ClickCease Debian 11.7 Arrived with 100+ Security Updates and 90+ Bug Fixes

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Debian 11.7 Arrived with 100+ Security Updates and 90+ Bug Fixes

Rohan Timalsina

May 17, 2023 - TuxCare expert team

The Debian Project has made an announcement about the release of Debian 11.7, which is now publicly available. This release marks the seventh ISO update to the Bullseye series of Debian GNU/Linux 11. The update for Debian 11.7 has arrived more than four months after Debian 11.6.

With the latest installation media, users who want to install the Debian GNU/Linux 11 “Bullseye” operating system on new computers do not have to worry about downloading numerous updates from the repositories post-installation.

 

Debian 11.7: Security Updates and Bug Fixes

Debian 11.7 contains all security and software updates that have been released since December 17th, 2022 (Debian GNU/Linux 11.6 released) up to the present time. In total, Debian 11.7 has 102 security updates and miscellaneous bug fixes for 92 packages.

This stable update addresses eight denials of service issues:

CVE-2021-3468

A vulnerability was found in the Avahi package in versions 0.6 up to 0.8. The event that signals the end of a client connection on the Avahi Unix socket is not properly managed in the client_work function. This can result in an infinite loop when triggered by a local attacker. The highest risk associated with this flaw is the unresponsiveness of the Avahi service after the vulnerability is triggered.

CVE-2022-4904

A vulnerability was discovered in the c-ares package where the ares_set_sortlist lacks proper checks for the validity of the input string, resulting in a possible arbitrary length stack overflow. This flaw may also cause a denial of service or a limited impact on confidentiality and integrity.

CVE-2023-25153

This is a vulnerability found in the containerd package when importing an OCI image. It is because prior to versions 1.6.18 and 1.5.18, there was no limit on the number of bytes read for specific files when importing an OCI image. As a result, a maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This flaw has been fixed in the containerd versions 1.6.18 and 1.5.18.

CVE-2022-25857

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS). This is because the package lacks a nested depth limitation for collections.

CVE-2022-38749, CVE-2022-38750, CVE-2022-38751

These flaws were also discovered in the snakeyaml package. snakeYAML may be vulnerable to Denial of Service (DOS) attacks when used to parse untrusted YAML files. If the parser is processing user-supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in the format_timespan() function of time-util.c. As a result, an attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Visit the release announcement page for detailed information about all security updates and bug fixes.

 

Removed Packages in Debian 11.7

Some packages that have been removed in this update are:

  • Bind-dyndb-ldap (Broken with newer bind9 versions)
  • python-matrix-nio (Removed due to security issues)
  • matrix-mirage (Depends on python-matrix-nio)
  • pantalaimon (Depends on python-matrix-nio)
  • matrix-mirage (Depends on python-matrix-nio)
  • weechat-matrix (Depends on python-matrix-nio)

 

Conclusion

The Debian Project claims that this Debian Bullseye point release simply updates a few of the included packages and does not represent a new version of Debian GNU/Linux 11. Hence, Debian 11.7 is a maintenance release that brings a significant number of bug fixes (92) and security updates (102).

For those who are looking ahead to Debian 12 “Bookworm”, it is set to be released on June 10th. This new version is expected to include a refreshed set of software in its repositories, as well as Linux kernel 6.1 LTS and ongoing support until 2028.

As a system administrator, it becomes crucial to maintain kernel security and ensure 100% uptime of the system. So, TuxCare offers a KernelCare Enterprise solution that can live patch all popular enterprise distributions, including CentOS, AlmaLinux, Debian, Ubuntu, Oracle Linux, Red Hat, and more.

Learn more about how KernelCare’s live patching works.

 

The sources for this article include a story from 9to5Linux.

Summary
Debian 11.7 Arrived with 100+ Security Updates and 90+ Bug Fixes
Article Name
Debian 11.7 Arrived with 100+ Security Updates and 90+ Bug Fixes
Description
Debian 11.7, the seventh ISO update to the Bullseye series, is a maintenance release that brings 102 security updates and 92 bug fixes.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter