The Debian Project https://www.debian.org/
Updated Debian 10: 10.1 released press@debian.org
September 7th, 2019 https://www.debian.org/News/20 19/20190907
------------------------------
------------------------------ ------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/ list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+-- ------------------------------ ----------+
| Package | Reason |
+--------------------------+-- ------------------------------ ----------+
| acme-tiny [1] | Handle upcoming ACME protocol change |
| | |
| android-sdk-meta [2] | New upstream release; fix regex for |
| | adding Debian version to binary packages |
| | |
| apt-setup [3] | Fix preseeding of Secure Apt for local |
| | repositories via apt-setup/localX/ |
| | |
| asterisk [4] | Fix buffer overflow in |
| | res_pjsip_messaging [AST-2019-002 / |
| | CVE-2019-12827]; fix remote Crash |
| | Vulnerability in chan_sip [AST-2019- |
| | 003 / CVE-2019-13161] |
| | |
| babeltrace [5] | Bump ctf symbols depends to post merge |
| | version |
| | |
| backup-manager [6] | Fix purging of remote archives via FTP |
| | or SSH |
| | |
| base-files [7] | Update for the point release |
| | |
| basez [8] | Properly decode base64url encoded |
| | strings |
| | |
| bro [9] | Security fixes [CVE-2018-16807 CVE-2018- |
| | 17019] |
| | |
| bzip2 [10] | Fix regression uncompressing some files |
| | |
| cacti [11] | Fix some issues upgrading from the |
| | version in stretch |
| | |
| calamares-settings- | Fix permissions for initramfs image when |
| debian [12] | full-disk encryption is enabled |
| | [CVE-2019-13179] |
| | |
| ceph [13] | Rebuild against new libbabeltrace |
| | |
| clamav [14] | Prevent extraction of non-recursive zip |
| | bombs; new upstream stable release with |
| | security fixes - add scan time limit to |
| | mitigate against zip-bombs [CVE-2019- |
| | 12625]; fix out-of-bounds write within |
| | the NSIS bzip2 library [CVE-2019-12900] |
| | |
| cloudkitty [15] | Fix build failures with updated |
| | SQLAlchemy |
| | |
| console-setup [16] | Fix internationalization issues when |
| | switching locales with Perl >= 5.28 |
| | |
| cryptsetup [17] | Fix support for LUKS2 headers without |
| | any bound keyslot; fix mapped segments |
| | overflow on 32-bit architectures |
| | |
| cups [18] | Fix multiple security/disclosure issues |
| | - SNMP buffer overflows [CVE-2019-8696 |
| | CVE-2019-8675], IPP buffer overflow, |
| | Denial of Service and memory disclosure |
| | issues in the scheduler |
| | |
| dbconfig-common [19] | Fix issue caused by change in bash POSIX |
| | behaviour |
| | |
| debian-edu-config [20] | Use PXE option "ipappend 2" for LTSP |
| | client boot; fix sudo-ldap |
| | configuration; fix loss of dynamically |
| | allocated v4 IP address; several fixes |
| | and improvements to debian-edu- |
| | config.fetch-ldap-cert |
| | |
| debian-edu-doc [21] | Update Debian Edu Buster and ITIL |
| | manuals and translations |
| | |
| dehydrated [22] | Fix fetching of account information; |
| | follow-up fixes for account ID handling |
| | and APIv1 compatibility |
| | |
| devscripts [23] | debchange: target buster-backports with |
| | --bpo option |
| | |
| dma [24] | Do not limit TLS connections to using |
| | TLS 1.0 |
| | |
| dpdk [25] | New upstream stable release |
| | |
| dput-ng [26] | Add buster-backports and stretch- |
| | backports-sloppy codenames |
| | |
| e2fsprogs [27] | Fix e4defrag crashes on 32-bit |
| | architectures |
| | |
| enigmail [28] | New upstream release; security fixes |
| | [CVE-2019-12269] |
| | |
| epiphany-browser [29] | Ensure that the web extension uses the |
| | bundled copy of libdazzle |
| | |
| erlang-p1-pkix [30] | Fix handling of GnuTLS certificates |
| | |
| facter [31] | Fix parsing of Linux route non-key/value |
| | flags (e.g. onlink) |
| | |
| fdroidserver [32] | New upstream release |
| | |
| fig2dev [33] | Do not segfault on circle/half circle |
| | arrowheads with a magnification larger |
| | than 42 [CVE-2019-14275] |
| | |
| firmware-nonfree [34] | atheros: Add Qualcomm Atheros QCA9377 |
| | rev 1.0 firmware version WLAN.TF.2.1- |
| | 00021-QCARMSWP-1; realtek: Add Realtek |
| | RTL8822CU Bluetooth firmware; atheros: |
| | Revert change of QCA9377 rev 1.0 |
| | firmware in 20180518-1; misc-nonfree: |
| | add firmware for MediaTek MT76x0/MT76x2u |
| | wireless chips, MediaTek MT7622/MT7668 |
| | bluetooth chips, GV100 signed firmware |
| | |
| freeorion [35] | Fix crash when loading or saving game |
| | data |
| | |
| fuse-emulator [36] | Prefer the X11 backend over the Wayland |
| | one; show the Fuse icon on the GTK |
| | window and About dialog |
| | |
| fusiondirectory [37] | Stricter checks on LDAP lookups; add |
| | missing dependency on php-xml |
| | |
| gcab [38] | Fix corruption when extracting |
| | |
| gdb [39] | Rebuild against new libbabeltrace |
| | |
| glib2.0 [40] | Make GKeyFile settings backend create |
| | ~/.config and configuration files with |
| | restrictive permissions [CVE-2019-13012] |
| | |
| gnome-bluetooth [41] | Avoid GNOME Shell crashes when gnome- |
| | shell-extension-bluetooth-quic k-connect |
| | is used |
| | |
| gnome-control- | Fix crash when the Details -> Overview |
| center [42] | (info-overview) panel is selected; fix |
| | memory leaks in Universal Access panel; |
| | fix a regression that caused the |
| | Universal Access -> Zoom mouse tracking |
| | options to have no effect; updated |
| | Icelandic and Japanese translations |
| | |
| gnupg2 [43] | Backport many bug fixes and stability |
| | patches from upstream; use |
| | keys.openpgp.org as the default |
| | keyserver; only import self-signatures |
| | by default |
| | |
| gnuplot [44] | Fix incomplete/unsafe initialization of |
| | ARGV array |
| | |
| gosa [45] | Stricter checks on LDAP lookups |
| | |
| hfst [46] | Ensure smoother upgrades from stretch |
| | |
| initramfs-tools [47] | Disable resume when there are no |
| | suitable swap devices; MODULES=most: |
| | include all keyboard driver modules, |
| | cros_ec_spi and SPI drivers, extcon- |
| | usbc-cros-ec; MODULES=dep: include |
| | extcon drivers |
| | |
| jython [48] | Preserve backward compatibility with |
| | Java 7 |
| | |
| lacme [49] | Update for removal of unauthenticated |
| | GET support from the Let's Encrypt |
| | ACMEv2 API |
| | |
| libblockdev [50] | Use existing cryptsetup API for changing |
| | keyslot passphrase |
| | |
| libdatetime-timezone- | Update included data |
| perl [51] | |
| | |
| libjavascript- | Add support for "=>" operator |
| beautifier-perl [52] | |
| | |
| libsdl2-image [53] | Fix buffer overflows [CVE-2019-5058 |
| | CVE-2019-5052 CVE-2019-7635]; fix out of |
| | bounds access in PCX handling [CVE-2019- |
| | 12216 CVE-2019-12217 CVE-2019-12218 |
| | CVE-2019-12219 CVE-2019-12220 CVE-2019- |
| | 12221 CVE-2019-12222 CVE-2019-5051] |
| | |
| libtk-img [54] | Stop using internal copies of JPEG, Zlib |
| | and PixarLog codecs, fixing crashes |
| | |
| libxslt [55] | Fix security framework bypass [CVE-2019- |
| | 11068], uninitialized read of xsl:number |
| | token [CVE-2019-13117] and uninitialized |
| | read with UTF-8 grouping chars |
| | [CVE-2019-13118] |
| | |
| linux [56] | New upstream stable release |
| | |
| linux-latest [57] | Update for 4.19.0-6 kernel ABI |
| | |
| linux-signed-amd64 [58] | New upstream stable release |
| | |
| linux-signed-arm64 [59] | New upstream stable release |
| | |
| linux-signed-i386 [60] | New upstream stable release |
| | |
| lttv [61] | Rebuild against new libbabeltrace |
| | |
| mapproxy [62] | Fix WMS Capabilities with Python 3.7 |
| | |
| mariadb-10.3 [63] | New upstream stable release; security |
| | fixes [CVE-2019-2737 CVE-2019-2739 |
| | CVE-2019-2740 CVE-2019-2758 CVE-2019- |
| | 2805]; fix segfault on |
| | 'information_schema' access; rename |
| | 'mariadbcheck' to 'mariadb-check' |
| | |
| musescore [64] | Disable webkit functionality |
| | |
| ncbi-tools6 [65] | Repackage without non-free data/UniVec.* |
| | |
| ncurses [66] | Remove "rep" from xterm-new and |
| | derived terminfo descriptions |
| | |
| netdata [67] | Remove Google Analytics from generated |
| | documentation; opt out of sending |
| | anonymous statistics; remove "sign in" |
| | button |
| | |
| newsboat [68] | Fix use after free issue |
| | |
| nextcloud-desktop [69] | Add missing dependency on nextcloud- |
| | desktop-common to nextcloud-desktop-cmd |
| | |
| node-lodash [70] | Fix prototype pollution [CVE-2019-10744] |
| | |
| node-mixin-deep [71] | Fix prototype pollution issue |
| | |
| nss [72] | Fix security issues [CVE-2019-11719 |
| | CVE-2019-11727 CVE-2019-11729] |
| | |
| nx-libs [73] | Fix a number of memory leaks |
| | |
| open-infrastructure- | Fix container start |
| compute-tools [74] | |
| | |
| open-vm-tools [75] | Correctly handle OS versions of the form |
| | "X" , rather than "X.Y" |
| | |
| openldap [76] | Restrict rootDN proxyauthz to its own |
| | databases [CVE-2019-13057]; enforce |
| | sasl_ssf ACL statement on every |
| | connection [CVE-2019-13565]; fix slapo- |
| | rwm to not free original filter when |
| | rewritten filter is invalid |
| | |
| osinfo-db [77] | Add buster 10.0 information; fix URLs |
| | for stretch download; fix the name of |
| | the parameter used to set the fullname |
| | when generating a preseed file |
| | |
| osmpbf [78] | Rebuild with protobuf 3.6.1 |
| | |
| pam-u2f [79] | Fix insecure debug file handling |
| | [CVE-2019-12209]; fix debug file |
| | descriptor leak [CVE-2019-12210]; fix |
| | out-of-bounds access; fix segfault |
| | following a failure to allocate a buffer |
| | |
| passwordsafe [80] | Install localisation files in the |
| | correct directory |
| | |
| piuparts [81] | Update configurations for the buster |
| | release; fix spurious failure to remove |
| | packages with names ending with '+'; |
| | generate separate tarball names for -- |
| | merged-usr chroots |
| | |
| postgresql-common [82] | Fix "pg_upgradecluster from postgresql- |
| | common 200, 200+deb10u1, 201, and 202 |
| | will corrupt the data_directory setting |
| | when used *twice* to upgrade a cluster |
| | (e.g. 9.6 -> 10 -> 11)" |
| | |
| pulseaudio [83] | Fix mute state restoring |
| | |
| puppet-module- | Fix attempts to write to /etc/init |
| cinder [84] | |
| | |
| python-autobahn [85] | Fix pyqrcode build dependencies |
| | |
| python-django [86] | New upstream security release [CVE-2019- |
| | 12781] |
| | |
| raspi3-firmware [87] | Add support for Raspberry Pi Compute |
| | Module 3 (CM3), Raspberry Pi Compute |
| | Module 3 Lite and Raspberry Pi Compute |
| | Module IO Board V3 |
| | |
| reportbug [88] | Update release names, following buster |
| | release; re-enable stretch-pu requests; |
| | fix crashes with package / version |
| | lookup; add missing dependency on |
| | sensible-utils |
| | |
| ruby-airbrussh [89] | Don't throw exception on invalid UTF-8 |
| | SSH output |
| | |
| sdl-image1.2 [90] | Fix buffer overflows [CVE-2019-5052 |
| | CVE-2019-7635], out-of-bounds access |
| | [CVE-2019-12216 CVE-2019-12217 CVE-2019- |
| | 12218 CVE-2019-12219 CVE-2019-12220 |
| | CVE-2019-12221 CVE-2019-12222 CVE-2019- |
| | 5051] |
| | |
| sendmail [91] | sendmail-bin.postinst, initscript: Let |
| | start-stop-daemon match on pidfile and |
| | executable; sendmail-bin.prerm: Stop |
| | sendmail before removing the |
| | alternatives |
| | |
| slirp4netns [92] | New upstream stable release with |
| | security fixes - check sscanf result |
| | when emulating ident [CVE-2019-9824]; |
| | fixes heap overflow in included libslirp |
| | [CVE-2019-14378] |
| | |
| systemd [93] | Network: Fix failure to bring up |
| | interface with Linux kernel 5.2; ask- |
| | password: Prevent buffer overflow when |
| | reading from keyring; network: Behave |
| | more gracefully when IPv6 has been |
| | disabled |
| | |
| tzdata [94] | New upstream release |
| | |
| unzip [95] | Fix zip bomb issues [CVE-2019-13232] |
| | |
| usb.ids [96] | Routine update of USB IDs |
| | |
| warzone2100 [97] | Fix a segmentation fault when hosting a |
| | multiplayer game |
| | |
| webkit2gtk [98] | New upstream stable version; stop |
| | requiring SSE2-capable CPUs |
| | |
| win32-loader [99] | Rebuild against current packages, |
| | particularly debian-archive-keyring; fix |
| | build failure by enforcing a POSIX |
| | locale |
| | |
| xymon [100] | Fix several (server only) security |
| | issues [CVE-2019-13273 CVE-2019-13274 |
| | CVE-2019-13451 CVE-2019-13452 CVE-2019- |
| | 13455 CVE-2019-13484 CVE-2019-13485 |
| | CVE-2019-13486] |
| | |
| yubikey- | Backport additional security precautions |
| personalization [101] | |
| | |
| z3 [102] | Do not set the SONAME of libz3java.so to |
| | libz3.so.4 |
| | |
+--------------------------+-- ------------------------------ ----------+
1: https://packages.debian.org/sr c:acme-tiny
2: https://packages.debian.org/sr c:android-sdk-meta
3: https://packages.debian.org/sr c:apt-setup
4: https://packages.debian.org/sr c:asterisk
5: https://packages.debian.org/sr c:babeltrace
6: https://packages.debian.org/sr c:backup-manager
7: https://packages.debian.org/sr c:base-files
8: https://packages.debian.org/sr c:basez
9: https://packages.debian.org/sr c:bro
10: https://packages.debian.org/sr c:bzip2
11: https://packages.debian.org/sr c:cacti
12: https://packages.debian.org/sr c:calamares-settings-debian
13: https://packages.debian.org/sr c:ceph
14: https://packages.debian.org/sr c:clamav
15: https://packages.debian.org/sr c:cloudkitty
16: https://packages.debian.org/sr c:console-setup
17: https://packages.debian.org/sr c:cryptsetup
18: https://packages.debian.org/sr c:cups
19: https://packages.debian.org/sr c:dbconfig-common
20: https://packages.debian.org/sr c:debian-edu-config
21: https://packages.debian.org/sr c:debian-edu-doc
22: https://packages.debian.org/sr c:dehydrated
23: https://packages.debian.org/sr c:devscripts
24: https://packages.debian.org/sr c:dma
25: https://packages.debian.org/sr c:dpdk
26: https://packages.debian.org/sr c:dput-ng
27: https://packages.debian.org/sr c:e2fsprogs
28: https://packages.debian.org/sr c:enigmail
29: https://packages.debian.org/sr c:epiphany-browser
30: https://packages.debian.org/sr c:erlang-p1-pkix
31: https://packages.debian.org/sr c:facter
32: https://packages.debian.org/sr c:fdroidserver
33: https://packages.debian.org/sr c:fig2dev
34: https://packages.debian.org/sr c:firmware-nonfree
35: https://packages.debian.org/sr c:freeorion
36: https://packages.debian.org/sr c:fuse-emulator
37: https://packages.debian.org/sr c:fusiondirectory
38: https://packages.debian.org/sr c:gcab
39: https://packages.debian.org/sr c:gdb
40: https://packages.debian.org/sr c:glib2.0
41: https://packages.debian.org/sr c:gnome-bluetooth
42: https://packages.debian.org/sr c:gnome-control-center
43: https://packages.debian.org/sr c:gnupg2
44: https://packages.debian.org/sr c:gnuplot
45: https://packages.debian.org/sr c:gosa
46: https://packages.debian.org/sr c:hfst
47: https://packages.debian.org/sr c:initramfs-tools
48: https://packages.debian.org/sr c:jython
49: https://packages.debian.org/sr c:lacme
50: https://packages.debian.org/sr c:libblockdev
51: https://packages.debian.org/sr c:libdatetime-timezone-perl
52: https://packages.debian.org/sr c:libjavascript-beautifier-per l
53: https://packages.debian.org/sr c:libsdl2-image
54: https://packages.debian.org/sr c:libtk-img
55: https://packages.debian.org/sr c:libxslt
56: https://packages.debian.org/sr c:linux
57: https://packages.debian.org/sr c:linux-latest
58: https://packages.debian.org/sr c:linux-signed-amd64
59: https://packages.debian.org/sr c:linux-signed-arm64
60: https://packages.debian.org/sr c:linux-signed-i386
61: https://packages.debian.org/sr c:lttv
62: https://packages.debian.org/sr c:mapproxy
63: https://packages.debian.org/sr c:mariadb-10.3
64: https://packages.debian.org/sr c:musescore
65: https://packages.debian.org/sr c:ncbi-tools6
66: https://packages.debian.org/sr c:ncurses
67: https://packages.debian.org/sr c:netdata
68: https://packages.debian.org/sr c:newsboat
69: https://packages.debian.org/sr c:nextcloud-desktop
70: https://packages.debian.org/sr c:node-lodash
71: https://packages.debian.org/sr c:node-mixin-deep
72: https://packages.debian.org/sr c:nss
73: https://packages.debian.org/sr c:nx-libs
74: https://packages.debian.org/sr c:open-infrastructure-compute- tools
75: https://packages.debian.org/sr c:open-vm-tools
76: https://packages.debian.org/sr c:openldap
77: https://packages.debian.org/sr c:osinfo-db
78: https://packages.debian.org/sr c:osmpbf
79: https://packages.debian.org/sr c:pam-u2f
80: https://packages.debian.org/sr c:passwordsafe
81: https://packages.debian.org/sr c:piuparts
82: https://packages.debian.org/sr c:postgresql-common
83: https://packages.debian.org/sr c:pulseaudio
84: https://packages.debian.org/sr c:puppet-module-cinder
85: https://packages.debian.org/sr c:python-autobahn
86: https://packages.debian.org/sr c:python-django
87: https://packages.debian.org/sr c:raspi3-firmware
88: https://packages.debian.org/sr c:reportbug
89: https://packages.debian.org/sr c:ruby-airbrussh
90: https://packages.debian.org/sr c:sdl-image1.2
91: https://packages.debian.org/sr c:sendmail
92: https://packages.debian.org/sr c:slirp4netns
93: https://packages.debian.org/sr c:systemd
94: https://packages.debian.org/sr c:tzdata
95: https://packages.debian.org/sr c:unzip
96: https://packages.debian.org/sr c:usb.ids
97: https://packages.debian.org/sr c:warzone2100
98: https://packages.debian.org/sr c:webkit2gtk
99: https://packages.debian.org/sr c:win32-loader
100: https://packages.debian.org/sr c:xymon
101: https://packages.debian.org/sr c:yubikey-personalization
102: https://packages.debian.org/sr c:z3
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+------------ --------------+
| Advisory ID | Package |
+----------------+------------ --------------+
| DSA-4477 [103] | zeromq3 [104] |
| | |
| DSA-4478 [105] | dosbox [106] |
| | |
| DSA-4479 [107] | firefox-esr [108] |
| | |
| DSA-4480 [109] | redis [110] |
| | |
| DSA-4481 [111] | ruby-mini-magick [112] |
| | |
| DSA-4482 [113] | thunderbird [114] |
| | |
| DSA-4483 [115] | libreoffice [116] |
| | |
| DSA-4484 [117] | linux [118] |
| | |
| DSA-4484 [119] | linux-signed-i386 [120] |
| | |
| DSA-4484 [121] | linux-signed-arm64 [122] |
| | |
| DSA-4484 [123] | linux-signed-amd64 [124] |
| | |
| DSA-4486 [125] | openjdk-11 [126] |
| | |
| DSA-4488 [127] | exim4 [128] |
| | |
| DSA-4489 [129] | patch [130] |
| | |
| DSA-4490 [131] | subversion [132] |
| | |
| DSA-4491 [133] | proftpd-dfsg [134] |
| | |
| DSA-4493 [135] | postgresql-11 [136] |
| | |
| DSA-4494 [137] | kconfig [138] |
| | |
| DSA-4495 [139] | linux-signed-amd64 [140] |
| | |
| DSA-4495 [141] | linux-signed-arm64 [142] |
| | |
| DSA-4495 [143] | linux [144] |
| | |
| DSA-4495 [145] | linux-signed-i386 [146] |
| | |
| DSA-4496 [147] | pango1.0 [148] |
| | |
| DSA-4498 [149] | python-django [150] |
| | |
| DSA-4499 [151] | ghostscript [152] |
| | |
| DSA-4501 [153] | libreoffice [154] |
| | |
| DSA-4502 [155] | ffmpeg [156] |
| | |
| DSA-4503 [157] | golang-1.11 [158] |
| | |
| DSA-4504 [159] | vlc [160] |
| | |
| DSA-4505 [161] | nginx [162] |
| | |
| DSA-4507 [163] | squid [164] |
| | |
| DSA-4508 [165] | h2o [166] |
| | |
| DSA-4509 [167] | apache2 [168] |
| | |
| DSA-4510 [169] | dovecot [170] |
| | |
+----------------+------------ --------------+
103: https://www.debian.org/securit y/2019/dsa-4477
104: https://packages.debian.org/sr c:zeromq3
105: https://www.debian.org/securit y/2019/dsa-4478
106: https://packages.debian.org/sr c:dosbox
107: https://www.debian.org/securit y/2019/dsa-4479
108: https://packages.debian.org/sr c:firefox-esr
109: https://www.debian.org/securit y/2019/dsa-4480
110: https://packages.debian.org/sr c:redis
111: https://www.debian.org/securit y/2019/dsa-4481
112: https://packages.debian.org/sr c:ruby-mini-magick
113: https://www.debian.org/securit y/2019/dsa-4482
114: https://packages.debian.org/sr c:thunderbird
115: https://www.debian.org/securit y/2019/dsa-4483
116: https://packages.debian.org/sr c:libreoffice
117: https://www.debian.org/securit y/2019/dsa-4484
118: https://packages.debian.org/sr c:linux
119: https://www.debian.org/securit y/2019/dsa-4484
120: https://packages.debian.org/sr c:linux-signed-i386
121: https://www.debian.org/securit y/2019/dsa-4484
122: https://packages.debian.org/sr c:linux-signed-arm64
123: https://www.debian.org/securit y/2019/dsa-4484
124: https://packages.debian.org/sr c:linux-signed-amd64
125: https://www.debian.org/securit y/2019/dsa-4486
126: https://packages.debian.org/sr c:openjdk-11
127: https://www.debian.org/securit y/2019/dsa-4488
128: https://packages.debian.org/sr c:exim4
129: https://www.debian.org/securit y/2019/dsa-4489
130: https://packages.debian.org/sr c:patch
131: https://www.debian.org/securit y/2019/dsa-4490
132: https://packages.debian.org/sr c:subversion
133: https://www.debian.org/securit y/2019/dsa-4491
134: https://packages.debian.org/sr c:proftpd-dfsg
135: https://www.debian.org/securit y/2019/dsa-4493
136: https://packages.debian.org/sr c:postgresql-11
137: https://www.debian.org/securit y/2019/dsa-4494
138: https://packages.debian.org/sr c:kconfig
139: https://www.debian.org/securit y/2019/dsa-4495
140: https://packages.debian.org/sr c:linux-signed-amd64
141: https://www.debian.org/securit y/2019/dsa-4495
142: https://packages.debian.org/sr c:linux-signed-arm64
143: https://www.debian.org/securit y/2019/dsa-4495
Updated Debian 10: 10.1 released press@debian.org
September 7th, 2019 https://www.debian.org/News/20
------------------------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 10 (codename "buster"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 10 but only updates some of the packages included. There is no
need to throw away old "buster" media. After installation, packages can
be upgraded to the current versions using an up-to-date Debian mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+--
| Package | Reason |
+--------------------------+--
| acme-tiny [1] | Handle upcoming ACME protocol change |
| | |
| android-sdk-meta [2] | New upstream release; fix regex for |
| | adding Debian version to binary packages |
| | |
| apt-setup [3] | Fix preseeding of Secure Apt for local |
| | repositories via apt-setup/localX/ |
| | |
| asterisk [4] | Fix buffer overflow in |
| | res_pjsip_messaging [AST-2019-002 / |
| | CVE-2019-12827]; fix remote Crash |
| | Vulnerability in chan_sip [AST-2019- |
| | 003 / CVE-2019-13161] |
| | |
| babeltrace [5] | Bump ctf symbols depends to post merge |
| | version |
| | |
| backup-manager [6] | Fix purging of remote archives via FTP |
| | or SSH |
| | |
| base-files [7] | Update for the point release |
| | |
| basez [8] | Properly decode base64url encoded |
| | strings |
| | |
| bro [9] | Security fixes [CVE-2018-16807 CVE-2018- |
| | 17019] |
| | |
| bzip2 [10] | Fix regression uncompressing some files |
| | |
| cacti [11] | Fix some issues upgrading from the |
| | version in stretch |
| | |
| calamares-settings- | Fix permissions for initramfs image when |
| debian [12] | full-disk encryption is enabled |
| | [CVE-2019-13179] |
| | |
| ceph [13] | Rebuild against new libbabeltrace |
| | |
| clamav [14] | Prevent extraction of non-recursive zip |
| | bombs; new upstream stable release with |
| | security fixes - add scan time limit to |
| | mitigate against zip-bombs [CVE-2019- |
| | 12625]; fix out-of-bounds write within |
| | the NSIS bzip2 library [CVE-2019-12900] |
| | |
| cloudkitty [15] | Fix build failures with updated |
| | SQLAlchemy |
| | |
| console-setup [16] | Fix internationalization issues when |
| | switching locales with Perl >= 5.28 |
| | |
| cryptsetup [17] | Fix support for LUKS2 headers without |
| | any bound keyslot; fix mapped segments |
| | overflow on 32-bit architectures |
| | |
| cups [18] | Fix multiple security/disclosure issues |
| | - SNMP buffer overflows [CVE-2019-8696 |
| | CVE-2019-8675], IPP buffer overflow, |
| | Denial of Service and memory disclosure |
| | issues in the scheduler |
| | |
| dbconfig-common [19] | Fix issue caused by change in bash POSIX |
| | behaviour |
| | |
| debian-edu-config [20] | Use PXE option "ipappend 2" for LTSP |
| | client boot; fix sudo-ldap |
| | configuration; fix loss of dynamically |
| | allocated v4 IP address; several fixes |
| | and improvements to debian-edu- |
| | config.fetch-ldap-cert |
| | |
| debian-edu-doc [21] | Update Debian Edu Buster and ITIL |
| | manuals and translations |
| | |
| dehydrated [22] | Fix fetching of account information; |
| | follow-up fixes for account ID handling |
| | and APIv1 compatibility |
| | |
| devscripts [23] | debchange: target buster-backports with |
| | --bpo option |
| | |
| dma [24] | Do not limit TLS connections to using |
| | TLS 1.0 |
| | |
| dpdk [25] | New upstream stable release |
| | |
| dput-ng [26] | Add buster-backports and stretch- |
| | backports-sloppy codenames |
| | |
| e2fsprogs [27] | Fix e4defrag crashes on 32-bit |
| | architectures |
| | |
| enigmail [28] | New upstream release; security fixes |
| | [CVE-2019-12269] |
| | |
| epiphany-browser [29] | Ensure that the web extension uses the |
| | bundled copy of libdazzle |
| | |
| erlang-p1-pkix [30] | Fix handling of GnuTLS certificates |
| | |
| facter [31] | Fix parsing of Linux route non-key/value |
| | flags (e.g. onlink) |
| | |
| fdroidserver [32] | New upstream release |
| | |
| fig2dev [33] | Do not segfault on circle/half circle |
| | arrowheads with a magnification larger |
| | than 42 [CVE-2019-14275] |
| | |
| firmware-nonfree [34] | atheros: Add Qualcomm Atheros QCA9377 |
| | rev 1.0 firmware version WLAN.TF.2.1- |
| | 00021-QCARMSWP-1; realtek: Add Realtek |
| | RTL8822CU Bluetooth firmware; atheros: |
| | Revert change of QCA9377 rev 1.0 |
| | firmware in 20180518-1; misc-nonfree: |
| | add firmware for MediaTek MT76x0/MT76x2u |
| | wireless chips, MediaTek MT7622/MT7668 |
| | bluetooth chips, GV100 signed firmware |
| | |
| freeorion [35] | Fix crash when loading or saving game |
| | data |
| | |
| fuse-emulator [36] | Prefer the X11 backend over the Wayland |
| | one; show the Fuse icon on the GTK |
| | window and About dialog |
| | |
| fusiondirectory [37] | Stricter checks on LDAP lookups; add |
| | missing dependency on php-xml |
| | |
| gcab [38] | Fix corruption when extracting |
| | |
| gdb [39] | Rebuild against new libbabeltrace |
| | |
| glib2.0 [40] | Make GKeyFile settings backend create |
| | ~/.config and configuration files with |
| | restrictive permissions [CVE-2019-13012] |
| | |
| gnome-bluetooth [41] | Avoid GNOME Shell crashes when gnome- |
| | shell-extension-bluetooth-quic
| | is used |
| | |
| gnome-control- | Fix crash when the Details -> Overview |
| center [42] | (info-overview) panel is selected; fix |
| | memory leaks in Universal Access panel; |
| | fix a regression that caused the |
| | Universal Access -> Zoom mouse tracking |
| | options to have no effect; updated |
| | Icelandic and Japanese translations |
| | |
| gnupg2 [43] | Backport many bug fixes and stability |
| | patches from upstream; use |
| | keys.openpgp.org as the default |
| | keyserver; only import self-signatures |
| | by default |
| | |
| gnuplot [44] | Fix incomplete/unsafe initialization of |
| | ARGV array |
| | |
| gosa [45] | Stricter checks on LDAP lookups |
| | |
| hfst [46] | Ensure smoother upgrades from stretch |
| | |
| initramfs-tools [47] | Disable resume when there are no |
| | suitable swap devices; MODULES=most: |
| | include all keyboard driver modules, |
| | cros_ec_spi and SPI drivers, extcon- |
| | usbc-cros-ec; MODULES=dep: include |
| | extcon drivers |
| | |
| jython [48] | Preserve backward compatibility with |
| | Java 7 |
| | |
| lacme [49] | Update for removal of unauthenticated |
| | GET support from the Let's Encrypt |
| | ACMEv2 API |
| | |
| libblockdev [50] | Use existing cryptsetup API for changing |
| | keyslot passphrase |
| | |
| libdatetime-timezone- | Update included data |
| perl [51] | |
| | |
| libjavascript- | Add support for "=>" operator |
| beautifier-perl [52] | |
| | |
| libsdl2-image [53] | Fix buffer overflows [CVE-2019-5058 |
| | CVE-2019-5052 CVE-2019-7635]; fix out of |
| | bounds access in PCX handling [CVE-2019- |
| | 12216 CVE-2019-12217 CVE-2019-12218 |
| | CVE-2019-12219 CVE-2019-12220 CVE-2019- |
| | 12221 CVE-2019-12222 CVE-2019-5051] |
| | |
| libtk-img [54] | Stop using internal copies of JPEG, Zlib |
| | and PixarLog codecs, fixing crashes |
| | |
| libxslt [55] | Fix security framework bypass [CVE-2019- |
| | 11068], uninitialized read of xsl:number |
| | token [CVE-2019-13117] and uninitialized |
| | read with UTF-8 grouping chars |
| | [CVE-2019-13118] |
| | |
| linux [56] | New upstream stable release |
| | |
| linux-latest [57] | Update for 4.19.0-6 kernel ABI |
| | |
| linux-signed-amd64 [58] | New upstream stable release |
| | |
| linux-signed-arm64 [59] | New upstream stable release |
| | |
| linux-signed-i386 [60] | New upstream stable release |
| | |
| lttv [61] | Rebuild against new libbabeltrace |
| | |
| mapproxy [62] | Fix WMS Capabilities with Python 3.7 |
| | |
| mariadb-10.3 [63] | New upstream stable release; security |
| | fixes [CVE-2019-2737 CVE-2019-2739 |
| | CVE-2019-2740 CVE-2019-2758 CVE-2019- |
| | 2805]; fix segfault on |
| | 'information_schema' access; rename |
| | 'mariadbcheck' to 'mariadb-check' |
| | |
| musescore [64] | Disable webkit functionality |
| | |
| ncbi-tools6 [65] | Repackage without non-free data/UniVec.* |
| | |
| ncurses [66] | Remove "rep" from xterm-new and |
| | derived terminfo descriptions |
| | |
| netdata [67] | Remove Google Analytics from generated |
| | documentation; opt out of sending |
| | anonymous statistics; remove "sign in" |
| | button |
| | |
| newsboat [68] | Fix use after free issue |
| | |
| nextcloud-desktop [69] | Add missing dependency on nextcloud- |
| | desktop-common to nextcloud-desktop-cmd |
| | |
| node-lodash [70] | Fix prototype pollution [CVE-2019-10744] |
| | |
| node-mixin-deep [71] | Fix prototype pollution issue |
| | |
| nss [72] | Fix security issues [CVE-2019-11719 |
| | CVE-2019-11727 CVE-2019-11729] |
| | |
| nx-libs [73] | Fix a number of memory leaks |
| | |
| open-infrastructure- | Fix container start |
| compute-tools [74] | |
| | |
| open-vm-tools [75] | Correctly handle OS versions of the form |
| | "X" , rather than "X.Y" |
| | |
| openldap [76] | Restrict rootDN proxyauthz to its own |
| | databases [CVE-2019-13057]; enforce |
| | sasl_ssf ACL statement on every |
| | connection [CVE-2019-13565]; fix slapo- |
| | rwm to not free original filter when |
| | rewritten filter is invalid |
| | |
| osinfo-db [77] | Add buster 10.0 information; fix URLs |
| | for stretch download; fix the name of |
| | the parameter used to set the fullname |
| | when generating a preseed file |
| | |
| osmpbf [78] | Rebuild with protobuf 3.6.1 |
| | |
| pam-u2f [79] | Fix insecure debug file handling |
| | [CVE-2019-12209]; fix debug file |
| | descriptor leak [CVE-2019-12210]; fix |
| | out-of-bounds access; fix segfault |
| | following a failure to allocate a buffer |
| | |
| passwordsafe [80] | Install localisation files in the |
| | correct directory |
| | |
| piuparts [81] | Update configurations for the buster |
| | release; fix spurious failure to remove |
| | packages with names ending with '+'; |
| | generate separate tarball names for -- |
| | merged-usr chroots |
| | |
| postgresql-common [82] | Fix "pg_upgradecluster from postgresql- |
| | common 200, 200+deb10u1, 201, and 202 |
| | will corrupt the data_directory setting |
| | when used *twice* to upgrade a cluster |
| | (e.g. 9.6 -> 10 -> 11)" |
| | |
| pulseaudio [83] | Fix mute state restoring |
| | |
| puppet-module- | Fix attempts to write to /etc/init |
| cinder [84] | |
| | |
| python-autobahn [85] | Fix pyqrcode build dependencies |
| | |
| python-django [86] | New upstream security release [CVE-2019- |
| | 12781] |
| | |
| raspi3-firmware [87] | Add support for Raspberry Pi Compute |
| | Module 3 (CM3), Raspberry Pi Compute |
| | Module 3 Lite and Raspberry Pi Compute |
| | Module IO Board V3 |
| | |
| reportbug [88] | Update release names, following buster |
| | release; re-enable stretch-pu requests; |
| | fix crashes with package / version |
| | lookup; add missing dependency on |
| | sensible-utils |
| | |
| ruby-airbrussh [89] | Don't throw exception on invalid UTF-8 |
| | SSH output |
| | |
| sdl-image1.2 [90] | Fix buffer overflows [CVE-2019-5052 |
| | CVE-2019-7635], out-of-bounds access |
| | [CVE-2019-12216 CVE-2019-12217 CVE-2019- |
| | 12218 CVE-2019-12219 CVE-2019-12220 |
| | CVE-2019-12221 CVE-2019-12222 CVE-2019- |
| | 5051] |
| | |
| sendmail [91] | sendmail-bin.postinst, initscript: Let |
| | start-stop-daemon match on pidfile and |
| | executable; sendmail-bin.prerm: Stop |
| | sendmail before removing the |
| | alternatives |
| | |
| slirp4netns [92] | New upstream stable release with |
| | security fixes - check sscanf result |
| | when emulating ident [CVE-2019-9824]; |
| | fixes heap overflow in included libslirp |
| | [CVE-2019-14378] |
| | |
| systemd [93] | Network: Fix failure to bring up |
| | interface with Linux kernel 5.2; ask- |
| | password: Prevent buffer overflow when |
| | reading from keyring; network: Behave |
| | more gracefully when IPv6 has been |
| | disabled |
| | |
| tzdata [94] | New upstream release |
| | |
| unzip [95] | Fix zip bomb issues [CVE-2019-13232] |
| | |
| usb.ids [96] | Routine update of USB IDs |
| | |
| warzone2100 [97] | Fix a segmentation fault when hosting a |
| | multiplayer game |
| | |
| webkit2gtk [98] | New upstream stable version; stop |
| | requiring SSE2-capable CPUs |
| | |
| win32-loader [99] | Rebuild against current packages, |
| | particularly debian-archive-keyring; fix |
| | build failure by enforcing a POSIX |
| | locale |
| | |
| xymon [100] | Fix several (server only) security |
| | issues [CVE-2019-13273 CVE-2019-13274 |
| | CVE-2019-13451 CVE-2019-13452 CVE-2019- |
| | 13455 CVE-2019-13484 CVE-2019-13485 |
| | CVE-2019-13486] |
| | |
| yubikey- | Backport additional security precautions |
| personalization [101] | |
| | |
| z3 [102] | Do not set the SONAME of libz3java.so to |
| | libz3.so.4 |
| | |
+--------------------------+--
1: https://packages.debian.org/sr
2: https://packages.debian.org/sr
3: https://packages.debian.org/sr
4: https://packages.debian.org/sr
5: https://packages.debian.org/sr
6: https://packages.debian.org/sr
7: https://packages.debian.org/sr
8: https://packages.debian.org/sr
9: https://packages.debian.org/sr
10: https://packages.debian.org/sr
11: https://packages.debian.org/sr
12: https://packages.debian.org/sr
13: https://packages.debian.org/sr
14: https://packages.debian.org/sr
15: https://packages.debian.org/sr
16: https://packages.debian.org/sr
17: https://packages.debian.org/sr
18: https://packages.debian.org/sr
19: https://packages.debian.org/sr
20: https://packages.debian.org/sr
21: https://packages.debian.org/sr
22: https://packages.debian.org/sr
23: https://packages.debian.org/sr
24: https://packages.debian.org/sr
25: https://packages.debian.org/sr
26: https://packages.debian.org/sr
27: https://packages.debian.org/sr
28: https://packages.debian.org/sr
29: https://packages.debian.org/sr
30: https://packages.debian.org/sr
31: https://packages.debian.org/sr
32: https://packages.debian.org/sr
33: https://packages.debian.org/sr
34: https://packages.debian.org/sr
35: https://packages.debian.org/sr
36: https://packages.debian.org/sr
37: https://packages.debian.org/sr
38: https://packages.debian.org/sr
39: https://packages.debian.org/sr
40: https://packages.debian.org/sr
41: https://packages.debian.org/sr
42: https://packages.debian.org/sr
43: https://packages.debian.org/sr
44: https://packages.debian.org/sr
45: https://packages.debian.org/sr
46: https://packages.debian.org/sr
47: https://packages.debian.org/sr
48: https://packages.debian.org/sr
49: https://packages.debian.org/sr
50: https://packages.debian.org/sr
51: https://packages.debian.org/sr
52: https://packages.debian.org/sr
53: https://packages.debian.org/sr
54: https://packages.debian.org/sr
55: https://packages.debian.org/sr
56: https://packages.debian.org/sr
57: https://packages.debian.org/sr
58: https://packages.debian.org/sr
59: https://packages.debian.org/sr
60: https://packages.debian.org/sr
61: https://packages.debian.org/sr
62: https://packages.debian.org/sr
63: https://packages.debian.org/sr
64: https://packages.debian.org/sr
65: https://packages.debian.org/sr
66: https://packages.debian.org/sr
67: https://packages.debian.org/sr
68: https://packages.debian.org/sr
69: https://packages.debian.org/sr
70: https://packages.debian.org/sr
71: https://packages.debian.org/sr
72: https://packages.debian.org/sr
73: https://packages.debian.org/sr
74: https://packages.debian.org/sr
75: https://packages.debian.org/sr
76: https://packages.debian.org/sr
77: https://packages.debian.org/sr
78: https://packages.debian.org/sr
79: https://packages.debian.org/sr
80: https://packages.debian.org/sr
81: https://packages.debian.org/sr
82: https://packages.debian.org/sr
83: https://packages.debian.org/sr
84: https://packages.debian.org/sr
85: https://packages.debian.org/sr
86: https://packages.debian.org/sr
87: https://packages.debian.org/sr
88: https://packages.debian.org/sr
89: https://packages.debian.org/sr
90: https://packages.debian.org/sr
91: https://packages.debian.org/sr
92: https://packages.debian.org/sr
93: https://packages.debian.org/sr
94: https://packages.debian.org/sr
95: https://packages.debian.org/sr
96: https://packages.debian.org/sr
97: https://packages.debian.org/sr
98: https://packages.debian.org/sr
99: https://packages.debian.org/sr
100: https://packages.debian.org/sr
101: https://packages.debian.org/sr
102: https://packages.debian.org/sr
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+------------
| Advisory ID | Package |
+----------------+------------
| DSA-4477 [103] | zeromq3 [104] |
| | |
| DSA-4478 [105] | dosbox [106] |
| | |
| DSA-4479 [107] | firefox-esr [108] |
| | |
| DSA-4480 [109] | redis [110] |
| | |
| DSA-4481 [111] | ruby-mini-magick [112] |
| | |
| DSA-4482 [113] | thunderbird [114] |
| | |
| DSA-4483 [115] | libreoffice [116] |
| | |
| DSA-4484 [117] | linux [118] |
| | |
| DSA-4484 [119] | linux-signed-i386 [120] |
| | |
| DSA-4484 [121] | linux-signed-arm64 [122] |
| | |
| DSA-4484 [123] | linux-signed-amd64 [124] |
| | |
| DSA-4486 [125] | openjdk-11 [126] |
| | |
| DSA-4488 [127] | exim4 [128] |
| | |
| DSA-4489 [129] | patch [130] |
| | |
| DSA-4490 [131] | subversion [132] |
| | |
| DSA-4491 [133] | proftpd-dfsg [134] |
| | |
| DSA-4493 [135] | postgresql-11 [136] |
| | |
| DSA-4494 [137] | kconfig [138] |
| | |
| DSA-4495 [139] | linux-signed-amd64 [140] |
| | |
| DSA-4495 [141] | linux-signed-arm64 [142] |
| | |
| DSA-4495 [143] | linux [144] |
| | |
| DSA-4495 [145] | linux-signed-i386 [146] |
| | |
| DSA-4496 [147] | pango1.0 [148] |
| | |
| DSA-4498 [149] | python-django [150] |
| | |
| DSA-4499 [151] | ghostscript [152] |
| | |
| DSA-4501 [153] | libreoffice [154] |
| | |
| DSA-4502 [155] | ffmpeg [156] |
| | |
| DSA-4503 [157] | golang-1.11 [158] |
| | |
| DSA-4504 [159] | vlc [160] |
| | |
| DSA-4505 [161] | nginx [162] |
| | |
| DSA-4507 [163] | squid [164] |
| | |
| DSA-4508 [165] | h2o [166] |
| | |
| DSA-4509 [167] | apache2 [168] |
| | |
| DSA-4510 [169] | dovecot [170] |
| | |
+----------------+------------
103: https://www.debian.org/securit
104: https://packages.debian.org/sr
105: https://www.debian.org/securit
106: https://packages.debian.org/sr
107: https://www.debian.org/securit
108: https://packages.debian.org/sr
109: https://www.debian.org/securit
110: https://packages.debian.org/sr
111: https://www.debian.org/securit
112: https://packages.debian.org/sr
113: https://www.debian.org/securit
114: https://packages.debian.org/sr
115: https://www.debian.org/securit
116: https://packages.debian.org/sr
117: https://www.debian.org/securit
118: https://packages.debian.org/sr
119: https://www.debian.org/securit
120: https://packages.debian.org/sr
121: https://www.debian.org/securit
122: https://packages.debian.org/sr
123: https://www.debian.org/securit
124: https://packages.debian.org/sr
125: https://www.debian.org/securit
126: https://packages.debian.org/sr
127: https://www.debian.org/securit
128: https://packages.debian.org/sr
129: https://www.debian.org/securit
130: https://packages.debian.org/sr
131: https://www.debian.org/securit
132: https://packages.debian.org/sr
133: https://www.debian.org/securit
134: https://packages.debian.org/sr
135: https://www.debian.org/securit
136: https://packages.debian.org/sr
137: https://www.debian.org/securit
138: https://packages.debian.org/sr
139: https://www.debian.org/securit
140: https://packages.debian.org/sr
141: https://www.debian.org/securit
142: https://packages.debian.org/sr
143: https://www.debian.org/securit
...
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου