------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 11: 11.3 released press@debian.org
March 26th, 2022 https://www.debian.org/News/2022/20220326
------------------------------------------------------------------------
The Debian project is pleased to announce the third update of its stable
distribution Debian 11 (codename "bullseye"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| apache-log4j1.2 [1] | Resolve security issues [CVE-2021-4104 |
| | CVE-2022-23302 CVE-2022-23305 CVE-2022- |
| | 23307], by removing support for the |
| | JMSSink, JDBCAppender, JMSAppender and |
| | Apache Chainsaw modules |
| | |
| apache-log4j2 [2] | Fix remote code execution issue |
| | [CVE-2021-44832] |
| | |
| apache2 [3] | New upstream release; fix crash due to |
| | random memory read [CVE-2022-22719]; fix |
| | HTTP request smuggling issue [CVE-2022- |
| | 22720]; fix out-of-bounds write issues |
| | [CVE-2022-22721 CVE-2022-23943] |
| | |
| atftp [4] | Fix information leak issue [CVE-2021- |
| | 46671] |
| | |
| base-files [5] | Update for the 11.3 point release |
| | |
| bible-kjv [6] | Fix off-by-one-error in search |
| | |
| chrony [7] | Allow reading the chronyd configuration |
| | file that timemaster(8) generates |
| | |
| cinnamon [8] | Fix crash when adding an online account |
| | with login |
| | |
| clamav [9] | New upstream stable release; fix denial |
| | of service issue [CVE-2022-20698] |
| | |
| cups-filters [10] | Apparmor: allow reading from Debian |
| | Edu's cups-browsed configuration file |
| | |
| dask.distributed [11] | Fix undesired listening of workers on |
| | public interfaces [CVE-2021-42343]; fix |
| | compatibility with Python 3.9 |
| | |
| debian-installer [12] | Rebuild against proposed-updates; update |
| | Linux kernel ABI to 5.10.0-13 |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [13] | |
| | |
| debian-ports-archive- | Add "Debian Ports Archive Automatic |
| keyring [14] | Signing Key (2023)" ; move the |
| | 2021 signing key to the removed keyring |
| | |
| django-allauth [15] | Fix OpenID support |
| | |
| djbdns [16] | Raise the axfrdns, dnscache, and tinydns |
| | data limit |
| | |
| dpdk [17] | New upstream stable release |
| | |
| e2guardian [18] | Fix missing SSL certificate validation |
| | issue [CVE-2021-44273] |
| | |
| epiphany-browser [19] | Work around a bug in GLib, fixing a UI |
| | process crash |
| | |
| espeak-ng [20] | Drop spurious 50ms delay while |
| | processing events |
| | |
| espeakup [21] | debian/espeakup.service: Protect |
| | espeakup from system overloads |
| | |
| fcitx5-chinese- | fcitx5-table: add missing dependencies |
| addons [22] | on fcitx5-module-pinyinhelper and |
| | fcitx5-module-punctuation |
| | |
| flac [23] | Fix out-of-bounds write issue [CVE-2021- |
| | 0561] |
| | |
| freerdp2 [24] | Disable additional debug logging |
| | |
| galera-3 [25] | New upstream release |
| | |
| galera-4 [26] | New upstream release |
| | |
| gbonds [27] | Use Treasury API for redemption data |
| | |
| glewlwyd [28] | Fix possible privilege escalation |
| | |
| glibc [29] | Fix bad conversion from ISO-2022-JP-3 |
| | with iconv [CVE-2021-43396]; fix buffer |
| | overflow issues [CVE-2022-23218 |
| | CVE-2022-23219]; fix use-after-free |
| | issue [CVE-2021-33574]; stop replacing |
| | older versions of /etc/nsswitch.conf; |
| | simplify the check for supported kernel |
| | versions, as 2.x kernels are no longer |
| | supported; support installation on |
| | kernels with a release number greater |
| | than 255 |
| | |
| glx-alternatives [30] | After initial setup of the diversions, |
| | install a minimal alternative to the |
| | diverted files so that libraries are not |
| | missing until glx-alternative-mesa |
| | processes its triggers |
| | |
| gnupg2 [31] | scd: Fix CCID driver for SCM SPR332/ |
| | SPR532; avoid network interaction in |
| | generator, which can lead to hangs |
| | |
| gnuplot [32] | Fix division by zero [CVE-2021-44917] |
| | |
| golang-1.15 [33] | Fix IsOnCurve for big.Int values that |
| | are not valid coordinates [CVE-2022- |
| | 23806]; math/big: prevent large memory |
| | consumption in Rat.SetString [CVE-2022- |
| | 23772]; cmd/go: prevent branches from |
| | materializing into versions [CVE-2022- |
| | 23773]; fix stack exhaustion compiling |
| | deeply nested expressions [CVE-2022- |
| | 24921] |
| | |
| golang-github- | Update seccomp support to enable use of |
| containers-common [34] | newer kernel versions |
| | |
| golang-github- | Update seccomp support to enable use of |
| opencontainers- | newer kernel versions |
| specs [35] | |
| | |
| gtk+3.0 [36] | Fix missing search results when using |
| | NFS; prevent Wayland clipboard handling |
| | from locking up in certain corner cases; |
| | improve printing to mDNS-discovered |
| | printers |
| | |
| heartbeat [37] | Fix creation of /run/heartbeat on |
| | systems using systemd |
| | |
| htmldoc [38] | Fix out-of-bounds read issue [CVE-2022- |
| | 0534] |
| | |
| installation-guide [39] | Update documentation and translations |
| | |
| intel-microcode [40] | Update included microcode; mitigate some |
| | security issues [CVE-2020-8694 CVE-2020- |
| | 8695 CVE-2021-0127 CVE-2021-0145 |
| | CVE-2021-0146 CVE-2021-33120] |
| | |
| ldap2zone [41] | Use "mktemp" rather than the |
| | deprecated "tempfile" , avoiding |
| | warnings |
| | |
| lemonldap-ng [42] | Fix auth process in password-testing |
| | plugins [CVE-2021-40874] |
| | |
| libarchive [43] | Fix extracting hardlinks to symlinks; |
| | fix handling of symlink ACLs [CVE-2021- |
| | 23177]; never follow symlinks when |
| | setting file flags [CVE-2021-31566] |
| | |
| libdatetime-timezone- | Update included data |
| perl [44] | |
| | |
| libgdal-grass [45] | Rebuild against grass 7.8.5-1+deb11u1 |
| | |
| libpod [46] | Update seccomp support to enable use of |
| | newer kernel versions |
| | |
| libxml2 [47] | Fix use-after-free issue [CVE-2022- |
| | 23308] |
| | |
| linux [48] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-amd64 [49] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-arm64 [50] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| linux-signed-i386 [51] | New upstream stable release; [rt] Update |
| | to 5.10.106-rt64; increase ABI to 13 |
| | |
| mariadb-10.5 [52] | New upstream release; security fixes |
| | [CVE-2021-35604 CVE-2021-46659 CVE-2021- |
| | 46661 CVE-2021-46662 CVE-2021-46663 |
| | CVE-2021-46664 CVE-2021-46665 CVE-2021- |
| | 46667 CVE-2021-46668 CVE-2022-24048 |
| | CVE-2022-24050 CVE-2022-24051 CVE-2022- |
| | 24052] |
| | |
| mpich [53] | Add Breaks: on older versions of |
| | libmpich1.0-dev, resolving some upgrade |
| | issues |
| | |
| mujs [54] | Fix buffer overflow issue [CVE-2021- |
| | 45005] |
| | |
| mutter [55] | Backport various fixes from upstream's |
| | stable branch |
| | |
| node-cached-path- | Fix prototype pollution issue [CVE-2021- |
| relative [56] | 23518] |
| | |
| node-fetch [57] | Don't forward secure headers to third |
| | party domains [CVE-2022-0235] |
| | |
| node-follow- | Don't send Cookie header across domains |
| redirects [58] | [CVE-2022-0155]; don't send confidential |
| | headers across schemes [CVE-2022-0536] |
| | |
| node-markdown-it [59] | Fix regular expression-based denial of |
| | service issue [CVE-2022-21670] |
| | |
| node-nth-check [60] | Fix regular expression-based denial of |
| | service issue [CVE-2021-3803] |
| | |
| node-prismjs [61] | Escape markup in command line output |
| | [CVE-2022-23647]; update minified files |
| | to ensure that Regular Expression Denial |
| | of Service issue is resolved [CVE-2021- |
| | 3801] |
| | |
| node-trim-newlines [62] | Fix regular expression-based denial of |
| | service issue [CVE-2021-33623] |
| | |
| nvidia-cuda-toolkit [63] | cuda-gdb: Disable non-functional python |
| | support causing segmentation faults; use |
| | a snapshot of openjdk-8-jre (8u312-b07- |
| | 1) |
| | |
| nvidia-graphics-drivers- | New upstream release; fix denial of |
| tesla-450 [64] | service issues [CVE-2022-21813 CVE-2022- |
| | 21814]; nvidia-kernel-support: Provide / |
| | etc/modprobe.d/nvidia-options.conf as a |
| | template |
| | |
| nvidia-modprobe [65] | New upstream release |
| | |
| openboard [66] | Fix application icon |
| | |
| openssl [67] | New upstream release; fix armv8 pointer |
| | authentication |
| | |
| openvswitch [68] | Fix use-after-free issue [CVE-2021- |
| | 36980]; fix installation of libofproto |
| | |
| ostree [69] | Fix compatibility with eCryptFS; avoid |
| | infinite recursion when recovering from |
| | certain errors; mark commits as partial |
| | before downloading; fix an assertion |
| | failure when using a backport or local |
| | build of GLib >= 2.71; fix the ability |
| | to fetch OSTree content from paths |
| | containing non-URI characters (such as |
| | backslashes) or non-ASCII |
| | |
| pdb2pqr [70] | Fix compatibility of propka with Python |
| | 3.8 or above |
| | |
| php-crypt-gpg [71] | Prevent additional options being passed |
| | to GPG [CVE-2022-24953] |
| | |
| php-laravel- | Fix cross-site scripting issue |
| framework [72] | [CVE-2021-43808], missing blocking of |
| | executable content upload [CVE-2021- |
| | 43617] |
| | |
| phpliteadmin [73] | Fix cross-site scripting issue |
| | [CVE-2021-46709] |
| | |
| prips [74] | Fix infinite wrapping if a range reaches |
| | 255.255.255.255; fix CIDR output with |
| | addresses that differ in their first bit |
| | |
| pypy3 [75] | Fix build failures by removing |
| | extraneous
No comments:
Post a Comment