Re: Debian DSA-5095-1 : linux - security update

[Sona Das <sona.das@wearealef.com>]

But whenever I tried to upgrade my linux-header it still remains on linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.

As per the below url the security vulnerability for Debian 11 is resolved in version 5.10.103-1, but my "apt-get upgrade”  doesn’t upgrade the linux-headers to the latest fixed version

https://security-tracker.debian.org/tracker/CVE-2022-23222

Im using the below repository urls in my sources.list to update my Debian system

deb http://deb.debian.org/debian/ bullseye main

deb-src http://deb.debian.org/debian/ bullseye main

deb http://deb.debian.org/debian/ bullseye-updates main contrib

deb-src http://deb.debian.org/debian/ bullseye-updates main contrib

deb http://security.debian.org/debian-security bullseye-security main contrib

deb-src http://security.debian.org/debian-security bullseye-security main contrib

On 17-Mar-2022, at 5:38 AM, Ben Hutchings <ben@decadent.org.uk> wrote:

On Wed, 2022-03-16 at 23:46 +0530, Sona Das wrote:

Hi Team,

We are having High level threat in our Debian systems detected by our vulnerability scanners
Debian DSA-5095-1 : linux - security update

Debian DSA-4994-1 : bind9 - security update

We tried to upgrade our Debian systems using the Debian repo but the affected packages didn’t received the package upgrade which takes care of the vulnerability. Below packages are affected and are not getting upgraded:
linux-headers-5.10.0-10-amd64_5.10.84-1

This was replaced by linux-headers-5.10.0-11-amd64.  So long as you
install the metapackage linux-headers-amd64, replacements like this
should be upgraded automatically.

libirs-export161_1:9.11.19+dfsg-2.1

This is the only version available in Debian.  It is built separately
from bind9 and is only used by the ISC DHCP server.

Ben.

--
Ben Hutchings
Make three consecutive correct guesses and you will be considered
an expert.

Best regards,
Sona Das
--- 
+91 7021926734 / 9768458639

CONFIDENTIALITY. This email and any attachments are confidential to Alef Edge, and may also be privileged, except where the email states it can be disclosed. If this email is received in error, please do not disclose the contents to anyone, notify the sender by return email, and delete this email (and any attachments) from your system.

CONFIDENTIALITY. This email and any attachments are confidential to Alef Edge Inc., and may also be privileged, except where the email states it can be disclosed. If this email is received in error, please do not disclose the contents to anyone, notify the sender by return email, and delete this email (and any attachments) from your system.