------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 11: 11.11 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/2024083102
------------------------------------------------------------------------
The Debian project is pleased to announce the eleventh and final update
of its oldstable distribution Debian 11 (codename "bullseye"). This
point release mainly adds corrections for security issues, along with a
few adjustments for serious problems. Security advisories have already
been published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 11.11) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+----------------------+------------------------------------------------+
| Package | Reason |
+----------------------+------------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New usptream stable release; fix template |
| | injection issue [CVE-2021-3583], information |
| | disclosure issue [CVE-2021-3620], file |
| | overwrite issue [CVE-2023-5115], template |
| | injection issue [CVE-2023-5764], information |
| | disclosure issues [CVE-2024-0690 CVE-2022- |
| | 3697]; document workaround for ec2 private key |
| | leak [CVE-2023-4237] |
| | |
| apache2 [3] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [4] | Update for the point release |
| | |
| bind9 [5] | Allow the limits introduced to fix CVE-2024- |
| | 1737 to be configured |
| | |
| calibre [6] | Fix cross site scripting issue [CVE-2024- |
| | 7008], SQL injection issue [CVE-2024-7009] |
| | |
| choose-mirror [7] | Update list of available mirrors |
| | |
| cjson [8] | Add NULL checks to cJSON_SetValuestring and |
| | cJSON_InsertItemInArray [CVE-2023-50472 |
| | CVE-2023-50471 CVE-2024-31755] |
| | |
| cups [9] | Fix issues with domain socket handling |
| | [CVE-2024-35235]; fix regression when domain |
| | sockets only are used |
| | |
| curl [10] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| debian- | Increase Linux kernel ABI to 5.10.0-32; |
| installer [11] | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [12] | |
| | |
| dropbear [13] | Fix "noremotetcp" behaviour of keepalive |
| | packets in combination with the "no-port- |
| | forwarding" authorized_keys(5) restriction |
| | |
| fusiondirectory [14] | Backport compatibility with php-cas version |
| | addressing CVE 2022-39369; fix improper |
| | session handling issue [CVE-2022-36179]; fix |
| | cross site scripting issue [CVE-2022-36180] |
| | |
| gettext.js [15] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glewlwyd [16] | Fix buffer overflow during webauthn signature |
| | assertion [CVE-2022-27240]; prevent directory |
| | traversal in |
| | static_compressed_inmemory_website_callback.c |
| | [CVE-2022-29967]; copy bootstrap, jquery, |
| | fork-awesome instead of linking them; buffer |
| | overflow during FIDO2 signature validation |
| | [CVE-2023-49208] |
| | |
| glibc [17] | Fix ffsll() performance issue depending on |
| | code alignment; performance improvements for |
| | memcpy() on arm64; fix y2038 regression in |
| | nscd following CVE-2024-33601 and CVE-2024- |
| | 33602 fix |
| | |
| graphviz [18] | Fix broken scaling |
| | |
| gtk+2.0 [19] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| gtk+3.0 [20] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| healpix-java [21] | Fix build failure |
| | |
| imagemagick [22] | Fix divide by zero issues [CVE-2021-20312 |
| | CVE-2021-20313]; fix incomplete fix for |
| | CVE-2023-34151 |
| | |
| indent [23] | Reinstate ROUND_UP macro and adjust the |
| | initial buffer size to fix memory handling |
| | problems; fix out-of-buffer read in |
| | search_brace()/lexi(); fix heap buffer |
| | overwrite in search_brace() [CVE-2023-40305]; |
| | heap buffer underread in set_buf_break() |
| | [CVE-2024-0911] |
| | |
| intel-microcode [24] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 |
| | CVE-2024-24980 CVE-2024-25939] |
| | |
| libvirt [25] | Fix sVirt confinement issue [CVE-2021-3631], |
| | use after free issue [CVE-2021-3975], denial |
| | of service issues [CVE-2021-3667 CVE-2021-4147 |
| | CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 |
| | CVE-2024-2496] |
| | |
| midge [26] | Exclude examples/covers/* for DFSG-compliance; |
| | add build-arch/build-indep build targets; use |
| | quilt (3.0) source package format |
| | |
| mlpost [27] | Fix build failure with newer ImageMagick |
| | versions |
| | |
| net-tools [28] | Drop build-dependency on libdnet-dev |
| | |
| nfs-utils [29] | Pass all valid export flags to nfsd |
| | |
| ntfs-3g [30] | Fix use-after-free in |
| | "ntfs_uppercase_mbs" [CVE-2023-52890] |
| | |
| nvidia-graphics- | Fix use of GPL-only symbols causing build |
| drivers- | failures |
| tesla-418 [31] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-450 [32] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-460 [33] | |
| | |
| ocsinventory- | Backport compatibility with php-cas version |
| server [34] | addressing CVE 2022-39369 |
| | |
| onionshare [35] | Demote obfs4proxy dependency to Recommends, to |
| | allow removal of obfs4proxy |
| | |
| php-cas [36] | Fix Service Hostname Discovery Exploitation |
| | issue [CVE-2022-39369] |
| | |
| poe.app [37] | Make comment cells editable; fix drawing when |
| | an NSActionCell in the preferences is acted on |
| | to change state |
| | |
| putty [38] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| riemann-c- | Prevent malformed payload in GnuTLS send/ |
| client [39] | receive operations |
| | |
| runc [40] | Fix busybox tarball url; prevent buffer |
| | overflow writing netlink messages [CVE-2021- |
| | 43784]; fix tests on newer kernels; prevent |
| | write access to user-owned cgroup hierarchy |
| | "/sys/fs/cgroup/user.slice/..." [CVE-2023- |
| | 25809]; fix access control regression |
| | [CVE-2023-27561 CVE-2023-28642] |
| | |
| rustc-web [41] | New upstream stable release, to support |
| | building new chromium and firefox-esr versions |
| | |
| shim [42] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [43] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [44] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-signed [46] | New upstream stable release |
| | |
| symfony [47] | Fix autoloading of HttpClient |
| | |
| trinity [48] | Fix build failure by dropping support for |
| | DECNET |
| | |
| usb.ids [49] | Update included data list |
| | |
| xmedcon [50] | Fix heap overflow [CVE-2024-29421] |
| | |
+----------------------+------------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bind9
6: https://packages.debian.org/src:calibre
7: https://packages.debian.org/src:choose-mirror
8: https://packages.debian.org/src:cjson
9: https://packages.debian.org/src:cups
10: https://packages.debian.org/src:curl
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:dropbear
14: https://packages.debian.org/src:fusiondirectory
15: https://packages.debian.org/src:gettext.js
16: https://packages.debian.org/src:glewlwyd
17: https://packages.debian.org/src:glibc
18: https://packages.debian.org/src:graphviz
19: https://packages.debian.org/src:gtk+2.0
20: https://packages.debian.org/src:gtk+3.0
21: https://packages.debian.org/src:healpix-java
22: https://packages.debian.org/src:imagemagick
23: https://packages.debian.org/src:indent
24: https://packages.debian.org/src:intel-microcode
25: https://packages.debian.org/src:libvirt
26: https://packages.debian.org/src:midge
27: https://packages.debian.org/src:mlpost
28: https://packages.debian.org/src:net-tools
29: https://packages.debian.org/src:nfs-utils
30: https://packages.debian.org/src:ntfs-3g
31: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-418
32: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
33: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-460
34: https://packages.debian.org/src:ocsinventory-server
35: https://packages.debian.org/src:onionshare
36: https://packages.debian.org/src:php-cas
37: https://packages.debian.org/src:poe.app
38: https://packages.debian.org/src:putty
39: https://packages.debian.org/src:riemann-c-client
40: https://packages.debian.org/src:runc
41: https://packages.debian.org/src:rustc-web
42: https://packages.debian.org/src:shim
43: https://packages.debian.org/src:shim-helpers-amd64-signed
44: https://packages.debian.org/src:shim-helpers-arm64-signed
45: https://packages.debian.org/src:shim-helpers-i386-signed
46: https://packages.debian.org/src:shim-signed
47: https://packages.debian.org/src:symfony
48: https://packages.debian.org/src:trinity
49: https://packages.debian.org/src:usb.ids
50: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5718 [51] | org-mode [52] |
| | |
| DSA-5719 [53] | emacs [54] |
| | |
| DSA-5721 [55] | ffmpeg [56] |
| | |
| DSA-5722 [57] | libvpx [58] |
| | |
| DSA-5723 [59] | plasma-workspace [60] |
| | |
| DSA-5725 [61] | znc [62] |
| | |
| DSA-5726 [63] | krb5 [64] |
| | |
| DSA-5727 [65] | firefox-esr [66] |
| | |
| DSA-5728 [67] | exim4 [68] |
| | |
| DSA-5729 [69] | apache2 [70] |
| | |
| DSA-5730 [71] | linux-signed-amd64 [72] |
| | |
| DSA-5730 [73] | linux-signed-arm64 [74] |
| | |
| DSA-5730 [75] | linux-signed-i386 [76] |
| | |
| DSA-5730 [77] | linux [78] |
| | |
| DSA-5734 [79] | bind9 [80] |
| | |
| DSA-5736 [81] | openjdk-11 [82] |
| | |
| DSA-5737 [83] | libreoffice [84] |
| | |
| DSA-5738 [85] | openjdk-17 [86] |
| | |
| DSA-5739 [87] | wpa [88] |
| | |
| DSA-5740 [89] | firefox-esr [90] |
| | |
| DSA-5742 [91] | odoo [92] |
| | |
| DSA-5743 [93] | roundcube [94] |
| | |
| DSA-5746 [95] | postgresql-13 [96] |
| | |
| DSA-5747 [97] | linux-signed-amd64 [98] |
| | |
| DSA-5747 [99] | linux-signed-arm64 [100] |
| | |
| DSA-5747 [101] | linux-signed-i386 [102] |
| | |
| DSA-5747 [103] | linux [104] |
| | |
+----------------+--------------------------+
51: https://www.debian.org/security/2024/dsa-5718
52: https://packages.debian.org/src:org-mode
53: https://www.debian.org/security/2024/dsa-5719
54: https://packages.debian.org/src:emacs
55: https://www.debian.org/security/2024/dsa-5721
56: https://packages.debian.org/src:ffmpeg
57: https://www.debian.org/security/2024/dsa-5722
58: https://packages.debian.org/src:libvpx
59: https://www.debian.org/security/2024/dsa-5723
60: https://packages.debian.org/src:plasma-workspace
61: https://www.debian.org/security/2024/dsa-5725
62: https://packages.debian.org/src:znc
63: https://www.debian.org/security/2024/dsa-5726
64: https://packages.debian.org/src:krb5
65: https://www.debian.org/security/2024/dsa-5727
66: https://packages.debian.org/src:firefox-esr
67: https://www.debian.org/security/2024/dsa-5728
68: https://packages.debian.org/src:exim4
69: https://www.debian.org/security/2024/dsa-5729
70: https://packages.debian.org/src:apache2
71: https://www.debian.org/security/2024/dsa-5730
72: https://packages.debian.org/src:linux-signed-amd64
73: https://www.debian.org/security/2024/dsa-5730
74: https://packages.debian.org/src:linux-signed-arm64
75: https://www.debian.org/security/2024/dsa-5730
76: https://packages.debian.org/src:linux-signed-i386
77: https://www.debian.org/security/2024/dsa-5730
78: https://packages.debian.org/src:linux
79: https://www.debian.org/security/2024/dsa-5734
80: https://packages.debian.org/src:bind9
81: https://www.debian.org/security/2024/dsa-5736
82: https://packages.debian.org/src:openjdk-11
83: https://www.debian.org/security/2024/dsa-5737
84: https://packages.debian.org/src:libreoffice
85: https://www.debian.org/security/2024/dsa-5738
86: https://packages.debian.org/src:openjdk-17
87: https://www.debian.org/security/2024/dsa-5739
88: https://packages.debian.org/src:wpa
89: https://www.debian.org/security/2024/dsa-5740
90: https://packages.debian.org/src:firefox-esr
91: https://www.debian.org/security/2024/dsa-5742
92: https://packages.debian.org/src:odoo
93: https://www.debian.org/security/2024/dsa-5743
94: https://packages.debian.org/src:roundcube
95: https://www.debian.org/security/2024/dsa-5746
96: https://packages.debian.org/src:postgresql-13
97: https://www.debian.org/security/2024/dsa-5747
98: https://packages.debian.org/src:linux-signed-amd64
99: https://www.debian.org/security/2024/dsa-5747
100: https://packages.debian.org/src:linux-signed-arm64
101: https://www.debian.org/security/2024/dsa-5747
102: https://packages.debian.org/src:linux-signed-i386
103: https://www.debian.org/security/2024/dsa-5747
104: https://packages.debian.org/src:linux
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+---------------------------------+
| Package | Reason |
+----------------------+---------------------------------+
| bcachefs-tools [105] | Buggy, obsolete |
| | |
| dnprogs [106] | Buggy, obsolete |
| | |
| iotjs [107] | Unmaintained, security concerns |
| | |
| obfs4proxy [108] | Security issues |
| | |
+----------------------+---------------------------------+
105: https://packages.debian.org/src:bcachefs-tools
106: https://packages.debian.org/src:dnprogs
107: https://packages.debian.org/src:iotjs
108: https://packages.debian.org/src:obfs4proxy
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Saturday, August 31, 2024
Updated Debian 12: 12.7 released
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.7 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/20240831
------------------------------------------------------------------------
The Debian project is pleased to announce the seventh update of its
stable distribution Debian 12 (codename "bookworm"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 12.7) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New upstream stable release; fix key |
| | leakage issue [CVE-2023-4237] |
| | |
| ansible-core [3] | New upstream stable release; fix |
| | information disclosure issue [CVE-2024- |
| | 0690]; fix template injection issue |
| | [CVE-2023-5764]; fix path traversal |
| | issue [CVE-2023-5115] |
| | |
| apache2 [4] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [5] | Update for the point release |
| | |
| cacti [6] | Fix remote code execution issues |
| | [CVE-2024-25641 CVE-2024-31459], cross |
| | site scripting issues [CVE-2024-29894 |
| | CVE-2024-31443 CVE-2024-31444], SQL |
| | injection issues [CVE-2024-31445 |
| | CVE-2024-31458 CVE-2024-31460], "type |
| | juggling" issue [CVE-2024-34340]; fix |
| | autopkgtest failure |
| | |
| calamares-settings- | Fix Xfce launcher permission issue |
| debian [7] | |
| | |
| calibre [8] | Fix remote code execution issue |
| | [CVE-2024-6782, cross site scripting |
| | issue [CVE-2024-7008], SQL injection |
| | issue [CVE-2024-7009] |
| | |
| choose-mirror [9] | Update list of available mirrors |
| | |
| cockpit [10] | Fix denial of service issue [CVE-2024- |
| | 6126] |
| | |
| cups [11] | Fix issues with domain socket handling |
| | [CVE-2024-35235] |
| | |
| curl [12] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| cyrus-imapd [13] | Fix regression introduced in CVE-2024- |
| | 34055 fix |
| | |
| dcm2niix [14] | Fix potential code execution issue |
| | [CVE-2024-27629] |
| | |
| debian-installer [15] | Increase Linux kernel ABI to 6.1.0-25; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [16] | |
| | |
| dmitry [17] | Security fixes [CVE-2024-31837 CVE-2020- |
| | 14931 CVE-2017-7938] |
| | |
| dropbear [18] | Fix "noremotetcp" behaviour of |
| | keepalive packets in combination with |
| | the "no-port-forwarding" |
| | authorized_keys(5) restriction |
| | |
| gettext.js [19] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glibc [20] | Fix freeing uninitialized memory in |
| | libc_freeres_fn(); fix several |
| | performance issues and possible crashses |
| | |
| glogic [21] | Require Gtk 3.0 and PangoCairo 1.0 |
| | |
| graphviz [22] | Fix broken scale |
| | |
| gtk+2.0 [23] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| gtk+3.0 [24] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| imagemagick [25] | Fix segmentation fault issue; fix |
| | incomplete fix for CVE-2023-34151 |
| | |
| initramfs-tools [26] | hook_functions: Fix copy_file with |
| | source including a directory symlink; |
| | hook-functions: copy_file: Canonicalise |
| | target filename; install hid-multitouch |
| | module for Surface Pro 4 Keyboard; add |
| | hyper-keyboard module, needed to enter |
| | LUKS password in Hyper-V; |
| | auto_add_modules: Add onboard_usb_hub, |
| | onboard_usb_dev |
| | |
| intel-microcode [27] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024- |
| | 24853 CVE-2024-24980 CVE-2024-25939] |
| | |
| ipmitool [28] | Add missing enterprise-numbers.txt file |
| | |
| libapache2-mod-auth- | Avoid crash when the Forwarded header is |
| openidc [29] | not present but OIDCXForwardedHeaders is |
| | configured for it |
| | |
| libnvme [30] | Fix buffer overflow during scanning |
| | devices that do not support sub-4k reads |
| | |
| libvirt [31] | birsh: Make domif-setlink work more than |
| | once; qemu: domain: Fix logic when |
| | tainting domain; fix denial of service |
| | issues [CVE-2023-3750 CVE-2024-1441 |
| | CVE-2024-2494 CVE-2024-2496] |
| | |
| linux [32] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-amd64 [33] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-arm64 [34] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-i386 [35] | New upstream release; bump ABI to 25 |
| | |
| newlib [36] | Fix buffer overflow issue [CVE-2021- |
| | 3420] |
| | |
| numpy [37] | Conflict with python-numpy |
| | |
| openssl [38] | New upstream stable release; fix denial |
| | of service issues [CVE-2024-2511 |
| | CVE-2024-4603]; fix use after free issue |
| | [CVE-2024-4741] |
| | |
| poe.app [39] | Make comment cells editable; fix drawing |
| | when an NSActionCell in the preferences |
| | is acted on to change state |
| | |
| putty [40] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| qemu [41] | New upstream stable release; fix denial |
| | of service issue [CVE-2024-4467] |
| | |
| riemann-c-client [42] | Prevent malformed payload in GnuTLS |
| | send/receive operations |
| | |
| rustc-web [43] | New upstream stable release, to support |
| | building new chromium and firefox-esr |
| | versions |
| | |
| shim [44] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [46] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [47] | |
| | |
| shim-signed [48] | New upstream stable release |
| | |
| systemd [49] | New upstream stable release; update hwdb |
| | |
| usb.ids [50] | Update included data list |
| | |
| xmedcon [51] | Fix buffer overflow issue [CVE-2024- |
| | 29421] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:ansible-core
4: https://packages.debian.org/src:apache2
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:cacti
7: https://packages.debian.org/src:calamares-settings-debian
8: https://packages.debian.org/src:calibre
9: https://packages.debian.org/src:choose-mirror
10: https://packages.debian.org/src:cockpit
11: https://packages.debian.org/src:cups
12: https://packages.debian.org/src:curl
13: https://packages.debian.org/src:cyrus-imapd
14: https://packages.debian.org/src:dcm2niix
15: https://packages.debian.org/src:debian-installer
16: https://packages.debian.org/src:debian-installer-netboot-images
17: https://packages.debian.org/src:dmitry
18: https://packages.debian.org/src:dropbear
19: https://packages.debian.org/src:gettext.js
20: https://packages.debian.org/src:glibc
21: https://packages.debian.org/src:glogic
22: https://packages.debian.org/src:graphviz
23: https://packages.debian.org/src:gtk+2.0
24: https://packages.debian.org/src:gtk+3.0
25: https://packages.debian.org/src:imagemagick
26: https://packages.debian.org/src:initramfs-tools
27: https://packages.debian.org/src:intel-microcode
28: https://packages.debian.org/src:ipmitool
29: https://packages.debian.org/src:libapache2-mod-auth-openidc
30: https://packages.debian.org/src:libnvme
31: https://packages.debian.org/src:libvirt
32: https://packages.debian.org/src:linux
33: https://packages.debian.org/src:linux-signed-amd64
34: https://packages.debian.org/src:linux-signed-arm64
35: https://packages.debian.org/src:linux-signed-i386
36: https://packages.debian.org/src:newlib
37: https://packages.debian.org/src:numpy
38: https://packages.debian.org/src:openssl
39: https://packages.debian.org/src:poe.app
40: https://packages.debian.org/src:putty
41: https://packages.debian.org/src:qemu
42: https://packages.debian.org/src:riemann-c-client
43: https://packages.debian.org/src:rustc-web
44: https://packages.debian.org/src:shim
45: https://packages.debian.org/src:shim-helpers-amd64-signed
46: https://packages.debian.org/src:shim-helpers-arm64-signed
47: https://packages.debian.org/src:shim-helpers-i386-signed
48: https://packages.debian.org/src:shim-signed
49: https://packages.debian.org/src:systemd
50: https://packages.debian.org/src:usb.ids
51: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5617 [52] | chromium [53] |
| | |
| DSA-5629 [54] | chromium [55] |
| | |
| DSA-5634 [56] | chromium [57] |
| | |
| DSA-5636 [58] | chromium [59] |
| | |
| DSA-5639 [60] | chromium [61] |
| | |
| DSA-5648 [62] | chromium [63] |
| | |
| DSA-5654 [64] | chromium [65] |
| | |
| DSA-5656 [66] | chromium [67] |
| | |
| DSA-5668 [68] | chromium [69] |
| | |
| DSA-5675 [70] | chromium [71] |
| | |
| DSA-5676 [72] | chromium [73] |
| | |
| DSA-5683 [74] | chromium [75] |
| | |
| DSA-5687 [76] | chromium [77] |
| | |
| DSA-5689 [78] | chromium [79] |
| | |
| DSA-5694 [80] | chromium [81] |
| | |
| DSA-5696 [82] | chromium [83] |
| | |
| DSA-5697 [84] | chromium [85] |
| | |
| DSA-5701 [86] | chromium [87] |
| | |
| DSA-5710 [88] | chromium [89] |
| | |
| DSA-5716 [90] | chromium [91] |
| | |
| DSA-5719 [92] | emacs [93] |
| | |
| DSA-5720 [94] | chromium [95] |
| | |
| DSA-5722 [96] | libvpx [97] |
| | |
| DSA-5723 [98] | plasma-workspace [99] |
| | |
| DSA-5724 [100] | openssh [101] |
| | |
| DSA-5725 [102] | znc [103] |
| | |
| DSA-5726 [104] | krb5 [105] |
| | |
| DSA-5727 [106] | firefox-esr [107] |
| | |
| DSA-5728 [108] | exim4 [109] |
| | |
| DSA-5729 [110] | apache2 [111] |
| | |
| DSA-5731 [112] | linux-signed-amd64 [113] |
| | |
| DSA-5731 [114] | linux-signed-arm64 [115] |
| | |
| DSA-5731 [116] | linux-signed-i386 [117] |
| | |
| DSA-5731 [118] | linux [119] |
| | |
| DSA-5732 [120] | chromium [121] |
| | |
| DSA-5734 [122] | bind9 [123] |
| | |
| DSA-5735 [124] | chromium [125] |
| | |
| DSA-5737 [126] | libreoffice [127] |
| | |
| DSA-5738 [128] | openjdk-17 [129] |
| | |
| DSA-5739 [130] | wpa [131] |
| | |
| DSA-5740 [132] | firefox-esr [133] |
| | |
| DSA-5741 [134] | chromium [135] |
| | |
| DSA-5743 [136] | roundcube [137] |
| | |
| DSA-5745 [138] | postgresql-15 [139] |
| | |
| DSA-5748 [140] | ffmpeg [141] |
| | |
| DSA-5749 [142] | bubblewrap [143] |
| | |
| DSA-5749 [144] | flatpak [145] |
| | |
| DSA-5750 [146] | python-asyncssh [147] |
| | |
| DSA-5751 [148] | squid [149] |
| | |
| DSA-5752 [150] | dovecot [151] |
| | |
| DSA-5753 [152] | aom [153] |
| | |
| DSA-5754 [154] | cinder [155] |
| | |
| DSA-5755 [156] | glance [157] |
| | |
| DSA-5756 [158] | nova [159] |
| | |
| DSA-5757 [160] | chromium [161] |
| | |
+----------------+--------------------------+
52: https://www.debian.org/security/2024/dsa-5617
53: https://packages.debian.org/src:chromium
54: https://www.debian.org/security/2024/dsa-5629
55: https://packages.debian.org/src:chromium
56: https://www.debian.org/security/2024/dsa-5634
57: https://packages.debian.org/src:chromium
58: https://www.debian.org/security/2024/dsa-5636
59: https://packages.debian.org/src:chromium
60: https://www.debian.org/security/2024/dsa-5639
61: https://packages.debian.org/src:chromium
62: https://www.debian.org/security/2024/dsa-5648
63: https://packages.debian.org/src:chromium
64: https://www.debian.org/security/2024/dsa-5654
65: https://packages.debian.org/src:chromium
66: https://www.debian.org/security/2024/dsa-5656
67: https://packages.debian.org/src:chromium
68: https://www.debian.org/security/2024/dsa-5668
69: https://packages.debian.org/src:chromium
70: https://www.debian.org/security/2024/dsa-5675
71: https://packages.debian.org/src:chromium
72: https://www.debian.org/security/2024/dsa-5676
73: https://packages.debian.org/src:chromium
74: https://www.debian.org/security/2024/dsa-5683
75: https://packages.debian.org/src:chromium
76: https://www.debian.org/security/2024/dsa-5687
77: https://packages.debian.org/src:chromium
78: https://www.debian.org/security/2024/dsa-5689
79: https://packages.debian.org/src:chromium
80: https://www.debian.org/security/2024/dsa-5694
81: https://packages.debian.org/src:chromium
82: https://www.debian.org/security/2024/dsa-5696
83: https://packages.debian.org/src:chromium
84: https://www.debian.org/security/2024/dsa-5697
85: https://packages.debian.org/src:chromium
86: https://www.debian.org/security/2024/dsa-5701
87: https://packages.debian.org/src:chromium
88: https://www.debian.org/security/2024/dsa-5710
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2024/dsa-5716
91: https://packages.debian.org/src:chromium
92: https://www.debian.org/security/2024/dsa-5719
93: https://packages.debian.org/src:emacs
94: https://www.debian.org/security/2024/dsa-5720
95: https://packages.debian.org/src:chromium
96: https://www.debian.org/security/2024/dsa-5722
97: https://packages.debian.org/src:libvpx
98: https://www.debian.org/security/2024/dsa-5723
99: https://packages.debian.org/src:plasma-workspace
100: https://www.debian.org/security/2024/dsa-5724
101: https://packages.debian.org/src:openssh
102: https://www.debian.org/security/2024/dsa-5725
103: https://packages.debian.org/src:znc
104: https://www.debian.org/security/2024/dsa-5726
105: https://packages.debian.org/src:krb5
106: https://www.debian.org/security/2024/dsa-5727
107: https://packages.debian.org/src:firefox-esr
108: https://www.debian.org/security/2024/dsa-5728
109: https://packages.debian.org/src:exim4
110: https://www.debian.org/security/2024/dsa-5729
111: https://packages.debian.org/src:apache2
112: https://www.debian.org/security/2024/dsa-5731
113: https://packages.debian.org/src:linux-signed-amd64
114: https://www.debian.org/security/2024/dsa-5731
115: https://packages.debian.org/src:linux-signed-arm64
116: https://www.debian.org/security/2024/dsa-5731
117: https://packages.debian.org/src:linux-signed-i386
118: https://www.debian.org/security/2024/dsa-5731
119: https://packages.debian.org/src:linux
120: https://www.debian.org/security/2024/dsa-5732
121: https://packages.debian.org/src:chromium
122: https://www.debian.org/security/2024/dsa-5734
123: https://packages.debian.org/src:bind9
124: https://www.debian.org/security/2024/dsa-5735
125: https://packages.debian.org/src:chromium
126: https://www.debian.org/security/2024/dsa-5737
127: https://packages.debian.org/src:libreoffice
128: https://www.debian.org/security/2024/dsa-5738
129: https://packages.debian.org/src:openjdk-17
130: https://www.debian.org/security/2024/dsa-5739
131: https://packages.debian.org/src:wpa
132: https://www.debian.org/security/2024/dsa-5740
133: https://packages.debian.org/src:firefox-esr
134: https://www.debian.org/security/2024/dsa-5741
135: https://packages.debian.org/src:chromium
136: https://www.debian.org/security/2024/dsa-5743
137: https://packages.debian.org/src:roundcube
138: https://www.debian.org/security/2024/dsa-5745
139: https://packages.debian.org/src:postgresql-15
140: https://www.debian.org/security/2024/dsa-5748
141: https://packages.debian.org/src:ffmpeg
142: https://www.debian.org/security/2024/dsa-5749
143: https://packages.debian.org/src:bubblewrap
144: https://www.debian.org/security/2024/dsa-5749
145: https://packages.debian.org/src:flatpak
146: https://www.debian.org/security/2024/dsa-5750
147: https://packages.debian.org/src:python-asyncssh
148: https://www.debian.org/security/2024/dsa-5751
149: https://packages.debian.org/src:squid
150: https://www.debian.org/security/2024/dsa-5752
151: https://packages.debian.org/src:dovecot
152: https://www.debian.org/security/2024/dsa-5753
153: https://packages.debian.org/src:aom
154: https://www.debian.org/security/2024/dsa-5754
155: https://packages.debian.org/src:cinder
156: https://www.debian.org/security/2024/dsa-5755
157: https://packages.debian.org/src:glance
158: https://www.debian.org/security/2024/dsa-5756
159: https://packages.debian.org/src:nova
160: https://www.debian.org/security/2024/dsa-5757
161: https://packages.debian.org/src:chromium
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+-----------------+
| Package | Reason |
+----------------------+-----------------+
| bcachefs-tools [162] | Buggy; obsolete |
| | |
+----------------------+-----------------+
162: https://packages.debian.org/src:bcachefs-tools
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 12: 12.7 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/20240831
------------------------------------------------------------------------
The Debian project is pleased to announce the seventh update of its
stable distribution Debian 12 (codename "bookworm"). This point release
mainly adds corrections for security issues, along with a few
adjustments for serious problems. Security advisories have already been
published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 12.7) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New upstream stable release; fix key |
| | leakage issue [CVE-2023-4237] |
| | |
| ansible-core [3] | New upstream stable release; fix |
| | information disclosure issue [CVE-2024- |
| | 0690]; fix template injection issue |
| | [CVE-2023-5764]; fix path traversal |
| | issue [CVE-2023-5115] |
| | |
| apache2 [4] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [5] | Update for the point release |
| | |
| cacti [6] | Fix remote code execution issues |
| | [CVE-2024-25641 CVE-2024-31459], cross |
| | site scripting issues [CVE-2024-29894 |
| | CVE-2024-31443 CVE-2024-31444], SQL |
| | injection issues [CVE-2024-31445 |
| | CVE-2024-31458 CVE-2024-31460], "type |
| | juggling" issue [CVE-2024-34340]; fix |
| | autopkgtest failure |
| | |
| calamares-settings- | Fix Xfce launcher permission issue |
| debian [7] | |
| | |
| calibre [8] | Fix remote code execution issue |
| | [CVE-2024-6782, cross site scripting |
| | issue [CVE-2024-7008], SQL injection |
| | issue [CVE-2024-7009] |
| | |
| choose-mirror [9] | Update list of available mirrors |
| | |
| cockpit [10] | Fix denial of service issue [CVE-2024- |
| | 6126] |
| | |
| cups [11] | Fix issues with domain socket handling |
| | [CVE-2024-35235] |
| | |
| curl [12] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| cyrus-imapd [13] | Fix regression introduced in CVE-2024- |
| | 34055 fix |
| | |
| dcm2niix [14] | Fix potential code execution issue |
| | [CVE-2024-27629] |
| | |
| debian-installer [15] | Increase Linux kernel ABI to 6.1.0-25; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [16] | |
| | |
| dmitry [17] | Security fixes [CVE-2024-31837 CVE-2020- |
| | 14931 CVE-2017-7938] |
| | |
| dropbear [18] | Fix "noremotetcp" behaviour of |
| | keepalive packets in combination with |
| | the "no-port-forwarding" |
| | authorized_keys(5) restriction |
| | |
| gettext.js [19] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glibc [20] | Fix freeing uninitialized memory in |
| | libc_freeres_fn(); fix several |
| | performance issues and possible crashses |
| | |
| glogic [21] | Require Gtk 3.0 and PangoCairo 1.0 |
| | |
| graphviz [22] | Fix broken scale |
| | |
| gtk+2.0 [23] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| gtk+3.0 [24] | Avoid looking for modules in the current |
| | working directory [CVE-2024-6655] |
| | |
| imagemagick [25] | Fix segmentation fault issue; fix |
| | incomplete fix for CVE-2023-34151 |
| | |
| initramfs-tools [26] | hook_functions: Fix copy_file with |
| | source including a directory symlink; |
| | hook-functions: copy_file: Canonicalise |
| | target filename; install hid-multitouch |
| | module for Surface Pro 4 Keyboard; add |
| | hyper-keyboard module, needed to enter |
| | LUKS password in Hyper-V; |
| | auto_add_modules: Add onboard_usb_hub, |
| | onboard_usb_dev |
| | |
| intel-microcode [27] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024- |
| | 24853 CVE-2024-24980 CVE-2024-25939] |
| | |
| ipmitool [28] | Add missing enterprise-numbers.txt file |
| | |
| libapache2-mod-auth- | Avoid crash when the Forwarded header is |
| openidc [29] | not present but OIDCXForwardedHeaders is |
| | configured for it |
| | |
| libnvme [30] | Fix buffer overflow during scanning |
| | devices that do not support sub-4k reads |
| | |
| libvirt [31] | birsh: Make domif-setlink work more than |
| | once; qemu: domain: Fix logic when |
| | tainting domain; fix denial of service |
| | issues [CVE-2023-3750 CVE-2024-1441 |
| | CVE-2024-2494 CVE-2024-2496] |
| | |
| linux [32] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-amd64 [33] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-arm64 [34] | New upstream release; bump ABI to 25 |
| | |
| linux-signed-i386 [35] | New upstream release; bump ABI to 25 |
| | |
| newlib [36] | Fix buffer overflow issue [CVE-2021- |
| | 3420] |
| | |
| numpy [37] | Conflict with python-numpy |
| | |
| openssl [38] | New upstream stable release; fix denial |
| | of service issues [CVE-2024-2511 |
| | CVE-2024-4603]; fix use after free issue |
| | [CVE-2024-4741] |
| | |
| poe.app [39] | Make comment cells editable; fix drawing |
| | when an NSActionCell in the preferences |
| | is acted on to change state |
| | |
| putty [40] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| qemu [41] | New upstream stable release; fix denial |
| | of service issue [CVE-2024-4467] |
| | |
| riemann-c-client [42] | Prevent malformed payload in GnuTLS |
| | send/receive operations |
| | |
| rustc-web [43] | New upstream stable release, to support |
| | building new chromium and firefox-esr |
| | versions |
| | |
| shim [44] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [46] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [47] | |
| | |
| shim-signed [48] | New upstream stable release |
| | |
| systemd [49] | New upstream stable release; update hwdb |
| | |
| usb.ids [50] | Update included data list |
| | |
| xmedcon [51] | Fix buffer overflow issue [CVE-2024- |
| | 29421] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:ansible-core
4: https://packages.debian.org/src:apache2
5: https://packages.debian.org/src:base-files
6: https://packages.debian.org/src:cacti
7: https://packages.debian.org/src:calamares-settings-debian
8: https://packages.debian.org/src:calibre
9: https://packages.debian.org/src:choose-mirror
10: https://packages.debian.org/src:cockpit
11: https://packages.debian.org/src:cups
12: https://packages.debian.org/src:curl
13: https://packages.debian.org/src:cyrus-imapd
14: https://packages.debian.org/src:dcm2niix
15: https://packages.debian.org/src:debian-installer
16: https://packages.debian.org/src:debian-installer-netboot-images
17: https://packages.debian.org/src:dmitry
18: https://packages.debian.org/src:dropbear
19: https://packages.debian.org/src:gettext.js
20: https://packages.debian.org/src:glibc
21: https://packages.debian.org/src:glogic
22: https://packages.debian.org/src:graphviz
23: https://packages.debian.org/src:gtk+2.0
24: https://packages.debian.org/src:gtk+3.0
25: https://packages.debian.org/src:imagemagick
26: https://packages.debian.org/src:initramfs-tools
27: https://packages.debian.org/src:intel-microcode
28: https://packages.debian.org/src:ipmitool
29: https://packages.debian.org/src:libapache2-mod-auth-openidc
30: https://packages.debian.org/src:libnvme
31: https://packages.debian.org/src:libvirt
32: https://packages.debian.org/src:linux
33: https://packages.debian.org/src:linux-signed-amd64
34: https://packages.debian.org/src:linux-signed-arm64
35: https://packages.debian.org/src:linux-signed-i386
36: https://packages.debian.org/src:newlib
37: https://packages.debian.org/src:numpy
38: https://packages.debian.org/src:openssl
39: https://packages.debian.org/src:poe.app
40: https://packages.debian.org/src:putty
41: https://packages.debian.org/src:qemu
42: https://packages.debian.org/src:riemann-c-client
43: https://packages.debian.org/src:rustc-web
44: https://packages.debian.org/src:shim
45: https://packages.debian.org/src:shim-helpers-amd64-signed
46: https://packages.debian.org/src:shim-helpers-arm64-signed
47: https://packages.debian.org/src:shim-helpers-i386-signed
48: https://packages.debian.org/src:shim-signed
49: https://packages.debian.org/src:systemd
50: https://packages.debian.org/src:usb.ids
51: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5617 [52] | chromium [53] |
| | |
| DSA-5629 [54] | chromium [55] |
| | |
| DSA-5634 [56] | chromium [57] |
| | |
| DSA-5636 [58] | chromium [59] |
| | |
| DSA-5639 [60] | chromium [61] |
| | |
| DSA-5648 [62] | chromium [63] |
| | |
| DSA-5654 [64] | chromium [65] |
| | |
| DSA-5656 [66] | chromium [67] |
| | |
| DSA-5668 [68] | chromium [69] |
| | |
| DSA-5675 [70] | chromium [71] |
| | |
| DSA-5676 [72] | chromium [73] |
| | |
| DSA-5683 [74] | chromium [75] |
| | |
| DSA-5687 [76] | chromium [77] |
| | |
| DSA-5689 [78] | chromium [79] |
| | |
| DSA-5694 [80] | chromium [81] |
| | |
| DSA-5696 [82] | chromium [83] |
| | |
| DSA-5697 [84] | chromium [85] |
| | |
| DSA-5701 [86] | chromium [87] |
| | |
| DSA-5710 [88] | chromium [89] |
| | |
| DSA-5716 [90] | chromium [91] |
| | |
| DSA-5719 [92] | emacs [93] |
| | |
| DSA-5720 [94] | chromium [95] |
| | |
| DSA-5722 [96] | libvpx [97] |
| | |
| DSA-5723 [98] | plasma-workspace [99] |
| | |
| DSA-5724 [100] | openssh [101] |
| | |
| DSA-5725 [102] | znc [103] |
| | |
| DSA-5726 [104] | krb5 [105] |
| | |
| DSA-5727 [106] | firefox-esr [107] |
| | |
| DSA-5728 [108] | exim4 [109] |
| | |
| DSA-5729 [110] | apache2 [111] |
| | |
| DSA-5731 [112] | linux-signed-amd64 [113] |
| | |
| DSA-5731 [114] | linux-signed-arm64 [115] |
| | |
| DSA-5731 [116] | linux-signed-i386 [117] |
| | |
| DSA-5731 [118] | linux [119] |
| | |
| DSA-5732 [120] | chromium [121] |
| | |
| DSA-5734 [122] | bind9 [123] |
| | |
| DSA-5735 [124] | chromium [125] |
| | |
| DSA-5737 [126] | libreoffice [127] |
| | |
| DSA-5738 [128] | openjdk-17 [129] |
| | |
| DSA-5739 [130] | wpa [131] |
| | |
| DSA-5740 [132] | firefox-esr [133] |
| | |
| DSA-5741 [134] | chromium [135] |
| | |
| DSA-5743 [136] | roundcube [137] |
| | |
| DSA-5745 [138] | postgresql-15 [139] |
| | |
| DSA-5748 [140] | ffmpeg [141] |
| | |
| DSA-5749 [142] | bubblewrap [143] |
| | |
| DSA-5749 [144] | flatpak [145] |
| | |
| DSA-5750 [146] | python-asyncssh [147] |
| | |
| DSA-5751 [148] | squid [149] |
| | |
| DSA-5752 [150] | dovecot [151] |
| | |
| DSA-5753 [152] | aom [153] |
| | |
| DSA-5754 [154] | cinder [155] |
| | |
| DSA-5755 [156] | glance [157] |
| | |
| DSA-5756 [158] | nova [159] |
| | |
| DSA-5757 [160] | chromium [161] |
| | |
+----------------+--------------------------+
52: https://www.debian.org/security/2024/dsa-5617
53: https://packages.debian.org/src:chromium
54: https://www.debian.org/security/2024/dsa-5629
55: https://packages.debian.org/src:chromium
56: https://www.debian.org/security/2024/dsa-5634
57: https://packages.debian.org/src:chromium
58: https://www.debian.org/security/2024/dsa-5636
59: https://packages.debian.org/src:chromium
60: https://www.debian.org/security/2024/dsa-5639
61: https://packages.debian.org/src:chromium
62: https://www.debian.org/security/2024/dsa-5648
63: https://packages.debian.org/src:chromium
64: https://www.debian.org/security/2024/dsa-5654
65: https://packages.debian.org/src:chromium
66: https://www.debian.org/security/2024/dsa-5656
67: https://packages.debian.org/src:chromium
68: https://www.debian.org/security/2024/dsa-5668
69: https://packages.debian.org/src:chromium
70: https://www.debian.org/security/2024/dsa-5675
71: https://packages.debian.org/src:chromium
72: https://www.debian.org/security/2024/dsa-5676
73: https://packages.debian.org/src:chromium
74: https://www.debian.org/security/2024/dsa-5683
75: https://packages.debian.org/src:chromium
76: https://www.debian.org/security/2024/dsa-5687
77: https://packages.debian.org/src:chromium
78: https://www.debian.org/security/2024/dsa-5689
79: https://packages.debian.org/src:chromium
80: https://www.debian.org/security/2024/dsa-5694
81: https://packages.debian.org/src:chromium
82: https://www.debian.org/security/2024/dsa-5696
83: https://packages.debian.org/src:chromium
84: https://www.debian.org/security/2024/dsa-5697
85: https://packages.debian.org/src:chromium
86: https://www.debian.org/security/2024/dsa-5701
87: https://packages.debian.org/src:chromium
88: https://www.debian.org/security/2024/dsa-5710
89: https://packages.debian.org/src:chromium
90: https://www.debian.org/security/2024/dsa-5716
91: https://packages.debian.org/src:chromium
92: https://www.debian.org/security/2024/dsa-5719
93: https://packages.debian.org/src:emacs
94: https://www.debian.org/security/2024/dsa-5720
95: https://packages.debian.org/src:chromium
96: https://www.debian.org/security/2024/dsa-5722
97: https://packages.debian.org/src:libvpx
98: https://www.debian.org/security/2024/dsa-5723
99: https://packages.debian.org/src:plasma-workspace
100: https://www.debian.org/security/2024/dsa-5724
101: https://packages.debian.org/src:openssh
102: https://www.debian.org/security/2024/dsa-5725
103: https://packages.debian.org/src:znc
104: https://www.debian.org/security/2024/dsa-5726
105: https://packages.debian.org/src:krb5
106: https://www.debian.org/security/2024/dsa-5727
107: https://packages.debian.org/src:firefox-esr
108: https://www.debian.org/security/2024/dsa-5728
109: https://packages.debian.org/src:exim4
110: https://www.debian.org/security/2024/dsa-5729
111: https://packages.debian.org/src:apache2
112: https://www.debian.org/security/2024/dsa-5731
113: https://packages.debian.org/src:linux-signed-amd64
114: https://www.debian.org/security/2024/dsa-5731
115: https://packages.debian.org/src:linux-signed-arm64
116: https://www.debian.org/security/2024/dsa-5731
117: https://packages.debian.org/src:linux-signed-i386
118: https://www.debian.org/security/2024/dsa-5731
119: https://packages.debian.org/src:linux
120: https://www.debian.org/security/2024/dsa-5732
121: https://packages.debian.org/src:chromium
122: https://www.debian.org/security/2024/dsa-5734
123: https://packages.debian.org/src:bind9
124: https://www.debian.org/security/2024/dsa-5735
125: https://packages.debian.org/src:chromium
126: https://www.debian.org/security/2024/dsa-5737
127: https://packages.debian.org/src:libreoffice
128: https://www.debian.org/security/2024/dsa-5738
129: https://packages.debian.org/src:openjdk-17
130: https://www.debian.org/security/2024/dsa-5739
131: https://packages.debian.org/src:wpa
132: https://www.debian.org/security/2024/dsa-5740
133: https://packages.debian.org/src:firefox-esr
134: https://www.debian.org/security/2024/dsa-5741
135: https://packages.debian.org/src:chromium
136: https://www.debian.org/security/2024/dsa-5743
137: https://packages.debian.org/src:roundcube
138: https://www.debian.org/security/2024/dsa-5745
139: https://packages.debian.org/src:postgresql-15
140: https://www.debian.org/security/2024/dsa-5748
141: https://packages.debian.org/src:ffmpeg
142: https://www.debian.org/security/2024/dsa-5749
143: https://packages.debian.org/src:bubblewrap
144: https://www.debian.org/security/2024/dsa-5749
145: https://packages.debian.org/src:flatpak
146: https://www.debian.org/security/2024/dsa-5750
147: https://packages.debian.org/src:python-asyncssh
148: https://www.debian.org/security/2024/dsa-5751
149: https://packages.debian.org/src:squid
150: https://www.debian.org/security/2024/dsa-5752
151: https://packages.debian.org/src:dovecot
152: https://www.debian.org/security/2024/dsa-5753
153: https://packages.debian.org/src:aom
154: https://www.debian.org/security/2024/dsa-5754
155: https://packages.debian.org/src:cinder
156: https://www.debian.org/security/2024/dsa-5755
157: https://packages.debian.org/src:glance
158: https://www.debian.org/security/2024/dsa-5756
159: https://packages.debian.org/src:nova
160: https://www.debian.org/security/2024/dsa-5757
161: https://packages.debian.org/src:chromium
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+-----------------+
| Package | Reason |
+----------------------+-----------------+
| bcachefs-tools [162] | Buggy; obsolete |
| | |
+----------------------+-----------------+
162: https://packages.debian.org/src:bcachefs-tools
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Updated Debian 11: 11.11 released
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 11: 11.11 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/2024083102
------------------------------------------------------------------------
The Debian project is pleased to announce the eleventh and final update
of its oldstable distribution Debian 11 (codename "bullseye"). This
point release mainly adds corrections for security issues, along with a
few adjustments for serious problems. Security advisories have already
been published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 11.11) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+----------------------+------------------------------------------------+
| Package | Reason |
+----------------------+------------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New usptream stable release; fix template |
| | injection issue [CVE-2021-3583], information |
| | disclosure issue [CVE-2021-3620], file |
| | overwrite issue [CVE-2023-5115], template |
| | injection issue [CVE-2023-5764], information |
| | disclosure issues [CVE-2024-0690 CVE-2022- |
| | 3697]; document workaround for ec2 private key |
| | leak [CVE-2023-4237] |
| | |
| apache2 [3] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [4] | Update for the point release |
| | |
| bind9 [5] | Allow the limits introduced to fix CVE-2024- |
| | 1737 to be configured |
| | |
| calibre [6] | Fix cross site scripting issue [CVE-2024- |
| | 7008], SQL injection issue [CVE-2024-7009] |
| | |
| choose-mirror [7] | Update list of available mirrors |
| | |
| cjson [8] | Add NULL checks to cJSON_SetValuestring and |
| | cJSON_InsertItemInArray [CVE-2023-50472 |
| | CVE-2023-50471 CVE-2024-31755] |
| | |
| cups [9] | Fix issues with domain socket handling |
| | [CVE-2024-35235]; fix regression when domain |
| | sockets only are used |
| | |
| curl [10] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| debian- | Increase Linux kernel ABI to 5.10.0-32; |
| installer [11] | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [12] | |
| | |
| dropbear [13] | Fix "noremotetcp" behaviour of keepalive |
| | packets in combination with the "no-port- |
| | forwarding" authorized_keys(5) restriction |
| | |
| fusiondirectory [14] | Backport compatibility with php-cas version |
| | addressing CVE 2022-39369; fix improper |
| | session handling issue [CVE-2022-36179]; fix |
| | cross site scripting issue [CVE-2022-36180] |
| | |
| gettext.js [15] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glewlwyd [16] | Fix buffer overflow during webauthn signature |
| | assertion [CVE-2022-27240]; prevent directory |
| | traversal in |
| | static_compressed_inmemory_website_callback.c |
| | [CVE-2022-29967]; copy bootstrap, jquery, |
| | fork-awesome instead of linking them; buffer |
| | overflow during FIDO2 signature validation |
| | [CVE-2023-49208] |
| | |
| glibc [17] | Fix ffsll() performance issue depending on |
| | code alignment; performance improvements for |
| | memcpy() on arm64; fix y2038 regression in |
| | nscd following CVE-2024-33601 and CVE-2024- |
| | 33602 fix |
| | |
| graphviz [18] | Fix broken scaling |
| | |
| gtk+2.0 [19] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| gtk+3.0 [20] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| healpix-java [21] | Fix build failure |
| | |
| imagemagick [22] | Fix divide by zero issues [CVE-2021-20312 |
| | CVE-2021-20313]; fix incomplete fix for |
| | CVE-2023-34151 |
| | |
| indent [23] | Reinstate ROUND_UP macro and adjust the |
| | initial buffer size to fix memory handling |
| | problems; fix out-of-buffer read in |
| | search_brace()/lexi(); fix heap buffer |
| | overwrite in search_brace() [CVE-2023-40305]; |
| | heap buffer underread in set_buf_break() |
| | [CVE-2024-0911] |
| | |
| intel-microcode [24] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 |
| | CVE-2024-24980 CVE-2024-25939] |
| | |
| libvirt [25] | Fix sVirt confinement issue [CVE-2021-3631], |
| | use after free issue [CVE-2021-3975], denial |
| | of service issues [CVE-2021-3667 CVE-2021-4147 |
| | CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 |
| | CVE-2024-2496] |
| | |
| midge [26] | Exclude examples/covers/* for DFSG-compliance; |
| | add build-arch/build-indep build targets; use |
| | quilt (3.0) source package format |
| | |
| mlpost [27] | Fix build failure with newer ImageMagick |
| | versions |
| | |
| net-tools [28] | Drop build-dependency on libdnet-dev |
| | |
| nfs-utils [29] | Pass all valid export flags to nfsd |
| | |
| ntfs-3g [30] | Fix use-after-free in |
| | "ntfs_uppercase_mbs" [CVE-2023-52890] |
| | |
| nvidia-graphics- | Fix use of GPL-only symbols causing build |
| drivers- | failures |
| tesla-418 [31] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-450 [32] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-460 [33] | |
| | |
| ocsinventory- | Backport compatibility with php-cas version |
| server [34] | addressing CVE 2022-39369 |
| | |
| onionshare [35] | Demote obfs4proxy dependency to Recommends, to |
| | allow removal of obfs4proxy |
| | |
| php-cas [36] | Fix Service Hostname Discovery Exploitation |
| | issue [CVE-2022-39369] |
| | |
| poe.app [37] | Make comment cells editable; fix drawing when |
| | an NSActionCell in the preferences is acted on |
| | to change state |
| | |
| putty [38] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| riemann-c- | Prevent malformed payload in GnuTLS send/ |
| client [39] | receive operations |
| | |
| runc [40] | Fix busybox tarball url; prevent buffer |
| | overflow writing netlink messages [CVE-2021- |
| | 43784]; fix tests on newer kernels; prevent |
| | write access to user-owned cgroup hierarchy |
| | "/sys/fs/cgroup/user.slice/..." [CVE-2023- |
| | 25809]; fix access control regression |
| | [CVE-2023-27561 CVE-2023-28642] |
| | |
| rustc-web [41] | New upstream stable release, to support |
| | building new chromium and firefox-esr versions |
| | |
| shim [42] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [43] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [44] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-signed [46] | New upstream stable release |
| | |
| symfony [47] | Fix autoloading of HttpClient |
| | |
| trinity [48] | Fix build failure by dropping support for |
| | DECNET |
| | |
| usb.ids [49] | Update included data list |
| | |
| xmedcon [50] | Fix heap overflow [CVE-2024-29421] |
| | |
+----------------------+------------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bind9
6: https://packages.debian.org/src:calibre
7: https://packages.debian.org/src:choose-mirror
8: https://packages.debian.org/src:cjson
9: https://packages.debian.org/src:cups
10: https://packages.debian.org/src:curl
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:dropbear
14: https://packages.debian.org/src:fusiondirectory
15: https://packages.debian.org/src:gettext.js
16: https://packages.debian.org/src:glewlwyd
17: https://packages.debian.org/src:glibc
18: https://packages.debian.org/src:graphviz
19: https://packages.debian.org/src:gtk+2.0
20: https://packages.debian.org/src:gtk+3.0
21: https://packages.debian.org/src:healpix-java
22: https://packages.debian.org/src:imagemagick
23: https://packages.debian.org/src:indent
24: https://packages.debian.org/src:intel-microcode
25: https://packages.debian.org/src:libvirt
26: https://packages.debian.org/src:midge
27: https://packages.debian.org/src:mlpost
28: https://packages.debian.org/src:net-tools
29: https://packages.debian.org/src:nfs-utils
30: https://packages.debian.org/src:ntfs-3g
31: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-418
32: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
33: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-460
34: https://packages.debian.org/src:ocsinventory-server
35: https://packages.debian.org/src:onionshare
36: https://packages.debian.org/src:php-cas
37: https://packages.debian.org/src:poe.app
38: https://packages.debian.org/src:putty
39: https://packages.debian.org/src:riemann-c-client
40: https://packages.debian.org/src:runc
41: https://packages.debian.org/src:rustc-web
42: https://packages.debian.org/src:shim
43: https://packages.debian.org/src:shim-helpers-amd64-signed
44: https://packages.debian.org/src:shim-helpers-arm64-signed
45: https://packages.debian.org/src:shim-helpers-i386-signed
46: https://packages.debian.org/src:shim-signed
47: https://packages.debian.org/src:symfony
48: https://packages.debian.org/src:trinity
49: https://packages.debian.org/src:usb.ids
50: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5718 [51] | org-mode [52] |
| | |
| DSA-5719 [53] | emacs [54] |
| | |
| DSA-5721 [55] | ffmpeg [56] |
| | |
| DSA-5722 [57] | libvpx [58] |
| | |
| DSA-5723 [59] | plasma-workspace [60] |
| | |
| DSA-5725 [61] | znc [62] |
| | |
| DSA-5726 [63] | krb5 [64] |
| | |
| DSA-5727 [65] | firefox-esr [66] |
| | |
| DSA-5728 [67] | exim4 [68] |
| | |
| DSA-5729 [69] | apache2 [70] |
| | |
| DSA-5730 [71] | linux-signed-amd64 [72] |
| | |
| DSA-5730 [73] | linux-signed-arm64 [74] |
| | |
| DSA-5730 [75] | linux-signed-i386 [76] |
| | |
| DSA-5730 [77] | linux [78] |
| | |
| DSA-5734 [79] | bind9 [80] |
| | |
| DSA-5736 [81] | openjdk-11 [82] |
| | |
| DSA-5737 [83] | libreoffice [84] |
| | |
| DSA-5738 [85] | openjdk-17 [86] |
| | |
| DSA-5739 [87] | wpa [88] |
| | |
| DSA-5740 [89] | firefox-esr [90] |
| | |
| DSA-5742 [91] | odoo [92] |
| | |
| DSA-5743 [93] | roundcube [94] |
| | |
| DSA-5746 [95] | postgresql-13 [96] |
| | |
| DSA-5747 [97] | linux-signed-amd64 [98] |
| | |
| DSA-5747 [99] | linux-signed-arm64 [100] |
| | |
| DSA-5747 [101] | linux-signed-i386 [102] |
| | |
| DSA-5747 [103] | linux [104] |
| | |
+----------------+--------------------------+
51: https://www.debian.org/security/2024/dsa-5718
52: https://packages.debian.org/src:org-mode
53: https://www.debian.org/security/2024/dsa-5719
54: https://packages.debian.org/src:emacs
55: https://www.debian.org/security/2024/dsa-5721
56: https://packages.debian.org/src:ffmpeg
57: https://www.debian.org/security/2024/dsa-5722
58: https://packages.debian.org/src:libvpx
59: https://www.debian.org/security/2024/dsa-5723
60: https://packages.debian.org/src:plasma-workspace
61: https://www.debian.org/security/2024/dsa-5725
62: https://packages.debian.org/src:znc
63: https://www.debian.org/security/2024/dsa-5726
64: https://packages.debian.org/src:krb5
65: https://www.debian.org/security/2024/dsa-5727
66: https://packages.debian.org/src:firefox-esr
67: https://www.debian.org/security/2024/dsa-5728
68: https://packages.debian.org/src:exim4
69: https://www.debian.org/security/2024/dsa-5729
70: https://packages.debian.org/src:apache2
71: https://www.debian.org/security/2024/dsa-5730
72: https://packages.debian.org/src:linux-signed-amd64
73: https://www.debian.org/security/2024/dsa-5730
74: https://packages.debian.org/src:linux-signed-arm64
75: https://www.debian.org/security/2024/dsa-5730
76: https://packages.debian.org/src:linux-signed-i386
77: https://www.debian.org/security/2024/dsa-5730
78: https://packages.debian.org/src:linux
79: https://www.debian.org/security/2024/dsa-5734
80: https://packages.debian.org/src:bind9
81: https://www.debian.org/security/2024/dsa-5736
82: https://packages.debian.org/src:openjdk-11
83: https://www.debian.org/security/2024/dsa-5737
84: https://packages.debian.org/src:libreoffice
85: https://www.debian.org/security/2024/dsa-5738
86: https://packages.debian.org/src:openjdk-17
87: https://www.debian.org/security/2024/dsa-5739
88: https://packages.debian.org/src:wpa
89: https://www.debian.org/security/2024/dsa-5740
90: https://packages.debian.org/src:firefox-esr
91: https://www.debian.org/security/2024/dsa-5742
92: https://packages.debian.org/src:odoo
93: https://www.debian.org/security/2024/dsa-5743
94: https://packages.debian.org/src:roundcube
95: https://www.debian.org/security/2024/dsa-5746
96: https://packages.debian.org/src:postgresql-13
97: https://www.debian.org/security/2024/dsa-5747
98: https://packages.debian.org/src:linux-signed-amd64
99: https://www.debian.org/security/2024/dsa-5747
100: https://packages.debian.org/src:linux-signed-arm64
101: https://www.debian.org/security/2024/dsa-5747
102: https://packages.debian.org/src:linux-signed-i386
103: https://www.debian.org/security/2024/dsa-5747
104: https://packages.debian.org/src:linux
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+---------------------------------+
| Package | Reason |
+----------------------+---------------------------------+
| bcachefs-tools [105] | Buggy, obsolete |
| | |
| dnprogs [106] | Buggy, obsolete |
| | |
| iotjs [107] | Unmaintained, security concerns |
| | |
| obfs4proxy [108] | Security issues |
| | |
+----------------------+---------------------------------+
105: https://packages.debian.org/src:bcachefs-tools
106: https://packages.debian.org/src:dnprogs
107: https://packages.debian.org/src:iotjs
108: https://packages.debian.org/src:obfs4proxy
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
The Debian Project https://www.debian.org/
Updated Debian 11: 11.11 released press@debian.org
August 31st, 2024 https://www.debian.org/News/2024/2024083102
------------------------------------------------------------------------
The Debian project is pleased to announce the eleventh and final update
of its oldstable distribution Debian 11 (codename "bullseye"). This
point release mainly adds corrections for security issues, along with a
few adjustments for serious problems. Security advisories have already
been published separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 11 but only updates some of the packages included. There is no
need to throw away old "bullseye" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Secure Boot and other operating systems
---------------------------------------
Users who boot other operating systems on the same hardware, and who
have Secure Boot enabled, should be aware that shim 15.8 (included with
Debian 11.11) revokes signatures across older versions of shim in the
UEFI firmware. This may leave other operating systems using shim before
15.8 unable to boot.
Affected users can temporarily disable Secure Boot before updating other
operating systems.
Miscellaneous Bugfixes
----------------------
This oldstable update adds a few important corrections to the following
packages:
+----------------------+------------------------------------------------+
| Package | Reason |
+----------------------+------------------------------------------------+
| amd64-microcode [1] | New upstream release; security fixes |
| | [CVE-2023-31315]; SEV firmware fixes |
| | [CVE-2023-20584 CVE-2023-31356] |
| | |
| ansible [2] | New usptream stable release; fix template |
| | injection issue [CVE-2021-3583], information |
| | disclosure issue [CVE-2021-3620], file |
| | overwrite issue [CVE-2023-5115], template |
| | injection issue [CVE-2023-5764], information |
| | disclosure issues [CVE-2024-0690 CVE-2022- |
| | 3697]; document workaround for ec2 private key |
| | leak [CVE-2023-4237] |
| | |
| apache2 [3] | New upstream stable release; fix content |
| | disclosure issue [CVE-2024-40725] |
| | |
| base-files [4] | Update for the point release |
| | |
| bind9 [5] | Allow the limits introduced to fix CVE-2024- |
| | 1737 to be configured |
| | |
| calibre [6] | Fix cross site scripting issue [CVE-2024- |
| | 7008], SQL injection issue [CVE-2024-7009] |
| | |
| choose-mirror [7] | Update list of available mirrors |
| | |
| cjson [8] | Add NULL checks to cJSON_SetValuestring and |
| | cJSON_InsertItemInArray [CVE-2023-50472 |
| | CVE-2023-50471 CVE-2024-31755] |
| | |
| cups [9] | Fix issues with domain socket handling |
| | [CVE-2024-35235]; fix regression when domain |
| | sockets only are used |
| | |
| curl [10] | Fix ASN.1 date parser overread issue |
| | [CVE-2024-7264] |
| | |
| debian- | Increase Linux kernel ABI to 5.10.0-32; |
| installer [11] | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [12] | |
| | |
| dropbear [13] | Fix "noremotetcp" behaviour of keepalive |
| | packets in combination with the "no-port- |
| | forwarding" authorized_keys(5) restriction |
| | |
| fusiondirectory [14] | Backport compatibility with php-cas version |
| | addressing CVE 2022-39369; fix improper |
| | session handling issue [CVE-2022-36179]; fix |
| | cross site scripting issue [CVE-2022-36180] |
| | |
| gettext.js [15] | Fix server side request forgery issue |
| | [CVE-2024-43370] |
| | |
| glewlwyd [16] | Fix buffer overflow during webauthn signature |
| | assertion [CVE-2022-27240]; prevent directory |
| | traversal in |
| | static_compressed_inmemory_website_callback.c |
| | [CVE-2022-29967]; copy bootstrap, jquery, |
| | fork-awesome instead of linking them; buffer |
| | overflow during FIDO2 signature validation |
| | [CVE-2023-49208] |
| | |
| glibc [17] | Fix ffsll() performance issue depending on |
| | code alignment; performance improvements for |
| | memcpy() on arm64; fix y2038 regression in |
| | nscd following CVE-2024-33601 and CVE-2024- |
| | 33602 fix |
| | |
| graphviz [18] | Fix broken scaling |
| | |
| gtk+2.0 [19] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| gtk+3.0 [20] | Avoid looking for modules in current working |
| | directory [CVE-2024-6655] |
| | |
| healpix-java [21] | Fix build failure |
| | |
| imagemagick [22] | Fix divide by zero issues [CVE-2021-20312 |
| | CVE-2021-20313]; fix incomplete fix for |
| | CVE-2023-34151 |
| | |
| indent [23] | Reinstate ROUND_UP macro and adjust the |
| | initial buffer size to fix memory handling |
| | problems; fix out-of-buffer read in |
| | search_brace()/lexi(); fix heap buffer |
| | overwrite in search_brace() [CVE-2023-40305]; |
| | heap buffer underread in set_buf_break() |
| | [CVE-2024-0911] |
| | |
| intel-microcode [24] | New upstream release; security fixes |
| | [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 |
| | CVE-2024-24980 CVE-2024-25939] |
| | |
| libvirt [25] | Fix sVirt confinement issue [CVE-2021-3631], |
| | use after free issue [CVE-2021-3975], denial |
| | of service issues [CVE-2021-3667 CVE-2021-4147 |
| | CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 |
| | CVE-2024-2496] |
| | |
| midge [26] | Exclude examples/covers/* for DFSG-compliance; |
| | add build-arch/build-indep build targets; use |
| | quilt (3.0) source package format |
| | |
| mlpost [27] | Fix build failure with newer ImageMagick |
| | versions |
| | |
| net-tools [28] | Drop build-dependency on libdnet-dev |
| | |
| nfs-utils [29] | Pass all valid export flags to nfsd |
| | |
| ntfs-3g [30] | Fix use-after-free in |
| | "ntfs_uppercase_mbs" [CVE-2023-52890] |
| | |
| nvidia-graphics- | Fix use of GPL-only symbols causing build |
| drivers- | failures |
| tesla-418 [31] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-450 [32] | |
| | |
| nvidia-graphics- | New upstream stable release |
| drivers- | |
| tesla-460 [33] | |
| | |
| ocsinventory- | Backport compatibility with php-cas version |
| server [34] | addressing CVE 2022-39369 |
| | |
| onionshare [35] | Demote obfs4proxy dependency to Recommends, to |
| | allow removal of obfs4proxy |
| | |
| php-cas [36] | Fix Service Hostname Discovery Exploitation |
| | issue [CVE-2022-39369] |
| | |
| poe.app [37] | Make comment cells editable; fix drawing when |
| | an NSActionCell in the preferences is acted on |
| | to change state |
| | |
| putty [38] | Fix weak ECDSA nonce generation allowing |
| | secret key recovery [CVE-2024-31497] |
| | |
| riemann-c- | Prevent malformed payload in GnuTLS send/ |
| client [39] | receive operations |
| | |
| runc [40] | Fix busybox tarball url; prevent buffer |
| | overflow writing netlink messages [CVE-2021- |
| | 43784]; fix tests on newer kernels; prevent |
| | write access to user-owned cgroup hierarchy |
| | "/sys/fs/cgroup/user.slice/..." [CVE-2023- |
| | 25809]; fix access control regression |
| | [CVE-2023-27561 CVE-2023-28642] |
| | |
| rustc-web [41] | New upstream stable release, to support |
| | building new chromium and firefox-esr versions |
| | |
| shim [42] | New upstream release |
| | |
| shim-helpers-amd64- | Rebuild against shim 15.8.1 |
| signed [43] | |
| | |
| shim-helpers-arm64- | Rebuild against shim 15.8.1 |
| signed [44] | |
| | |
| shim-helpers-i386- | Rebuild against shim 15.8.1 |
| signed [45] | |
| | |
| shim-signed [46] | New upstream stable release |
| | |
| symfony [47] | Fix autoloading of HttpClient |
| | |
| trinity [48] | Fix build failure by dropping support for |
| | DECNET |
| | |
| usb.ids [49] | Update included data list |
| | |
| xmedcon [50] | Fix heap overflow [CVE-2024-29421] |
| | |
+----------------------+------------------------------------------------+
1: https://packages.debian.org/src:amd64-microcode
2: https://packages.debian.org/src:ansible
3: https://packages.debian.org/src:apache2
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bind9
6: https://packages.debian.org/src:calibre
7: https://packages.debian.org/src:choose-mirror
8: https://packages.debian.org/src:cjson
9: https://packages.debian.org/src:cups
10: https://packages.debian.org/src:curl
11: https://packages.debian.org/src:debian-installer
12: https://packages.debian.org/src:debian-installer-netboot-images
13: https://packages.debian.org/src:dropbear
14: https://packages.debian.org/src:fusiondirectory
15: https://packages.debian.org/src:gettext.js
16: https://packages.debian.org/src:glewlwyd
17: https://packages.debian.org/src:glibc
18: https://packages.debian.org/src:graphviz
19: https://packages.debian.org/src:gtk+2.0
20: https://packages.debian.org/src:gtk+3.0
21: https://packages.debian.org/src:healpix-java
22: https://packages.debian.org/src:imagemagick
23: https://packages.debian.org/src:indent
24: https://packages.debian.org/src:intel-microcode
25: https://packages.debian.org/src:libvirt
26: https://packages.debian.org/src:midge
27: https://packages.debian.org/src:mlpost
28: https://packages.debian.org/src:net-tools
29: https://packages.debian.org/src:nfs-utils
30: https://packages.debian.org/src:ntfs-3g
31: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-418
32: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-450
33: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-460
34: https://packages.debian.org/src:ocsinventory-server
35: https://packages.debian.org/src:onionshare
36: https://packages.debian.org/src:php-cas
37: https://packages.debian.org/src:poe.app
38: https://packages.debian.org/src:putty
39: https://packages.debian.org/src:riemann-c-client
40: https://packages.debian.org/src:runc
41: https://packages.debian.org/src:rustc-web
42: https://packages.debian.org/src:shim
43: https://packages.debian.org/src:shim-helpers-amd64-signed
44: https://packages.debian.org/src:shim-helpers-arm64-signed
45: https://packages.debian.org/src:shim-helpers-i386-signed
46: https://packages.debian.org/src:shim-signed
47: https://packages.debian.org/src:symfony
48: https://packages.debian.org/src:trinity
49: https://packages.debian.org/src:usb.ids
50: https://packages.debian.org/src:xmedcon
Security Updates
----------------
This revision adds the following security updates to the oldstable
release. The Security Team has already released an advisory for each of
these updates:
+----------------+--------------------------+
| Advisory ID | Package |
+----------------+--------------------------+
| DSA-5718 [51] | org-mode [52] |
| | |
| DSA-5719 [53] | emacs [54] |
| | |
| DSA-5721 [55] | ffmpeg [56] |
| | |
| DSA-5722 [57] | libvpx [58] |
| | |
| DSA-5723 [59] | plasma-workspace [60] |
| | |
| DSA-5725 [61] | znc [62] |
| | |
| DSA-5726 [63] | krb5 [64] |
| | |
| DSA-5727 [65] | firefox-esr [66] |
| | |
| DSA-5728 [67] | exim4 [68] |
| | |
| DSA-5729 [69] | apache2 [70] |
| | |
| DSA-5730 [71] | linux-signed-amd64 [72] |
| | |
| DSA-5730 [73] | linux-signed-arm64 [74] |
| | |
| DSA-5730 [75] | linux-signed-i386 [76] |
| | |
| DSA-5730 [77] | linux [78] |
| | |
| DSA-5734 [79] | bind9 [80] |
| | |
| DSA-5736 [81] | openjdk-11 [82] |
| | |
| DSA-5737 [83] | libreoffice [84] |
| | |
| DSA-5738 [85] | openjdk-17 [86] |
| | |
| DSA-5739 [87] | wpa [88] |
| | |
| DSA-5740 [89] | firefox-esr [90] |
| | |
| DSA-5742 [91] | odoo [92] |
| | |
| DSA-5743 [93] | roundcube [94] |
| | |
| DSA-5746 [95] | postgresql-13 [96] |
| | |
| DSA-5747 [97] | linux-signed-amd64 [98] |
| | |
| DSA-5747 [99] | linux-signed-arm64 [100] |
| | |
| DSA-5747 [101] | linux-signed-i386 [102] |
| | |
| DSA-5747 [103] | linux [104] |
| | |
+----------------+--------------------------+
51: https://www.debian.org/security/2024/dsa-5718
52: https://packages.debian.org/src:org-mode
53: https://www.debian.org/security/2024/dsa-5719
54: https://packages.debian.org/src:emacs
55: https://www.debian.org/security/2024/dsa-5721
56: https://packages.debian.org/src:ffmpeg
57: https://www.debian.org/security/2024/dsa-5722
58: https://packages.debian.org/src:libvpx
59: https://www.debian.org/security/2024/dsa-5723
60: https://packages.debian.org/src:plasma-workspace
61: https://www.debian.org/security/2024/dsa-5725
62: https://packages.debian.org/src:znc
63: https://www.debian.org/security/2024/dsa-5726
64: https://packages.debian.org/src:krb5
65: https://www.debian.org/security/2024/dsa-5727
66: https://packages.debian.org/src:firefox-esr
67: https://www.debian.org/security/2024/dsa-5728
68: https://packages.debian.org/src:exim4
69: https://www.debian.org/security/2024/dsa-5729
70: https://packages.debian.org/src:apache2
71: https://www.debian.org/security/2024/dsa-5730
72: https://packages.debian.org/src:linux-signed-amd64
73: https://www.debian.org/security/2024/dsa-5730
74: https://packages.debian.org/src:linux-signed-arm64
75: https://www.debian.org/security/2024/dsa-5730
76: https://packages.debian.org/src:linux-signed-i386
77: https://www.debian.org/security/2024/dsa-5730
78: https://packages.debian.org/src:linux
79: https://www.debian.org/security/2024/dsa-5734
80: https://packages.debian.org/src:bind9
81: https://www.debian.org/security/2024/dsa-5736
82: https://packages.debian.org/src:openjdk-11
83: https://www.debian.org/security/2024/dsa-5737
84: https://packages.debian.org/src:libreoffice
85: https://www.debian.org/security/2024/dsa-5738
86: https://packages.debian.org/src:openjdk-17
87: https://www.debian.org/security/2024/dsa-5739
88: https://packages.debian.org/src:wpa
89: https://www.debian.org/security/2024/dsa-5740
90: https://packages.debian.org/src:firefox-esr
91: https://www.debian.org/security/2024/dsa-5742
92: https://packages.debian.org/src:odoo
93: https://www.debian.org/security/2024/dsa-5743
94: https://packages.debian.org/src:roundcube
95: https://www.debian.org/security/2024/dsa-5746
96: https://packages.debian.org/src:postgresql-13
97: https://www.debian.org/security/2024/dsa-5747
98: https://packages.debian.org/src:linux-signed-amd64
99: https://www.debian.org/security/2024/dsa-5747
100: https://packages.debian.org/src:linux-signed-arm64
101: https://www.debian.org/security/2024/dsa-5747
102: https://packages.debian.org/src:linux-signed-i386
103: https://www.debian.org/security/2024/dsa-5747
104: https://packages.debian.org/src:linux
Removed packages
----------------
The following packages were removed due to circumstances beyond our
control:
+----------------------+---------------------------------+
| Package | Reason |
+----------------------+---------------------------------+
| bcachefs-tools [105] | Buggy, obsolete |
| | |
| dnprogs [106] | Buggy, obsolete |
| | |
| iotjs [107] | Unmaintained, security concerns |
| | |
| obfs4proxy [108] | Security issues |
| | |
+----------------------+---------------------------------+
105: https://packages.debian.org/src:bcachefs-tools
106: https://packages.debian.org/src:dnprogs
107: https://packages.debian.org/src:iotjs
108: https://packages.debian.org/src:obfs4proxy
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
oldstable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bullseye/ChangeLog
The current oldstable distribution:
https://deb.debian.org/debian/dists/oldstable/
Proposed updates to the oldstable distribution:
https://deb.debian.org/debian/dists/oldstable-proposed-updates
oldstable distribution information (release notes, errata etc.):
https://www.debian.org/releases/oldstable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Subscribe to:
Posts (Atom)