A comunidade Debian lança o sétimo pacote de correções do Debian 11 Bullseye
Debian 11.7 Bullseye é lançado
O
anúncio foi feito em 29 de abril de 2023.
"O projeto Debian tem o prazer de anunciar a sétima atualização de sua distribuição estável Debian 11 (codinome "bullseye"). Esta versão pontual adiciona principalmente correções para problemas de segurança, juntamente com alguns ajustes para problemas sérios. "
Correções de bugs.
Package Reason
akregator Fix validity checks, including fixing deletion of feeds and folders
apache2 Don't automatically enable apache2-doc.conf; fix regressions in http2 and mod_rewrite introduced in 2.4.56
at-spi2-core Set stop timeout to 5 seconds, so as not to needlessly block system shutdowns
avahi Fix local denial of service issue [CVE-2021-3468]
base-files Update for the 11.7 point release
c-ares Prevent stack overflow and denial of service [CVE-2022-4904]
clamav New upstream stable release; fix possible remote code execution issue in the HFS+ file parser [CVE-2023-20032], possible information leak in the DMG file parser [CVE-2023-20052]
command-not-found Add new non-free-firmware component, fixing upgrades to bookworm
containerd Fix denial of service issue [CVE-2023-25153]; fix possible privilege escalation via incorrect setup of supplementary groups [CVE-2023-25173]
crun Fix capability escalation issue due to containers being incorrectly started with non-empty default permissions [CVE-2022-27650]
cwltool Add missing dependency on python3-distutils
debian-archive-keyring Add bookworm keys; move stretch keys to the removed keyring
debian-installer Increase Linux kernel ABI to 5.10.0-22; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debian-ports-archive-keyring Extend the 2023 signing key's expiration by one year; add 2024 signing key; move 2022 signing key to the removed keyring
dpdk New upstream stable release
duktape Fix crash issue [CVE-2021-46322]
e2tools Fix build failure by adding build dependency on e2fsprogs
erlang Fix client authentication bypass issue [CVE-2022-37026]; use -O1 optimization for armel because -O2 makes erl segfault on certain platforms, e.g. Marvell
exiv2 Security fixes [CVE-2021-29458 CVE-2021-29463 CVE-2021-29464 CVE-2021-29470 CVE-2021-29473 CVE-2021-29623 CVE-2021-32815 CVE-2021-34334 CVE-2021-34335 CVE-2021-3482 CVE-2021-37615 CVE-2021-37616 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623]
flask-security Fix open redirect vulnerability [CVE-2021-23385]
flatpak New upstream stable release; escape special characters when displaying permissions and metadata [CVE-2023-28101]; don't allow copy/paste via the TIOCLINUX ioctl when running in a Linux virtual console [CVE-2023-28100]
galera-3 New upstream stable release
ghostscript Fix path for PostScript helper file in ps2epsi
glibc Fix memory leak in printf-family functions with long multibyte strings; fix crash in printf-family due to width/precision-dependent allocations; fix segfault in printf handling thousands separator; fix overflow in the AVX2 implementation of wcsnlen when crossing pages
golang-github-containers-common Fix parsing of DBUS_SESSION_BUS_ADDRESS
golang-github-containers-psgo Do not enter the process user namespace [CVE-2022-1227]
golang-github-containers-storage Make previously internal functions publicly accessible, required to allow fixing CVE-2022-1227 in other packages
golang-github-prometheus-exporter-toolkit Patch tests to avoid race condition; fix authentication cache poisoning issue [CVE-2022-46146]
grep Fix incorrect matching when the last of multiple patterns includes a backreference
gtk+3.0 Fix Wayland + EGL on GLES-only platforms
guix Fix build failure due to expired keys used in test suite
intel-microcode New upstream bug-fix release
isc-dhcp Fix IPv6 address lifetime handling
jersey1 Fix build failure with libjettison-java 1.5.3
joblib Fix arbitrary code execution issue [CVE-2022-21797]
lemonldap-ng Fix URL validation bypass issue; fix 2FA issue when using AuthBasic handler [CVE-2023-28862]
libapache2-mod-auth-openidc Fix open redirect issue [CVE-2022-23527]
libapreq2 Fix buffer overflow issue [CVE-2022-22728]
libdatetime-timezone-perl Update included data
libexplain Enhance compatibility with newer kernel versions - Linux 5.11 no longer has if_frad.h, termiox removed since kernel 5.12
libgit2 Enable SSH key verification by default [CVE-2023-22742]
libpod Fix privilege escalation issue [CVE-2022-1227]; fix capability escalation issue due to containers being incorrectly started with non-empty default permissions [CVE-2022-27649]; fix parsing of DBUS_SESSION_BUS_ADDRESS
libreoffice Change Croatia's default currency to Euro; avoid empty -Djava.class.path= [CVE-2022-38745]
libvirt Fix container reboot-related issues; fix test failures when combined with newer Xen versions
libxpm Fix infinite loop issues [CVE-2022-44617 CVE-2022-46285]; fix double free issue in error handling code; fix "compression commands depend on PATH" [CVE-2022-4883]
libzen Fix null pointer dereference issue [CVE-2020-36646]
linux New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86
linux-signed-amd64 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86
linux-signed-arm64 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86
linux-signed-i386 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86
lxc Fix file existence oracle [CVE-2022-47952]
macromoleculebuilder Fix build failure by adding build dependency on docbook-xsl
mariadb-10.5 New upstream stable release; revert upstream libmariadb API change
mono Remove desktop file
ncurses Guard against corrupt terminfo data [CVE-2022-29458]; fix tic crash on very long tc/use clauses
needrestart Fix warnings when using "-b" option
node-cookiejar Guard against maliciously-sized cookies [CVE-2022-25901]
node-webpack Avoid cross-realm object access [CVE-2023-28154]
nvidia-graphics-drivers New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199]
nvidia-graphics-drivers-tesla-450 New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199]
nvidia-graphics-drivers-tesla-470 New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199]
nvidia-modprobe New upstream release
openvswitch Fix "openvswitch-switch update leaves interfaces down"
passenger Fix compatibility with more recent NodeJS versions
phyx Remove unnecessary build dependency on libatlas-cpp
postfix New upstream stable release
postgis Fix wrong Polar stereographic axis order
postgresql-13 New upstream stable release; fix client memory disclosure issue [CVE-2022-41862]
python-acme Fix version of created CSRs, to prevent problems with strictly RFC-complying implementations of the ACME API
ruby-aws-sdk-core Fix generation of version file
ruby-cfpropertylist Fix some functionality by dropping compatibility with Ruby 1.8
shim New upstream release; new upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4
shim-helpers-amd64-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4
shim-helpers-arm64-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4
shim-helpers-i386-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4
shim-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4
snakeyaml Fix denial of service issues [CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751]; add documentation regarding security support / issues
spyder Fix duplication of code when saving
symfony Remove private headers before storing responses with HttpCache [CVE-2022-24894]; remove CSRF tokens from storage on successful login [CVE-2022-24895]
systemd Fix information leak issue [CVE-2022-4415], denial of service issue [CVE-2022-3821]; ata_id: fix getting Response Code from SCSI Sense Data; logind: fix getting property OnExternalPower via D-Bus; fix crash in systemd-machined
tomcat9 Add OpenJDK 17 support to JDK detection
traceroute Interpret v4mapped-IPv6 addresses as IPv4
tzdata Update included data
unbound Fix Non-Responsive Delegation Attack [CVE-2022-3204]; fix "ghost domain names" issue [CVE-2022-30698 CVE-2022-30699]
usb.ids Update included data
vagrant Add support for VirtualBox 7.0
voms-api-java Fix build failures by disabling some non-working tests
w3m Fix out-of-bounds write issue [CVE-2022-38223]
x4d-icons Fix build failure with newer imagemagick versions
xapian-core Prevent database corruption on disk exhaustion
Correções de segurança
Advisory ID Package
DSA-5170 nodejs
DSA-5237 firefox-esr
DSA-5238 thunderbird
DSA-5259 firefox-esr
DSA-5262 thunderbird
DSA-5282 firefox-esr
DSA-5284 thunderbird
DSA-5300 pngcheck
DSA-5301 firefox-esr
DSA-5302 chromium
DSA-5303 thunderbird
DSA-5304 xorg-server
DSA-5305 libksba
DSA-5306 gerbv
DSA-5307 libcommons-net-java
DSA-5308 webkit2gtk
DSA-5309 wpewebkit
DSA-5310 ruby-image-processing
DSA-5311 trafficserver
DSA-5312 libjettison-java
DSA-5313 hsqldb
DSA-5314 emacs
DSA-5315 libxstream-java
DSA-5316 netty
DSA-5317 chromium
DSA-5318 lava
DSA-5319 openvswitch
DSA-5320 tor
DSA-5321 sudo
DSA-5322 firefox-esr
DSA-5323 libitext5-java
DSA-5324 linux-signed-amd64
DSA-5324 linux-signed-arm64
DSA-5324 linux-signed-i386
DSA-5324 linux
DSA-5325 spip
DSA-5326 nodejs
DSA-5327 swift
DSA-5328 chromium
DSA-5329 bind9
DSA-5330 curl
DSA-5331 openjdk-11
DSA-5332 git
DSA-5333 tiff
DSA-5334 varnish
DSA-5335 openjdk-17
DSA-5336 glance
DSA-5337 nova
DSA-5338 cinder
DSA-5339 libhtml-stripscripts-perl
DSA-5340 webkit2gtk
DSA-5341 wpewebkit
DSA-5342 xorg-server
DSA-5343 openssl
DSA-5344 heimdal
DSA-5345 chromium
DSA-5346 libde265
DSA-5347 imagemagick
DSA-5348 haproxy
DSA-5349 gnutls28
DSA-5350 firefox-esr
DSA-5351 webkit2gtk
DSA-5352 wpewebkit
DSA-5353 nss
DSA-5355 thunderbird
DSA-5356 sox
DSA-5357 git
DSA-5358 asterisk
DSA-5359 chromium
DSA-5361 tiff
DSA-5362 frr
DSA-5363 php7.4
DSA-5364 apr-util
DSA-5365 curl
DSA-5366 multipath-tools
DSA-5367 spip
DSA-5368 libreswan
DSA-5369 syslog-ng
DSA-5370 apr
DSA-5371 chromium
DSA-5372 rails
DSA-5373 node-sqlite3
DSA-5374 firefox-esr
DSA-5375 thunderbird
DSA-5376 apache2
DSA-5377 chromium
DSA-5378 xen
DSA-5379 dino-im
DSA-5380 xorg-server
DSA-5381 tomcat9
DSA-5382 cairosvg
DSA-5383 ghostscript
DSA-5384 openimageio
DSA-5385 firefox-esr
DSA-5386 chromium
DSA-5387 openvswitch
DSA-5388 haproxy
DSA-5389 rails
DSA-5390 chromium
DSA-5391 libxml2
DSA-5392 thunderbird
DSA-5393 chromium
Você não precisa reinstalar o sistem, basta atualizar.
sudo apt update ; sudo apt full-upgrade
Comentários
Postar um comentário
olá, seja bem vindo ao Linux Dicas e suporte !!