الأمان
أضافت هذه المراجعة تحديثات الأمان التالية للإصدار المستقر. سبق لفريق الأمان نشر تنبيه لكل تحديث:
الحزم المزالة
الحزم التالية أزيلت لأسباب خارجة عن سيطرتنا:
الحزمة | السبب |
---|---|
evenement | Unmaintained; only needed for already-removed movim |
php-cocur-slugify | Unmaintained; only needed for already-removed movim |
php-defuse-php-encryption | Unmaintained; only needed for already-removed movim |
php-dflydev-fig-cookies | Unmaintained; only needed for already-removed movim |
php-embed | Unmaintained; only needed for already-removed movim |
php-fabiang-sasl | Unmaintained; only needed for already-removed movim |
php-markdown | Unmaintained; only needed for already-removed movim |
php-raintpl | Unmaintained; only needed for already-removed movim |
php-react-child-process | Unmaintained; only needed for already-removed movim |
php-react-http | Unmaintained; only needed for already-removed movim |
php-respect-validation | Unmaintained; only needed for already-removed movim |
php-robmorgan-phinx | Unmaintained; only needed for already-removed movim |
ratchet-pawl | Unmaintained; only needed for already-removed movim |
ratchet-rfc6455 | Unmaintained; only needed for already-removed movim |
ratchetphp | Unmaintained; only needed for already-removed movim |
reactphp-cache | Unmaintained; only needed for already-removed movim |
reactphp-dns | Unmaintained; only needed for already-removed movim |
reactphp-event-loop | Unmaintained; only needed for already-removed movim |
reactphp-promise-stream | Unmaintained; only needed for already-removed movim |
reactphp-promise-timer | Unmaintained; only needed for already-removed movim |
reactphp-socket | Unmaintained; only needed for already-removed movim |
reactphp-stream | Unmaintained; only needed for already-removed movim |
مُثبِّت دبيان
حدِّث المُثبِّت ليتضمن الإصلاحات المندرجة في هذا الإصدار المستقر.
المسارات
القائمة الكاملة للحزم المغيّرة في هذه المراجعة:
التوزيعة المستقرة الحالية:
التحديثات المقترحة للتوزيعة المستقرة:
معلومات حول التوزيعة المستقرة (ملاحظات الإصدار والأخطاء إلخ):
معلومات وإعلانات الأمان:
حول دبيان
مشروع دبيان هو اتحاد لمطوري البرمجيات الحرة تطوعوا بالوقت والمجهود لإنتاج نظام تشعيل دبيان حر بالكامل.
معلومات الاتصال
لمزيد من المعلومات يرجى زيارة موقع دبيان https://www.debian.org/ أو إرسال بريد إلكتروني إلى <press@debian.org> أو الاتصال بفريق إصدار المستقرة على <debian-release@lists.debian.org>.