Lançado o Debian 10.13 Buster LTS


Esse é o 13º pacote de correções e atualizações de segurança do Debian 110 Buster, confira os detalhes. 

 Lançado o Debian 10.13 Buster LTS

O anúncio foi feito em 10 de Setembro de 2022.

"O projeto Debian tem o prazer de anunciar a décima terceira (e última) atualização de sua distribuição oldstable Debian 10 (codinome "buster"). Esta versão pontual adiciona principalmente correções para problemas de segurança, juntamente com alguns ajustes para problemas sérios. Os avisos de segurança já foram publicados separadamente e são referenciados quando disponíveis."

O Debian suporte de longo prazo (LTS - Long Term Support) é um projeto para estender a vida útil de todos os lançamentos estáveis do Debian para (pelo menos) 5 anos. O Debian LTS não é administrado pela equipe de segurança do Debian, mas por um grupo separado de voluntários(as) e empresas interessadas em torná-lo um sucesso.
Assim, a equipe do Debian LTS assume a manutenção de segurança de vários versões assim que a equipe de segurança Debian finaliza o seu trabalho.
A atual LTS é o Debian 9 “Stretch” que foi iniciado em 6 de Julho de 2020 e irá até 30 de Junho de 2022.

O Debian Buster tem suporte até Junho de 2024.




Correções de bugs


adminer Fix open redirect issue, cross-site scripting issues [CVE-2020-35572 CVE-2021-29625]; elasticsearch: Do not print response if HTTP code is not 200 [CVE-2021-21311]; provide a compiled version and configuration files apache2 Fix denial of service issue [CVE-2022-22719], HTTP request smuggling issue [CVE-2022-22720], integer overflow issue [CVE-2022-22721], out-of-bounds write issue [CVE-2022-23943], HTTP request smuggling issue [CVE-2022-26377], out-of-bounds read issues [CVE-2022-28614 CVE-2022-28615], denial of service issue [CVE-2022-29404], out-of-bounds read issue [CVE-2022-30556], possible IP-based authentication bypass issue [CVE-2022-31813] base-files Update for the 10.13 point release clamav New upstream stable release; security fixes [CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796] commons-daemon Fix JVM detection composer Fix code injection vulnerability [CVE-2022-24828]; update GitHub token pattern; use Authorization header instead of deprecated access_token query parameter debian-installer Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21 debian-installer-netboot-images Rebuild against buster-proposed-updates; increase Linux ABI to 4.19.0-21 debian-security-support Update security status of various packages debootstrap Ensure non-merged-usr chroots can continue to be created for older releases and buildd chroots distro-info-data Add Ubuntu 22.04 LTS, Jammy Jellyfish and Ubuntu 22.10, Kinetic Kudu dropbear Fix possible username enumeration issue [CVE-2019-12953] eboard Fix segfault on engine selection esorex Fix testsuite failures on armhf and ppc64el caused by incorrect libffi usage evemu Fix build failure with recent kernel versions feature-check Fix some version comparisons flac Fix out-of-bounds write issue [CVE-2021-0561] foxtrotgps Fix build failure with newer imagemagick versions freeradius Fix side-channel leak where 1 in 2048 handshakes fail [CVE-2019-13456], denial of service issue due to multithreaded BN_CTX access [CVE-2019-17185], crash due to non-thread safe memory allocation freetype Fix buffer overflow issue [CVE-2022-27404]; fix crashes [CVE-2022-27405 CVE-2022-27406] fribidi Fix buffer overflow issues [CVE-2022-25308 CVE-2022-25309]; fix crash [CVE-2022-25310] ftgl Don't try to convert PNG to EPS for latex, as our imagemagick has EPS disabled for security reasons gif2apng Fix heap-based buffer overflows [CVE-2021-45909 CVE-2021-45910 CVE-2021-45911] gnucash Fix build failure with recent tzdata gnutls28 Fix test suite when combined with OpenSSL 1.1.1e or newer golang-github-docker-go-connections Skip tests that use expired certificates golang-github-pkg-term Fix building on newer 4.19 kernels golang-github-russellhaering-goxmldsig Fix NULL pointer dereference issue [CVE-2020-7711] grub-efi-amd64-signed New upstream release grub-efi-arm64-signed New upstream release grub-efi-ia32-signed New upstream release grub2 New upstream release htmldoc Fix infinite loop [CVE-2022-24191], integer overflow issues [CVE-2022-27114] and heap buffer overflow issue [CVE-2022-28085] iptables-netflow Fix DKMS build failure regression caused by Linux upstream changes in the 4.19.191 kernel isync Fix buffer overflow issues [CVE-2021-3657] kannel Fix build failure by disabling generation of Postscript documentation krb5 Use SHA256 as Pkinit CMS Digest libapache2-mod-auth-openidc Improve validation of the post-logout URL parameter on logout [CVE-2019-14857] libdatetime-timezone-perl Update included data libhttp-cookiejar-perl Fix build failure by increasing the expiry date of a test cookie libnet-freedb-perl Change the default host from the defunct freedb.freedb.org to gnudb.gnudb.org libnet-ssleay-perl Fix test failures with OpenSSL 1.1.1n librose-db-object-perl Fix test failure after 6/6/2020 libvirt-php Fix segmentation fault in libvirt_node_get_cpu_stats llvm-toolchain-13 New source package to support building of newer firefox-esr and thunderbird versions minidlna Validate HTTP requests to protect against DNS rebinding attacks [CVE-2022-26505] mokutil New upstream version, to allow for SBAT management mutt Fix uudecode buffer overflow [CVE-2022-1328] node-ejs Sanitize options and new objects [CVE-2022-29078] node-end-of-stream Work around test bug node-minimist Fix prototype pollution issue [CVE-2021-44906] node-node-forge Fix signature verification issues [CVE-2022-24771 CVE-2022-24772 CVE-2022-24773] node-require-from-string Fix a test in conjunction with nodejs >= 10.16 nvidia-graphics-drivers New upstream release nvidia-graphics-drivers-legacy-390xx New upstream release; fix out-of-bound write issues [CVE-2022-28181 CVE-2022-28185]; security fixes [CVE-2022-31607 CVE-2022-31608 CVE-2022-31615] octavia Fix client certificate checks [CVE-2019-17134]; correctly detect that the agent is running on Debian; fix template that generates vrrp check script; add additional runtime dependencies; ship additional configuration directly in the agent package orca Fix use with WebKitGTK 2.36 pacemaker Update relationship versions to fix upgrades from stretch LTS pglogical Fix build failure php-guzzlehttp-psr7 Fix improper header parsing [CVE-2022-24775] postfix New upstream stable release; do not override user set default_transport; if-up.d: do not error out if postfix can't send mail yet; fix duplicate bounce_notice_recipient entries in postconf output postgresql-common pg_virtualenv: Write temporary password file before chowning the file postsrsd Fix potential denial of service issue when Postfix sends certain long data fields such as multiple concatenated email addresses [CVE-2021-35525] procmail Fix NULL pointer dereference publicsuffix Update included data python-keystoneauth1 Update tests to fix build failure python-scrapy Don't send authentication data with all requests [CVE-2021-41125]; don't expose cookies cross-domain when redirecting [CVE-2022-0577] python-udatetime Properly link against libm library qtbase-opensource-src Fix setTabOrder for compound widgets; add an expansion limit for XML entities [CVE-2015-9541] ruby-activeldap Add missing dependency on ruby-builder ruby-hiredis Skip some unreliable tests in order to fix build failure ruby-http-parser.rb Fix build failure when using http-parser containing the fix for CVE-2019-15605 ruby-riddle Allow use of "LOAD DATA LOCAL INFILE" sctk Use "pdftoppm" instead of "convert" to convert PDF to JPEG as the latter fails with the changed security policy of ImageMagick twisted Fix incorrect URI and HTTP method validation issue [CVE-2019-12387], incorrect certificate validation in XMPP support [CVE-2019-12855], HTTP/2 denial of service issues, HTTP request smuggling issues [CVE-2020-10108 CVE-2020-10109 CVE-2022-24801], information disclosure issue when following cross-domain redirects [CVE-2022-21712], denial of service issue during SSH handshake [CVE-2022-21716] tzdata Update timezone data for Iran, Chile and Palestine; update leap second list ublock-origin New upstream stable release unrar-nonfree Fix directory traversal issue [CVE-2022-30333] wireshark Fix remote code execution issue [CVE-2021-22191], denial of service issues [CVE-2021-4181 CVE-2021-4184 CVE-2021-4185 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586]

 

Correções de segurança

 

DSA-4836 openvswitch DSA-4852 openvswitch DSA-4906 chromium DSA-4911 chromium DSA-4917 chromium DSA-4981 firefox-esr DSA-5034 thunderbird DSA-5044 firefox-esr DSA-5045 thunderbird DSA-5069 firefox-esr DSA-5074 thunderbird DSA-5077 librecad DSA-5080 snapd DSA-5086 thunderbird DSA-5090 firefox-esr DSA-5094 thunderbird DSA-5097 firefox-esr DSA-5106 thunderbird DSA-5108 tiff DSA-5109 faad2 DSA-5111 zlib DSA-5113 firefox-esr DSA-5115 webkit2gtk DSA-5118 thunderbird DSA-5119 subversion DSA-5122 gzip DSA-5123 xz-utils DSA-5126 ffmpeg DSA-5129 firefox-esr DSA-5131 openjdk-11 DSA-5132 ecdsautils DSA-5135 postgresql-11 DSA-5137 needrestart DSA-5138 waitress DSA-5139 openssl DSA-5140 openldap DSA-5141 thunderbird DSA-5142 libxml2 DSA-5143 firefox-esr DSA-5144 condor DSA-5145 lrzip DSA-5147 dpkg DSA-5149 cups DSA-5150 rsyslog DSA-5151 smarty3 DSA-5152 spip DSA-5153 trafficserver DSA-5154 webkit2gtk DSA-5156 firefox-esr DSA-5157 cifs-utils DSA-5158 thunderbird DSA-5159 python-bottle DSA-5160 ntfs-3g DSA-5164 exo DSA-5165 vlc DSA-5167 firejail DSA-5169 openssl DSA-5171 squid DSA-5172 firefox-esr DSA-5173 linux-latest DSA-5173 linux-signed-amd64 DSA-5173 linux-signed-arm64 DSA-5173 linux-signed-i386 DSA-5173 linux DSA-5174 gnupg2 DSA-5175 thunderbird DSA-5176 blender DSA-5178 intel-microcode DSA-5181 request-tracker4 DSA-5182 webkit2gtk DSA-5185 mat2 DSA-5186 djangorestframework DSA-5188 openjdk-11 DSA-5189 gsasl DSA-5190 spip DSA-5193 firefox-esr DSA-5194 booth DSA-5195 thunderbird DSA-5196 libpgjava

Atualizar o sistema

Para atualizar o seu sistema atualize a lista de pacotes executando no terminal.

sudo apt update

Atualize o sistema.

sudo apt full-upgrade

Ao final confira a versão do seu Debian.

cat /etc/debian_version

 


 

Comentários

Você precisa ver isso

Todos os arquivos do blog

Mostrar mais