Uppdaterad Debian 11; 11.9 utgiven

10 februari 2024

Debianprojektet presenterar stolt sin nionde uppdatering till dess gamla stabila utgåva Debian 11 (med kodnamnet bullseye). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 11 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bullseye. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den gamla stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket Orsak
axis Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743]
base-files Update for the 11.9 point release
cifs-utils Fix non-parallel builds
compton Remove recommendation of picom
conda-package-handling Skip unreliable tests
conmon Do not hang when forwarding container stdout/stderr with lots of output
crun Fix containers with systemd as their init system, when using newer kernel versions
debian-installer Increase Linux kernel ABI to 5.10.0-28; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debian-ports-archive-keyring Add Debian Ports Archive Automatic Signing Key (2025)
debian-security-support Mark tor, consul and xen as end-of-life; limit samba support to non-AD DC use cases; match golang packages with regular expression; drop version-based checking; add chromium to security-support-ended.deb11; add tiles and libspring-java to security-support-limited
debootstrap Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles
distro-info Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date
distro-info-data Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates
dpdk New upstream stable release
dropbear Fix security measure bypass issue [CVE-2021-36369]; fix terrapin attack [CVE-2023-48795]
exuberant-ctags Fix arbitrary command execution issue [CVE-2022-4515]
filezilla Prevent terrapin exploit [CVE-2023-48795]
gimp Remove old versions of separately packaged dds plugin
glib2.0 Align with upstream stable fixes; fix denial of service issues [CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 CVE-2023-32636]
glibc Fix a memory corruption in qsort() when using nontransitive comparison functions.
gnutls28 Security fix for timing sidechannel attack [CVE-2023-5981]
imagemagick Various security fixes [CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]
jqueryui Fix cross-site scripting issue [CVE-2022-31160]
knewstuff Ensure correct ProvidersUrl to fix denial of service
libdatetime-timezone-perl Update included timezone data
libde265 Fix segmentation violation in the function decoder_context::process_slice_segment_header [CVE-2023-27102]; fix heap buffer overflow in the function derive_collocated_motion_vectors [CVE-2023-27103]; fix buffer over-read in pic_parameter_set::dump [CVE-2023-43887]; fix buffer overflow in the slice_segment_header function [CVE-2023-47471]; fix buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
libmateweather Update included location data; update data server URL
libpod Fix incorrect handling of supplementary groups [CVE-2022-2989]
libsolv Enable zstd compression support
libspreadsheet-parsexlsx-perl Fix possible memory bomb [CVE-2024-22368]; fix XML External Entity issue [CVE-2024-23525]
linux New upstream stable release; increase ABI to 28
linux-signed-amd64 New upstream stable release; increase ABI to 28
linux-signed-arm64 New upstream stable release; increase ABI to 28
linux-signed-i386 New upstream stable release; increase ABI to 28
llvm-toolchain-16 New backported package to support builds of newer chromium versions; build-dep on llvm-spirv instead of llvm-spirv-16
mariadb-10.5 New upstream stable release; fix denial of service issue [CVE-2023-22084]
minizip Reject overflows of zip header fields [CVE-2023-45853]
modsecurity-apache Fix protection bypass issues [CVE-2022-48279 CVE-2023-24021]
nftables Fix incorrect bytecode generation
node-dottie Fix prototype pollution issue [CVE-2023-26132]
node-url-parse Fix authorisation bypass issue [CVE-2022-0512]
node-xml2js Fix prototype pollution issue [CVE-2023-0842]
nvidia-graphics-drivers New upstream release [CVE-2023-31022]
nvidia-graphics-drivers-tesla-470 New upstream release [CVE-2023-31022]
opendkim Properly delete Authentication-Results headers [CVE-2022-48521]
perl Prevent buffer overflow via illegal Unicode property [CVE-2023-47038]
plasma-desktop Fix denial of service bug in discover
plasma-discover Fix denial of service bug; fix build failure
postfix New upstream stable release; address SMTP smuggling issue [CVE-2023-51764]
postgresql-13 New upstream stable release; fix SQL injection issue [CVE-2023-39417]
postgresql-common Fix autopkgtests
python-cogent Skip parallel tests on single-CPU systems
python-django-imagekit Avoid triggering path traversal detection in tests
python-websockets Fix predictable duration issue [CVE-2021-33880]
pyzoltan Build on single core systems
ruby-aws-sdk-core Include VERSION file in package
spip Fix cross-site scripting issue
swupdate Prevent acquiring root privileges through inappropriate socket mode
symfony Ensure CodeExtension's filters properly escape their input [CVE-2023-46734]
tar Fix boundary checking in base-256 decoder [CVE-2022-48303], handling of extended header prefixes [CVE-2023-39804]
tinyxml Fix assertion issue [CVE-2023-34194]
tzdata Update included timezone data
unadf Fix stack buffer overflow issue [CVE-2016-1243]; fix arbitary code execution issue [CVE-2016-1244]
usb.ids Update included data list
vlfeat Fix FTBFS with newer ImageMagick
weborf Fix denial of service issue
wolfssl Fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], key disclosure issue [CVE-2022-42961], predictable buffer in input keying material [CVE-2023-3724]
xerces-c Fix use-after-free issue [CVE-2018-1311]; fix integer overflow issue [CVE-2023-37536]
zeromq3 Fix fork() detection with gcc 7; update copyright relicense statement

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den gamla stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID Paket
DSA-5496 firefox-esr
DSA-5499 chromium
DSA-5506 firefox-esr
DSA-5508 chromium
DSA-5509 firefox-esr
DSA-5511 mosquitto
DSA-5512 exim4
DSA-5513 thunderbird
DSA-5514 glibc
DSA-5515 chromium
DSA-5516 libxpm
DSA-5517 libx11
DSA-5518 libvpx
DSA-5519 grub-efi-amd64-signed
DSA-5519 grub-efi-arm64-signed
DSA-5519 grub-efi-ia32-signed
DSA-5519 grub2
DSA-5520 mediawiki
DSA-5522 tomcat9
DSA-5523 curl
DSA-5524 libcue
DSA-5526 chromium
DSA-5527 webkit2gtk
DSA-5528 node-babel7
DSA-5530 ruby-rack
DSA-5531 roundcube
DSA-5533 gst-plugins-bad1.0
DSA-5534 xorg-server
DSA-5535 firefox-esr
DSA-5536 chromium
DSA-5537 openjdk-11
DSA-5538 thunderbird
DSA-5539 node-browserify-sign
DSA-5540 jetty9
DSA-5542 request-tracker4
DSA-5543 open-vm-tools
DSA-5544 zookeeper
DSA-5545 vlc
DSA-5546 chromium
DSA-5547 pmix
DSA-5548 openjdk-17
DSA-5549 trafficserver
DSA-5550 cacti
DSA-5551 chromium
DSA-5554 postgresql-13
DSA-5556 chromium
DSA-5557 webkit2gtk
DSA-5558 netty
DSA-5560 strongswan
DSA-5561 firefox-esr
DSA-5563 intel-microcode
DSA-5564 gimp
DSA-5565 gst-plugins-bad1.0
DSA-5566 thunderbird
DSA-5567 tiff
DSA-5569 chromium
DSA-5570 nghttp2
DSA-5571 rabbitmq-server
DSA-5572 roundcube
DSA-5573 chromium
DSA-5574 libreoffice
DSA-5576 xorg-server
DSA-5577 chromium
DSA-5579 freeimage
DSA-5581 firefox-esr
DSA-5582 thunderbird
DSA-5584 bluez
DSA-5585 chromium
DSA-5586 openssh
DSA-5587 curl
DSA-5588 putty
DSA-5590 haproxy
DSA-5591 libssh
DSA-5592 libspreadsheet-parseexcel-perl
DSA-5594 linux-signed-amd64
DSA-5594 linux-signed-arm64
DSA-5594 linux-signed-i386
DSA-5594 linux
DSA-5595 chromium
DSA-5597 exim4
DSA-5598 chromium
DSA-5599 phpseclib
DSA-5600 php-phpseclib
DSA-5602 chromium
DSA-5603 xorg-server
DSA-5604 openjdk-11
DSA-5605 thunderbird
DSA-5606 firefox-esr
DSA-5608 gst-plugins-bad1.0
DSA-5613 openjdk-17
DSA-5614 zbar
DSA-5615 runc

Borttagna paket

Följande föråldrat paket har tagits bort från distributionen:

Paket Orsak
gimp-dds Integrated in gimp>=2.10

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den gamla stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bullseye/ChangeLog

Den aktuella gamla stabila utgåvan:

https://deb.debian.org/debian/dists/oldstable/

Föreslagna uppdateringar till den gamla stabila utgåvan:

https://deb.debian.org/debian/dists/oldstable-proposed-updates

Information om den gamla stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/oldstable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.