A comunidade Debian lança o sétimo pacote de correções do Debian 11 Bullseye

Debian 11.7 Bullseye é lançado

O anúncio foi feito em 29 de abril de 2023.

"O projeto Debian tem o prazer de anunciar a sétima atualização de sua distribuição estável Debian 11 (codinome "bullseye"). Esta versão pontual adiciona principalmente correções para problemas de segurança, juntamente com alguns ajustes para problemas sérios. "

Correções de bugs.

 

Package Reason akregator Fix validity checks, including fixing deletion of feeds and folders apache2 Don't automatically enable apache2-doc.conf; fix regressions in http2 and mod_rewrite introduced in 2.4.56 at-spi2-core Set stop timeout to 5 seconds, so as not to needlessly block system shutdowns avahi Fix local denial of service issue [CVE-2021-3468] base-files Update for the 11.7 point release c-ares Prevent stack overflow and denial of service [CVE-2022-4904] clamav New upstream stable release; fix possible remote code execution issue in the HFS+ file parser [CVE-2023-20032], possible information leak in the DMG file parser [CVE-2023-20052] command-not-found Add new non-free-firmware component, fixing upgrades to bookworm containerd Fix denial of service issue [CVE-2023-25153]; fix possible privilege escalation via incorrect setup of supplementary groups [CVE-2023-25173] crun Fix capability escalation issue due to containers being incorrectly started with non-empty default permissions [CVE-2022-27650] cwltool Add missing dependency on python3-distutils debian-archive-keyring Add bookworm keys; move stretch keys to the removed keyring debian-installer Increase Linux kernel ABI to 5.10.0-22; rebuild against proposed-updates debian-installer-netboot-images Rebuild against proposed-updates debian-ports-archive-keyring Extend the 2023 signing key's expiration by one year; add 2024 signing key; move 2022 signing key to the removed keyring dpdk New upstream stable release duktape Fix crash issue [CVE-2021-46322] e2tools Fix build failure by adding build dependency on e2fsprogs erlang Fix client authentication bypass issue [CVE-2022-37026]; use -O1 optimization for armel because -O2 makes erl segfault on certain platforms, e.g. Marvell exiv2 Security fixes [CVE-2021-29458 CVE-2021-29463 CVE-2021-29464 CVE-2021-29470 CVE-2021-29473 CVE-2021-29623 CVE-2021-32815 CVE-2021-34334 CVE-2021-34335 CVE-2021-3482 CVE-2021-37615 CVE-2021-37616 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623] flask-security Fix open redirect vulnerability [CVE-2021-23385] flatpak New upstream stable release; escape special characters when displaying permissions and metadata [CVE-2023-28101]; don't allow copy/paste via the TIOCLINUX ioctl when running in a Linux virtual console [CVE-2023-28100] galera-3 New upstream stable release ghostscript Fix path for PostScript helper file in ps2epsi glibc Fix memory leak in printf-family functions with long multibyte strings; fix crash in printf-family due to width/precision-dependent allocations; fix segfault in printf handling thousands separator; fix overflow in the AVX2 implementation of wcsnlen when crossing pages golang-github-containers-common Fix parsing of DBUS_SESSION_BUS_ADDRESS golang-github-containers-psgo Do not enter the process user namespace [CVE-2022-1227] golang-github-containers-storage Make previously internal functions publicly accessible, required to allow fixing CVE-2022-1227 in other packages golang-github-prometheus-exporter-toolkit Patch tests to avoid race condition; fix authentication cache poisoning issue [CVE-2022-46146] grep Fix incorrect matching when the last of multiple patterns includes a backreference gtk+3.0 Fix Wayland + EGL on GLES-only platforms guix Fix build failure due to expired keys used in test suite intel-microcode New upstream bug-fix release isc-dhcp Fix IPv6 address lifetime handling jersey1 Fix build failure with libjettison-java 1.5.3 joblib Fix arbitrary code execution issue [CVE-2022-21797] lemonldap-ng Fix URL validation bypass issue; fix 2FA issue when using AuthBasic handler [CVE-2023-28862] libapache2-mod-auth-openidc Fix open redirect issue [CVE-2022-23527] libapreq2 Fix buffer overflow issue [CVE-2022-22728] libdatetime-timezone-perl Update included data libexplain Enhance compatibility with newer kernel versions - Linux 5.11 no longer has if_frad.h, termiox removed since kernel 5.12 libgit2 Enable SSH key verification by default [CVE-2023-22742] libpod Fix privilege escalation issue [CVE-2022-1227]; fix capability escalation issue due to containers being incorrectly started with non-empty default permissions [CVE-2022-27649]; fix parsing of DBUS_SESSION_BUS_ADDRESS libreoffice Change Croatia's default currency to Euro; avoid empty -Djava.class.path= [CVE-2022-38745] libvirt Fix container reboot-related issues; fix test failures when combined with newer Xen versions libxpm Fix infinite loop issues [CVE-2022-44617 CVE-2022-46285]; fix double free issue in error handling code; fix "compression commands depend on PATH" [CVE-2022-4883] libzen Fix null pointer dereference issue [CVE-2020-36646] linux New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86 linux-signed-amd64 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86 linux-signed-arm64 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86 linux-signed-i386 New upstream stable release; increase ABI to 22; [rt] update to 5.10.176-rt86 lxc Fix file existence oracle [CVE-2022-47952] macromoleculebuilder Fix build failure by adding build dependency on docbook-xsl mariadb-10.5 New upstream stable release; revert upstream libmariadb API change mono Remove desktop file ncurses Guard against corrupt terminfo data [CVE-2022-29458]; fix tic crash on very long tc/use clauses needrestart Fix warnings when using "-b" option node-cookiejar Guard against maliciously-sized cookies [CVE-2022-25901] node-webpack Avoid cross-realm object access [CVE-2023-28154] nvidia-graphics-drivers New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199] nvidia-graphics-drivers-tesla-450 New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199] nvidia-graphics-drivers-tesla-470 New upstream release; security fixes [CVE-2023-0180 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199] nvidia-modprobe New upstream release openvswitch Fix "openvswitch-switch update leaves interfaces down" passenger Fix compatibility with more recent NodeJS versions phyx Remove unnecessary build dependency on libatlas-cpp postfix New upstream stable release postgis Fix wrong Polar stereographic axis order postgresql-13 New upstream stable release; fix client memory disclosure issue [CVE-2022-41862] python-acme Fix version of created CSRs, to prevent problems with strictly RFC-complying implementations of the ACME API ruby-aws-sdk-core Fix generation of version file ruby-cfpropertylist Fix some functionality by dropping compatibility with Ruby 1.8 shim New upstream release; new upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4 shim-helpers-amd64-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4 shim-helpers-arm64-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4 shim-helpers-i386-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4 shim-signed New upstream stable release; enable NX support at build time; block Debian grub binaries with sbat 4 snakeyaml Fix denial of service issues [CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751]; add documentation regarding security support / issues spyder Fix duplication of code when saving symfony Remove private headers before storing responses with HttpCache [CVE-2022-24894]; remove CSRF tokens from storage on successful login [CVE-2022-24895] systemd Fix information leak issue [CVE-2022-4415], denial of service issue [CVE-2022-3821]; ata_id: fix getting Response Code from SCSI Sense Data; logind: fix getting property OnExternalPower via D-Bus; fix crash in systemd-machined tomcat9 Add OpenJDK 17 support to JDK detection traceroute Interpret v4mapped-IPv6 addresses as IPv4 tzdata Update included data unbound Fix Non-Responsive Delegation Attack [CVE-2022-3204]; fix "ghost domain names" issue [CVE-2022-30698 CVE-2022-30699] usb.ids Update included data vagrant Add support for VirtualBox 7.0 voms-api-java Fix build failures by disabling some non-working tests w3m Fix out-of-bounds write issue [CVE-2022-38223] x4d-icons Fix build failure with newer imagemagick versions xapian-core Prevent database corruption on disk exhaustion

Correções de segurança

Advisory ID Package DSA-5170 nodejs DSA-5237 firefox-esr DSA-5238 thunderbird DSA-5259 firefox-esr DSA-5262 thunderbird DSA-5282 firefox-esr DSA-5284 thunderbird DSA-5300 pngcheck DSA-5301 firefox-esr DSA-5302 chromium DSA-5303 thunderbird DSA-5304 xorg-server DSA-5305 libksba DSA-5306 gerbv DSA-5307 libcommons-net-java DSA-5308 webkit2gtk DSA-5309 wpewebkit DSA-5310 ruby-image-processing DSA-5311 trafficserver DSA-5312 libjettison-java DSA-5313 hsqldb DSA-5314 emacs DSA-5315 libxstream-java DSA-5316 netty DSA-5317 chromium DSA-5318 lava DSA-5319 openvswitch DSA-5320 tor DSA-5321 sudo DSA-5322 firefox-esr DSA-5323 libitext5-java DSA-5324 linux-signed-amd64 DSA-5324 linux-signed-arm64 DSA-5324 linux-signed-i386 DSA-5324 linux DSA-5325 spip DSA-5326 nodejs DSA-5327 swift DSA-5328 chromium DSA-5329 bind9 DSA-5330 curl DSA-5331 openjdk-11 DSA-5332 git DSA-5333 tiff DSA-5334 varnish DSA-5335 openjdk-17 DSA-5336 glance DSA-5337 nova DSA-5338 cinder DSA-5339 libhtml-stripscripts-perl DSA-5340 webkit2gtk DSA-5341 wpewebkit DSA-5342 xorg-server DSA-5343 openssl DSA-5344 heimdal DSA-5345 chromium DSA-5346 libde265 DSA-5347 imagemagick DSA-5348 haproxy DSA-5349 gnutls28 DSA-5350 firefox-esr DSA-5351 webkit2gtk DSA-5352 wpewebkit DSA-5353 nss DSA-5355 thunderbird DSA-5356 sox DSA-5357 git DSA-5358 asterisk DSA-5359 chromium DSA-5361 tiff DSA-5362 frr DSA-5363 php7.4 DSA-5364 apr-util DSA-5365 curl DSA-5366 multipath-tools DSA-5367 spip DSA-5368 libreswan DSA-5369 syslog-ng DSA-5370 apr DSA-5371 chromium DSA-5372 rails DSA-5373 node-sqlite3 DSA-5374 firefox-esr DSA-5375 thunderbird DSA-5376 apache2 DSA-5377 chromium DSA-5378 xen DSA-5379 dino-im DSA-5380 xorg-server DSA-5381 tomcat9 DSA-5382 cairosvg DSA-5383 ghostscript DSA-5384 openimageio DSA-5385 firefox-esr DSA-5386 chromium DSA-5387 openvswitch DSA-5388 haproxy DSA-5389 rails DSA-5390 chromium DSA-5391 libxml2 DSA-5392 thunderbird DSA-5393 chromium

 

Você não precisa reinstalar o sistem, basta atualizar.

 

sudo apt update ; sudo apt full-upgrade