------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 10: 10.9 released press@debian.org March 27th, 2021 https://www.debian.org/News/2021/20210327 ------------------------------------------------------------------------ The Debian project is pleased to announce the ninth update of its stable distribution Debian 10 (codename "buster"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 10 but only updates some of the packages included. There is no need to throw away old "buster" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +---------------------------+-----------------------------------------+ | Package | Reason | +---------------------------+-----------------------------------------+ | avahi [1] | Remove avahi-daemon-check-dns | | | mechanism, which is no longer needed | | | | | base-files [2] | Update /etc/debian_version for the 10.9 | | | point release | | | | | cloud-init [3] | Avoid logging generated passwords to | | | world-readable log files [CVE-2021- | | | 3429] | | | | | debian-archive- | Add bullseye keys; retire jessie keys | | keyring [4] | | | | | | debian-installer [5] | Use 4.19.0-16 Linux kernel ABI | | | | | debian-installer-netboot- | Rebuild against proposed-updates | | images [6] | | | | | | exim4 [7] | Fix use of concurrent TLS connections | | | under GnuTLS; fix TLS certificate | | | verification with CNAMEs; | | | README.Debian: document the limitation/ | | | extent of server certificate | | | verification in the default | | | configuration | | | | | fetchmail [8] | No longer report "System error during | | | SSL_connect(): Success" ; remove | | | OpenSSL version check | | | | | fwupd [9] | Add SBAT support | | | | | fwupd-amd64-signed [10] | Add SBAT support | | | | | fwupd-arm64-signed [11] | Add SBAT support | | | | | fwupd-armhf-signed [12] | Add SBAT support | | | | | fwupd-i386-signed [13] | Add SBAT support | | | | | fwupdate [14] | Add SBAT support | | | | | fwupdate-amd64- | Add SBAT support | | signed [15] | | | | | | fwupdate-arm64- | Add SBAT support | | signed [16] | | | | | | fwupdate-armhf- | Add SBAT support | | signed [17] | | | | | | fwupdate-i386-signed [18] | Add SBAT support | | | | | gdnsd [19] | Fix stack overflow with overly-large | | | IPv6 addresses [CVE-2019-13952] | | | | | groff [20] | Rebuild against ghostscript 9.27 | | | | | hwloc-contrib [21] | Enable support for the ppc64el | | | architecture | | | | | intel-microcode [22] | Update various microcode | | | | | iputils [23] | Fix ping rounding errors; fix tracepath | | | target corruption | | | | | jquery [24] | Fix untrusted code execution | | | vulnerabilities [CVE-2020-11022 | | | CVE-2020-11023] | | | | | libbsd [25] | Fix out-of-bounds read issue [CVE-2019- | | | 20367] | | | | | libpano13 [26] | Fix format string vulnerability | | | | | libreoffice [27] | Do not load encodings.py from current | | | directoy | | | | | linux [28] | New upstream stable release; update ABI | | | to -16; rotate secure boot signing | | | keys; rt: update to 4.19.173-rt72 | | | | | linux-latest [29] | Update to -15 kernel ABI; update for | | | -16 kernel ABI | | | | | linux-signed-amd64 [30] | New upstream stable release; update ABI | | | to -16; rotate secure boot signing | | | keys; rt: update to 4.19.173-rt72 | | | | | linux-signed-arm64 [31] | New upstream stable release; update ABI | | | to -16; rotate secure boot signing | | | keys; rt: update to 4.19.173-rt72 | | | | | linux-signed-i386 [32] | New upstream stable release; update ABI | | | to -16; rotate secure boot signing | | | keys; rt: update to 4.19.173-rt72 | | | | | lirc [33] | Normalize embedded $ | | | {DEB_HOST_MULTIARCH} value in /etc/ | | | lirc/lirc_options.conf to find | | | unmodified configuration files on all | | | architectures; recommend gir1.2- | | | vte-2.91 instead of non-existent | | | gir1.2-vte | | | | | m2crypto [34] | Fix test failure with recent OpenSSL | | | versions | | | | | openafs [35] | Fix outgoing connections after unix | | | epoch time 0x60000000 (14 January 2021) | | | | | portaudio19 [36] | Handle EPIPE from | | | alsa_snd_pcm_poll_descriptors, fixing | | | crash | | | | | postgresql-11 [37] | New upstream stable release; fix | | | information leakage in constraint- | | | violation error messages [CVE-2021- | | | 3393]; fix CREATE INDEX CONCURRENTLY to | | | wait for concurrent prepared | | | transactions | | | | | privoxy [38] | Security issues [CVE-2020-35502 | | | CVE-2021-20209 CVE-2021-20210 CVE-2021- | | | 20211 CVE-2021-20212 CVE-2021-20213 | | | CVE-2021-20214 CVE-2021-20215 CVE-2021- | | | 20216 CVE-2021-20217 CVE-2021-20272 | | | CVE-2021-20273 CVE-2021-20275 CVE-2021- | | | 20276] | | | | | python3.7 [39] | Fix CRLF injection in http.client | | | [CVE-2020-26116]; fix buffer overflow | | | in PyCArg_repr in _ctypes/callproc.c | | | [CVE-2021-3177] | | | | | redis [40] | Fix a series of integer overflow issues | | | on 32-bit systems [CVE-2021-21309] | | | | | ruby-mechanize [41] | Fix command injection issue [CVE-2021- | | | 21289] | | | | | systemd [42] | core: make sure to restore the control | | | command id, too, fixing a segfault; | | | seccomp: allow turning off of seccomp | | | filtering via an environment variable | | | | | uim [43] | libuim-data: Perform symlink_to_dir | | | conversion of /usr/share/doc/libuim- | | | data in the resurrected package for | | | clean upgrades from stretch | | | | | xcftools [44] | Fix integer overflow vulnerability | | | [CVE-2019-5086 CVE-2019-5087] | | | | | xterm [45] | Correct upper-limit for selection | | | buffer, accounting for combining | | | characters [CVE-2021-27135] | | | | +---------------------------+-----------------------------------------+ 1: https://packages.debian.org/src:avahi 2: https://packages.debian.org/src:base-files 3: https://packages.debian.org/src:cloud-init 4: https://packages.debian.org/src:debian-archive-keyring 5: https://packages.debian.org/src:debian-installer 6: https://packages.debian.org/src:debian-installer-netboot-images 7: https://packages.debian.org/src:exim4 8: https://packages.debian.org/src:fetchmail 9: https://packages.debian.org/src:fwupd 10: https://packages.debian.org/src:fwupd-amd64-signed 11: https://packages.debian.org/src:fwupd-arm64-signed 12: https://packages.debian.org/src:fwupd-armhf-signed 13: https://packages.debian.org/src:fwupd-i386-signed 14: https://packages.debian.org/src:fwupdate 15: https://packages.debian.org/src:fwupdate-amd64-signed 16: https://packages.debian.org/src:fwupdate-arm64-signed 17: https://packages.debian.org/src:fwupdate-armhf-signed 18: https://packages.debian.org/src:fwupdate-i386-signed 19: https://packages.debian.org/src:gdnsd 20: https://packages.debian.org/src:groff 21: https://packages.debian.org/src:hwloc-contrib 22: https://packages.debian.org/src:intel-microcode 23: https://packages.debian.org/src:iputils 24: https://packages.debian.org/src:jquery 25: https://packages.debian.org/src:libbsd 26: https://packages.debian.org/src:libpano13 27: https://packages.debian.org/src:libreoffice 28: https://packages.debian.org/src:linux 29: https://packages.debian.org/src:linux-latest 30: https://packages.debian.org/src:linux-signed-amd64 31: https://packages.debian.org/src:linux-signed-arm64 32: https://packages.debian.org/src:linux-signed-i386 33: https://packages.debian.org/src:lirc 34: https://packages.debian.org/src:m2crypto 35: https://packages.debian.org/src:openafs 36: https://packages.debian.org/src:portaudio19 37: https://packages.debian.org/src:postgresql-11 38: https://packages.debian.org/src:privoxy 39: https://packages.debian.org/src:python3.7 40: https://packages.debian.org/src:redis 41: https://packages.debian.org/src:ruby-mechanize 42: https://packages.debian.org/src:systemd 43: https://packages.debian.org/src:uim 44: https://packages.debian.org/src:xcftools 45: https://packages.debian.org/src:xterm Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+----------------------------+ | Advisory ID | Package | +----------------+----------------------------+ | DSA-4826 [46] | nodejs [47] | | | | | DSA-4844 [48] | dnsmasq [49] | | | | | DSA-4845 [50] | openldap [51] | | | | | DSA-4846 [52] | chromium [53] | | | | | DSA-4847 [54] | connman [55] | | | | | DSA-4849 [56] | firejail [57] | | | | | DSA-4850 [58] | libzstd [59] | | | | | DSA-4851 [60] | subversion [61] | | | | | DSA-4853 [62] | spip [63] | | | | | DSA-4854 [64] | webkit2gtk [65] | | | | | DSA-4855 [66] | openssl [67] | | | | | DSA-4856 [68] | php7.3 [69] | | | | | DSA-4857 [70] | bind9 [71] | | | | | DSA-4858 [72] | chromium [73] | | | | | DSA-4859 [74] | libzstd [75] | | | | | DSA-4860 [76] | openldap [77] | | | | | DSA-4861 [78] | screen [79] | | | | | DSA-4862 [80] | firefox-esr [81] | | | | | DSA-4863 [82] | nodejs [83] | | | | | DSA-4864 [84] | python-aiohttp [85] | | | | | DSA-4865 [86] | docker.io [87] | | | | | DSA-4867 [88] | grub-efi-amd64-signed [89] | | | | | DSA-4867 [90] | grub-efi-arm64-signed [91] | | | | | DSA-4867 [92] | grub-efi-ia32-signed [93] | | | | | DSA-4867 [94] | grub2 [95] | | | | | DSA-4868 [96] | flatpak [97] | | | | | DSA-4869 [98] | tiff [99] | | | | | DSA-4870 [100] | pygments [101] | | | | | DSA-4871 [102] | tor [103] | | | | | DSA-4872 [104] | shibboleth-sp [105] | | | | +----------------+----------------------------+ 46: https://www.debian.org/security/2021/dsa-4826 47: https://packages.debian.org/src:nodejs 48: https://www.debian.org/security/2021/dsa-4844 49: https://packages.debian.org/src:dnsmasq 50: https://www.debian.org/security/2021/dsa-4845 51: https://packages.debian.org/src:openldap 52: https://www.debian.org/security/2021/dsa-4846 53: https://packages.debian.org/src:chromium 54: https://www.debian.org/security/2021/dsa-4847 55: https://packages.debian.org/src:connman 56: https://www.debian.org/security/2021/dsa-4849 57: https://packages.debian.org/src:firejail 58: https://www.debian.org/security/2021/dsa-4850 59: https://packages.debian.org/src:libzstd 60: https://www.debian.org/security/2021/dsa-4851 61: https://packages.debian.org/src:subversion 62: https://www.debian.org/security/2021/dsa-4853 63: https://packages.debian.org/src:spip 64: https://www.debian.org/security/2021/dsa-4854 65: https://packages.debian.org/src:webkit2gtk 66: https://www.debian.org/security/2021/dsa-4855 67: https://packages.debian.org/src:openssl 68: https://www.debian.org/security/2021/dsa-4856 69: https://packages.debian.org/src:php7.3 70: https://www.debian.org/security/2021/dsa-4857 71: https://packages.debian.org/src:bind9 72: https://www.debian.org/security/2021/dsa-4858 73: https://packages.debian.org/src:chromium 74: https://www.debian.org/security/2021/dsa-4859 75: https://packages.debian.org/src:libzstd 76: https://www.debian.org/security/2021/dsa-4860 77: https://packages.debian.org/src:openldap 78: https://www.debian.org/security/2021/dsa-4861 79: https://packages.debian.org/src:screen 80: https://www.debian.org/security/2021/dsa-4862 81: https://packages.debian.org/src:firefox-esr 82: https://www.debian.org/security/2021/dsa-4863 83: https://packages.debian.org/src:nodejs 84: https://www.debian.org/security/2021/dsa-4864 85: https://packages.debian.org/src:python-aiohttp 86: https://www.debian.org/security/2021/dsa-4865 87: https://packages.debian.org/src:docker.io 88: https://www.debian.org/security/2021/dsa-4867 89: https://packages.debian.org/src:grub-efi-amd64-signed 90: https://www.debian.org/security/2021/dsa-4867 91: https://packages.debian.org/src:grub-efi-arm64-signed 92: https://www.debian.org/security/2021/dsa-4867 93: https://packages.debian.org/src:grub-efi-ia32-signed 94: https://www.debian.org/security/2021/dsa-4867 95: https://packages.debian.org/src:grub2 96: https://www.debian.org/security/2021/dsa-4868 97: https://packages.debian.org/src:flatpak 98: https://www.debian.org/security/2021/dsa-4869 99: https://packages.debian.org/src:tiff 100: https://www.debian.org/security/2021/dsa-4870 101: https://packages.debian.org/src:pygments 102: https://www.debian.org/security/2021/dsa-4871 103: https://packages.debian.org/src:tor 104: https://www.debian.org/security/2021/dsa-4872 105: https://packages.debian.org/src:shibboleth-sp Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/buster/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature