1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
#use wml::debian::translation-check translation="9d41ab1625a3bbe9bf95b782d91e91b766a3f664" maintainer="Giuseppe Sacco"
<define-tag pagetitle>Aggiornata Debian 11: rialscio di 11.9</define-tag>
<define-tag release_date>2024-02-10</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>11</define-tag>
<define-tag codename>bullseye</define-tag>
<define-tag revision>11.9</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p));
}
print join (", ", @p);
:></td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag>
<p>Il progetto Debian è felice di annunciare il quarto aggiornamento
della distribuzione stabile Debian <release> (nome in codice <q><codename></q>).
Questo aggiornamento minore aggiunge soluzioni di problemi di sicurezza, oltre
ad alcune correzioni per problemi seri. I bollettini della sicurezza sono già
stati pubblicati separatamente e sono qui elencati dove possibile.</p>
<p>Notare che questo rilascio minore non è una nuova versione di Debian <release>
ma solo un aggiornamento di alcuni pacchetti che ne fanno parte. Non è necessario
buttare via il vecchio supporto di installazione di <q><codename></q>. Dopo
l'installazione i pacchetti verranno aggiornati alle ultime versioni usando uno
qualsiasi dei mirror Debian aggiornati.</p>
<p>Coloro che aggiornano il sistema frequentemente tramite security.debian.org
non avranno molti pacchetti da aggiornare, e molti di questi sono inclusi nel
rilascio minore.</p>
<p>Nuove immagini per l'installazione saranno presto disponibili nelle posizioni usuali.</p>
<p>Aggiornare una installazione esistente a questa revisione, può essere fatto
configurando il sistema di gestione dei pacchetti per puntare ad uno dei tanti
mirror HTTP Debian. Un elenco completo di questi mirror è disponibile qui:</p>
<div class="center">
<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>
<h2>Risoluzione di problemi vari</h2>
<p>L'aggiornamento della stable precedente aggiunge alcune importanti
correzioni ai seguenti pacchetti (in inglese):</p>
<table border=0>
<tr><th>Pacchetto</th> <th>Motivo</th></tr>
<correction axis "Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743]">
<correction base-files "Update for the 11.9 point release">
<correction cifs-utils "Fix non-parallel builds">
<correction compton "Remove recommendation of picom">
<correction conda-package-handling "Skip unreliable tests">
<correction conmon "Do not hang when forwarding container stdout/stderr with lots of output">
<correction crun "Fix containers with systemd as their init system, when using newer kernel versions">
<correction debian-installer "Increase Linux kernel ABI to 5.10.0-28; rebuild against proposed-updates">
<correction debian-installer-netboot-images "Rebuild against proposed-updates">
<correction debian-ports-archive-keyring "Add Debian Ports Archive Automatic Signing Key (2025)">
<correction debian-security-support "Mark tor, consul and xen as end-of-life; limit samba support to non-AD DC use cases; match golang packages with regular expression; drop version-based checking; add chromium to security-support-ended.deb11; add tiles and libspring-java to security-support-limited">
<correction debootstrap "Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles">
<correction distro-info "Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date">
<correction distro-info-data "Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates">
<correction dpdk "New upstream stable release">
<correction dropbear "Fix security measure bypass issue [CVE-2021-36369]; fix <q>terrapin</q> attack [CVE-2023-48795]">
<correction exuberant-ctags "Fix arbitrary command execution issue [CVE-2022-4515]">
<correction filezilla "Prevent <q>terrapin</q> exploit [CVE-2023-48795]">
<correction gimp "Remove old versions of separately packaged dds plugin">
<correction glib2.0 "Align with upstream stable fixes; fix denial of service issues [CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 CVE-2023-32636]">
<correction glibc "Fix a memory corruption in <q>qsort()</q> when using nontransitive comparison functions.">
<correction gnutls28 "Security fix for timing sidechannel attack [CVE-2023-5981]">
<correction imagemagick "Various security fixes [CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546]">
<correction jqueryui "Fix cross-site scripting issue [CVE-2022-31160]">
<correction knewstuff "Ensure correct ProvidersUrl to fix denial of service">
<correction libdatetime-timezone-perl "Update included timezone data">
<correction libde265 "Fix segmentation violation in the function <q>decoder_context::process_slice_segment_header</q> [CVE-2023-27102]; fix heap buffer overflow in the function <q>derive_collocated_motion_vectors</q> [CVE-2023-27103]; fix buffer over-read in <q>pic_parameter_set::dump</q> [CVE-2023-43887]; fix buffer overflow in the <q>slice_segment_header</q> function [CVE-2023-47471]; fix buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]">
<correction libmateweather "Update included location data; update data server URL">
<correction libpod "Fix incorrect handling of supplementary groups [CVE-2022-2989]">
<correction libsolv "Enable zstd compression support">
<correction libspreadsheet-parsexlsx-perl "Fix possible memory bomb [CVE-2024-22368]; fix XML External Entity issue [CVE-2024-23525]">
<correction linux "New upstream stable release; increase ABI to 28">
<correction linux-signed-amd64 "New upstream stable release; increase ABI to 28">
<correction linux-signed-arm64 "New upstream stable release; increase ABI to 28">
<correction linux-signed-i386 "New upstream stable release; increase ABI to 28">
<correction llvm-toolchain-16 "New backported package to support builds of newer chromium versions; build-dep on <q>llvm-spirv</q> instead of <q>llvm-spirv-16</q>">
<correction mariadb-10.5 "New upstream stable release; fix denial of service issue [CVE-2023-22084]">
<correction minizip "Reject overflows of zip header fields [CVE-2023-45853]">
<correction modsecurity-apache "Fix protection bypass issues [CVE-2022-48279 CVE-2023-24021]">
<correction nftables "Fix incorrect bytecode generation">
<correction node-dottie "Fix prototype pollution issue [CVE-2023-26132]">
<correction node-url-parse "Fix authorisation bypass issue [CVE-2022-0512]">
<correction node-xml2js "Fix prototype pollution issue [CVE-2023-0842]">
<correction nvidia-graphics-drivers "New upstream release [CVE-2023-31022]">
<correction nvidia-graphics-drivers-tesla-470 "New upstream release [CVE-2023-31022]">
<correction opendkim "Properly delete Authentication-Results headers [CVE-2022-48521]">
<correction perl "Prevent buffer overflow via illegal Unicode property [CVE-2023-47038]">
<correction plasma-desktop "Fix denial of service bug in discover">
<correction plasma-discover "Fix denial of service bug; fix build failure">
<correction postfix "New upstream stable release; address SMTP smuggling issue [CVE-2023-51764]">
<correction postgresql-13 "New upstream stable release; fix SQL injection issue [CVE-2023-39417]">
<correction postgresql-common "Fix autopkgtests">
<correction python-cogent "Skip parallel tests on single-CPU systems">
<correction python-django-imagekit "Avoid triggering path traversal detection in tests">
<correction python-websockets "Fix predictable duration issue [CVE-2021-33880]">
<correction pyzoltan "Build on single core systems">
<correction ruby-aws-sdk-core "Include VERSION file in package">
<correction spip "Fix cross-site scripting issue">
<correction swupdate "Prevent acquiring root privileges through inappropriate socket mode">
<correction symfony "Ensure CodeExtension's filters properly escape their input [CVE-2023-46734]">
<correction tar "Fix boundary checking in base-256 decoder [CVE-2022-48303], handling of extended header prefixes [CVE-2023-39804]">
<correction tinyxml "Fix assertion issue [CVE-2023-34194]">
<correction tzdata "Update included timezone data">
<correction unadf "Fix stack buffer overflow issue [CVE-2016-1243]; fix arbitary code execution issue [CVE-2016-1244]">
<correction usb.ids "Update included data list">
<correction vlfeat "Fix FTBFS with newer ImageMagick">
<correction weborf "Fix denial of service issue">
<correction wolfssl "Fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], key disclosure issue [CVE-2022-42961], predictable buffer in input keying material [CVE-2023-3724]">
<correction xerces-c "Fix use-after-free issue [CVE-2018-1311]; fix integer overflow issue [CVE-2023-37536]">
<correction zeromq3 "Fix <q>fork()</q> detection with gcc 7; update copyright relicense statement">
</table>
<h2>Aggiornamenti della sicurezza</h2>
<p>Questa revisione contiene i seguenti aggiornamenti per la sicurezza del
rilascio stabile precedente. Il gruppo della sicurezza ha già rilasciato i
bollettini per ciascuno di questi aggionamenti::</p>
<table border=0>
<tr><th>ID del bollettino</th> <th>Pacchetto</th></tr>
<dsa 2023 5496 firefox-esr>
<dsa 2023 5499 chromium>
<dsa 2023 5506 firefox-esr>
<dsa 2023 5508 chromium>
<dsa 2023 5509 firefox-esr>
<dsa 2023 5511 mosquitto>
<dsa 2023 5512 exim4>
<dsa 2023 5513 thunderbird>
<dsa 2023 5514 glibc>
<dsa 2023 5515 chromium>
<dsa 2023 5516 libxpm>
<dsa 2023 5517 libx11>
<dsa 2023 5518 libvpx>
<dsa 2023 5519 grub-efi-amd64-signed>
<dsa 2023 5519 grub-efi-arm64-signed>
<dsa 2023 5519 grub-efi-ia32-signed>
<dsa 2023 5519 grub2>
<dsa 2023 5520 mediawiki>
<dsa 2023 5522 tomcat9>
<dsa 2023 5523 curl>
<dsa 2023 5524 libcue>
<dsa 2023 5526 chromium>
<dsa 2023 5527 webkit2gtk>
<dsa 2023 5528 node-babel7>
<dsa 2023 5530 ruby-rack>
<dsa 2023 5531 roundcube>
<dsa 2023 5533 gst-plugins-bad1.0>
<dsa 2023 5534 xorg-server>
<dsa 2023 5535 firefox-esr>
<dsa 2023 5536 chromium>
<dsa 2023 5537 openjdk-11>
<dsa 2023 5538 thunderbird>
<dsa 2023 5539 node-browserify-sign>
<dsa 2023 5540 jetty9>
<dsa 2023 5542 request-tracker4>
<dsa 2023 5543 open-vm-tools>
<dsa 2023 5544 zookeeper>
<dsa 2023 5545 vlc>
<dsa 2023 5546 chromium>
<dsa 2023 5547 pmix>
<dsa 2023 5548 openjdk-17>
<dsa 2023 5549 trafficserver>
<dsa 2023 5550 cacti>
<dsa 2023 5551 chromium>
<dsa 2023 5554 postgresql-13>
<dsa 2023 5556 chromium>
<dsa 2023 5557 webkit2gtk>
<dsa 2023 5558 netty>
<dsa 2023 5560 strongswan>
<dsa 2023 5561 firefox-esr>
<dsa 2023 5563 intel-microcode>
<dsa 2023 5564 gimp>
<dsa 2023 5565 gst-plugins-bad1.0>
<dsa 2023 5566 thunderbird>
<dsa 2023 5567 tiff>
<dsa 2023 5569 chromium>
<dsa 2023 5570 nghttp2>
<dsa 2023 5571 rabbitmq-server>
<dsa 2023 5572 roundcube>
<dsa 2023 5573 chromium>
<dsa 2023 5574 libreoffice>
<dsa 2023 5576 xorg-server>
<dsa 2023 5577 chromium>
<dsa 2023 5579 freeimage>
<dsa 2023 5581 firefox-esr>
<dsa 2023 5582 thunderbird>
<dsa 2023 5584 bluez>
<dsa 2023 5585 chromium>
<dsa 2023 5586 openssh>
<dsa 2023 5587 curl>
<dsa 2023 5588 putty>
<dsa 2023 5590 haproxy>
<dsa 2023 5591 libssh>
<dsa 2023 5592 libspreadsheet-parseexcel-perl>
<dsa 2024 5594 linux-signed-amd64>
<dsa 2024 5594 linux-signed-arm64>
<dsa 2024 5594 linux-signed-i386>
<dsa 2024 5594 linux>
<dsa 2024 5595 chromium>
<dsa 2024 5597 exim4>
<dsa 2024 5598 chromium>
<dsa 2024 5599 phpseclib>
<dsa 2024 5600 php-phpseclib>
<dsa 2024 5602 chromium>
<dsa 2024 5603 xorg-server>
<dsa 2024 5604 openjdk-11>
<dsa 2024 5605 thunderbird>
<dsa 2024 5606 firefox-esr>
<dsa 2024 5608 gst-plugins-bad1.0>
<dsa 2024 5613 openjdk-17>
<dsa 2024 5614 zbar>
<dsa 2024 5615 runc>
</table>
<h2>Pacchetti rimossi</h2>
<p>Il seguente pacchetto è stato rimosso dalla distribuzione:</p>
<table border=0>
<tr><th>Pacchetto</th> <th>Motivo</th></tr>
<correction gimp-dds "Integrated in gimp >=2.10">
</table>
<h2>Istallatore Debian</h2>
<p>La procedura di installazione è stata aggiornata per includere le
correzioni presenti in questo aggiornamento della stable precedente.</p>
<h2>URL</h2>
<p>L'elenco completo dei pacchetti cambiati in questa revisione:</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>La distribuzione stable precedente:</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/oldstable/">
</div>
<p>Aggiornamenti proposti per la distribuzione stable precedente</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/oldstable-proposed-updates">
</div>
<p>Informazioni sulla distribuzione stable precedente (note di rilascio, errata, etc.):</p>
<div class="center">
<a
href="$(HOME)/releases/oldstable/">https://www.debian.org/releases/oldstable/</a>
</div>
<p>Annunci e informazioni della sicurezza:</p>
<div class="center">
<a href="$(HOME)/security/">https://www.debian.org/security/</a>
</div>
<h2>Su Debian</h2>
<p>Il progetto Debian è una associazione di sviluppatori di software libero
che volontariamente offrono il loro tempo e il loro lavoro per produrre il
sistema operativo completamente libero Debian.</p>
<h2>Contatti</h2>
<p>Per maggiori informazioni visitare le pagine web Debian
<a href="$(HOME)/">https://www.debian.org/</a>, mandare un email a
<press@debian.org> o contattare il gruppo del rilascio stabile a
<debian-release@lists.debian.org>.</p>
|
