------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 10: 10.9 released press@debian.org
March 27th, 2021 https://www.debian.org/News/2021/20210327
------------------------------------------------------------------------
The Debian project is pleased to announce the ninth update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+---------------------------+-----------------------------------------+
| Package | Reason |
+---------------------------+-----------------------------------------+
| avahi [1] | Remove avahi-daemon-check-dns
|
| | mechanism, which is no longer needed |
| | |
| base-files [2] | Update /etc/debian_version for the 10.9 |
| | point release |
| | |
| cloud-init [3] | Avoid logging generated passwords to
|
| | world-readable log files [CVE-2021- |
| | 3429] |
| | |
| debian-archive- | Add bullseye keys; retire jessie keys |
| keyring [4] |
|
| | |
| debian-installer [5] | Use 4.19.0-16 Linux kernel ABI
|
| | |
| debian-installer-netboot- | Rebuild against proposed-updates |
| images [6] |
|
| | |
| exim4 [7] | Fix use of concurrent TLS connections
|
| | under GnuTLS; fix TLS certificate |
| | verification with CNAMEs; |
| | README.Debian: document the limitation/ |
| | extent of server certificate |
| | verification in the default |
| | configuration |
| | |
| fetchmail [8] | No longer report "System error during
|
| | SSL_connect(): Success" ; remove |
| | OpenSSL version check |
| | |
| fwupd [9] | Add SBAT support
|
| | |
| fwupd-amd64-signed [10] | Add SBAT support
|
| | |
| fwupd-arm64-signed [11] | Add SBAT support
|
| | |
| fwupd-armhf-signed [12] | Add SBAT support
|
| | |
| fwupd-i386-signed [13] | Add SBAT support
|
| | |
| fwupdate [14] | Add SBAT support
|
| | |
| fwupdate-amd64- | Add SBAT support |
| signed [15] |
|
| | |
| fwupdate-arm64- | Add SBAT support |
| signed [16] |
|
| | |
| fwupdate-armhf- | Add SBAT support |
| signed [17] |
|
| | |
| fwupdate-i386-signed [18] | Add SBAT support
|
| | |
| gdnsd [19] | Fix stack overflow with overly-large
|
| | IPv6 addresses [CVE-2019-13952] |
| | |
| groff [20] | Rebuild against ghostscript 9.27
|
| | |
| hwloc-contrib [21] | Enable support for the ppc64el
|
| | architecture |
| | |
| intel-microcode [22] | Update various microcode
|
| | |
| iputils [23] | Fix ping rounding errors; fix tracepath |
| | target corruption |
| | |
| jquery [24] | Fix untrusted code execution
|
| | vulnerabilities [CVE-2020-11022 |
| | CVE-2020-11023] |
| | |
| libbsd [25] | Fix out-of-bounds read issue [CVE-2019- |
| | 20367] |
| | |
| libpano13 [26] | Fix format string vulnerability
|
| | |
| libreoffice [27] | Do not load encodings.py from current
|
| | directoy |
| | |
| linux [28] | New upstream stable release; update ABI |
| | to -16; rotate secure boot signing |
| | keys; rt: update to 4.19.173-rt72 |
| | |
| linux-latest [29] | Update to -15 kernel ABI; update for
|
| | -16 kernel ABI |
| | |
| linux-signed-amd64 [30] | New upstream stable release; update ABI |
| | to -16; rotate secure boot signing |
| | keys; rt: update to 4.19.173-rt72 |
| | |
| linux-signed-arm64 [31] | New upstream stable release; update ABI |
| | to -16; rotate secure boot signing |
| | keys; rt: update to 4.19.173-rt72 |
| | |
| linux-signed-i386 [32] | New upstream stable release; update ABI |
| | to -16; rotate secure boot signing |
| | keys; rt: update to 4.19.173-rt72 |
| | |
| lirc [33] | Normalize embedded $
|
| | {DEB_HOST_MULTIARCH} value in /etc/ |
| | lirc/lirc_options.conf to find |
| | unmodified configuration files on all |
| | architectures; recommend gir1.2- |
| | vte-2.91 instead of non-existent |
| | gir1.2-vte |
| | |
| m2crypto [34] | Fix test failure with recent OpenSSL
|
| | versions |
| | |
| openafs [35] | Fix outgoing connections after unix
|
| | epoch time 0x60000000 (14 January 2021) |
| | |
| portaudio19 [36] | Handle EPIPE from
|
| | alsa_snd_pcm_poll_descriptors, fixing |
| | crash |
| | |
| postgresql-11 [37] | New upstream stable release; fix
|
| | information leakage in constraint- |
| | violation error messages [CVE-2021- |
| | 3393]; fix CREATE INDEX CONCURRENTLY to |
| | wait for concurrent prepared |
| | transactions |
| | |
| privoxy [38] | Security issues [CVE-2020-35502
|
| | CVE-2021-20209 CVE-2021-20210 CVE-2021- |
| | 20211 CVE-2021-20212 CVE-2021-20213 |
| | CVE-2021-20214 CVE-2021-20215 CVE-2021- |
| | 20216 CVE-2021-20217 CVE-2021-20272 |
| | CVE-2021-20273 CVE-2021-20275 CVE-2021- |
| | 20276] |
| | |
| python3.7 [39] | Fix CRLF injection in http.client
|
| | [CVE-2020-26116]; fix buffer overflow |
| | in PyCArg_repr in _ctypes/callproc.c |
| | [CVE-2021-3177] |
| | |
| redis [40] | Fix a series of integer overflow issues |
| | on 32-bit systems [CVE-2021-21309] |
| | |
| ruby-mechanize [41] | Fix command injection issue [CVE-2021-
|
| | 21289] |
| | |
| systemd [42] | core: make sure to restore the control
|
| | command id, too, fixing a segfault; |
| | seccomp: allow turning off of seccomp |
| | filtering via an environment variable |
| | |
| uim [43] | libuim-data: Perform symlink_to_dir
|
| | conversion of /usr/share/doc/libuim- |
| | data in the resurrected package for |
| | clean upgrades from stretch |
| | |
| xcftools [44] | Fix integer overflow vulnerability
|
| | [CVE-2019-5086 CVE-2019-5087] |
| | |
| xterm [45] | Correct upper-limit for selection
|
| | buffer, accounting for combining |
| | characters [CVE-2021-27135] |
| | |
+---------------------------+-----------------------------------------+
1: https://packages.debian.org/src:avahi
2: https://packages.debian.org/src:base-files
3: https://packages.debian.org/src:cloud-init
4: https://packages.debian.org/src:debian-archive-keyring
5: https://packages.debian.org/src:debian-installer
6: https://packages.debian.org/src:debian-installer-netboot-images
7: https://packages.debian.org/src:exim4
8: https://packages.debian.org/src:fetchmail
9: https://packages.debian.org/src:fwupd
10: https://packages.debian.org/src:fwupd-amd64-signed
11: https://packages.debian.org/src:fwupd-arm64-signed
12: https://packages.debian.org/src:fwupd-armhf-signed
13: https://packages.debian.org/src:fwupd-i386-signed
14: https://packages.debian.org/src:fwupdate
15: https://packages.debian.org/src:fwupdate-amd64-signed
16: https://packages.debian.org/src:fwupdate-arm64-signed
17: https://packages.debian.org/src:fwupdate-armhf-signed
18: https://packages.debian.org/src:fwupdate-i386-signed
19: https://packages.debian.org/src:gdnsd
20: https://packages.debian.org/src:groff
21: https://packages.debian.org/src:hwloc-contrib
22: https://packages.debian.org/src:intel-microcode
23: https://packages.debian.org/src:iputils
24: https://packages.debian.org/src:jquery
25: https://packages.debian.org/src:libbsd
26: https://packages.debian.org/src:libpano13
27: https://packages.debian.org/src:libreoffice
28: https://packages.debian.org/src:linux
29: https://packages.debian.org/src:linux-latest
30: https://packages.debian.org/src:linux-signed-amd64
31: https://packages.debian.org/src:linux-signed-arm64
32: https://packages.debian.org/src:linux-signed-i386
33: https://packages.debian.org/src:lirc
34: https://packages.debian.org/src:m2crypto
35: https://packages.debian.org/src:openafs
36: https://packages.debian.org/src:portaudio19
37: https://packages.debian.org/src:postgresql-11
38: https://packages.debian.org/src:privoxy
39: https://packages.debian.org/src:python3.7
40: https://packages.debian.org/src:redis
41: https://packages.debian.org/src:ruby-mechanize
42: https://packages.debian.org/src:systemd
43: https://packages.debian.org/src:uim
44: https://packages.debian.org/src:xcftools
45: https://packages.debian.org/src:xterm
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+----------------------------+
| Advisory ID | Package |
+----------------+----------------------------+
| DSA-4826 [46] | nodejs [47] |
| | |
| DSA-4844 [48] | dnsmasq [49] |
| | |
| DSA-4845 [50] | openldap [51] |
| | |
| DSA-4846 [52] | chromium [53] |
| | |
| DSA-4847 [54] | connman [55] |
| | |
| DSA-4849 [56] | firejail [57] |
| | |
| DSA-4850 [58] | libzstd [59] |
| | |
| DSA-4851 [60] | subversion [61] |
| | |
| DSA-4853 [62] | spip [63] |
| | |
| DSA-4854 [64] | webkit2gtk [65] |
| | |
| DSA-4855 [66] | openssl [67] |
| | |
| DSA-4856 [68] | php7.3 [69] |
| | |
| DSA-4857 [70] | bind9 [71] |
| | |
| DSA-4858 [72] | chromium [73] |
| | |
| DSA-4859 [74] | libzstd [75] |
| | |
| DSA-4860 [76] | openldap [77] |
| | |
| DSA-4861 [78] | screen [79] |
| | |
| DSA-4862 [80] | firefox-esr [81] |
| | |
| DSA-4863 [82] | nodejs [83] |
| | |
| DSA-4864 [84] | python-aiohttp [85] |
| | |
| DSA-4865 [86] | docker.io [87] |
| | |
| DSA-4867 [88] | grub-efi-amd64-signed [89] |
| | |
| DSA-4867 [90] | grub-efi-arm64-signed [91] |
| | |
| DSA-4867 [92] | grub-efi-ia32-signed [93] |
| | |
| DSA-4867 [94] | grub2 [95] |
| | |
| DSA-4868 [96] | flatpak [97] |
| | |
| DSA-4869 [98] | tiff [99] |
| | |
| DSA-4870 [100] | pygments [101] |
| | |
| DSA-4871 [102] | tor [103] |
| | |
| DSA-4872 [104] | shibboleth-sp [105] |
| | |
+----------------+----------------------------+
46: https://www.debian.org/security/2021/dsa-4826
47: https://packages.debian.org/src:nodejs
48: https://www.debian.org/security/2021/dsa-4844
49: https://packages.debian.org/src:dnsmasq
50: https://www.debian.org/security/2021/dsa-4845
51: https://packages.debian.org/src:openldap
52: https://www.debian.org/security/2021/dsa-4846
53: https://packages.debian.org/src:chromium
54: https://www.debian.org/security/2021/dsa-4847
55: https://packages.debian.org/src:connman
56: https://www.debian.org/security/2021/dsa-4849
57: https://packages.debian.org/src:firejail
58: https://www.debian.org/security/2021/dsa-4850
59: https://packages.debian.org/src:libzstd
60: https://www.debian.org/security/2021/dsa-4851
61: https://packages.debian.org/src:subversion
62: https://www.debian.org/security/2021/dsa-4853
63: https://packages.debian.org/src:spip
64: https://www.debian.org/security/2021/dsa-4854
65: https://packages.debian.org/src:webkit2gtk
66: https://www.debian.org/security/2021/dsa-4855
67: https://packages.debian.org/src:openssl
68: https://www.debian.org/security/2021/dsa-4856
69: https://packages.debian.org/src:php7.3
70: https://www.debian.org/security/2021/dsa-4857
71: https://packages.debian.org/src:bind9
72: https://www.debian.org/security/2021/dsa-4858
73: https://packages.debian.org/src:chromium
74: https://www.debian.org/security/2021/dsa-4859
75: https://packages.debian.org/src:libzstd
76: https://www.debian.org/security/2021/dsa-4860
77: https://packages.debian.org/src:openldap
78: https://www.debian.org/security/2021/dsa-4861
79: https://packages.debian.org/src:screen
80: https://www.debian.org/security/2021/dsa-4862
81: https://packages.debian.org/src:firefox-esr
82: https://www.debian.org/security/2021/dsa-4863
83: https://packages.debian.org/src:nodejs
84: https://www.debian.org/security/2021/dsa-4864
85: https://packages.debian.org/src:python-aiohttp
86: https://www.debian.org/security/2021/dsa-4865
87: https://packages.debian.org/src:docker.io
88: https://www.debian.org/security/2021/dsa-4867
89: https://packages.debian.org/src:grub-efi-amd64-signed
90: https://www.debian.org/security/2021/dsa-4867
91: https://packages.debian.org/src:grub-efi-arm64-signed
92: https://www.debian.org/security/2021/dsa-4867
93: https://packages.debian.org/src:grub-efi-ia32-signed
94: https://www.debian.org/security/2021/dsa-4867
95: https://packages.debian.org/src:grub2
96: https://www.debian.org/security/2021/dsa-4868
97: https://packages.debian.org/src:flatpak
98: https://www.debian.org/security/2021/dsa-4869
99: https://packages.debian.org/src:tiff
100: https://www.debian.org/security/2021/dsa-4870
101: https://packages.debian.org/src:pygments
102: https://www.debian.org/security/2021/dsa-4871
103: https://packages.debian.org/src:tor
104: https://www.debian.org/security/2021/dsa-4872
105: https://packages.debian.org/src:shibboleth-sp
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
http://ftp.debian.org/debian/dists/buster/ChangeLog
The current stable distribution:
http://ftp.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
http://ftp.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature