Last week, the Debian team released Debian 10.2 as the latest point release to the “Buster” series. This release includes a number of bug fixes and security updates. In addition, starting this release Firefox ESR (Extended Support Release) is no longer supported on the ARMEL variant of Debian.
Key updates in Debian 10.2
Some of the security fixes added in Debian 10.2 are:
- Apache2: These five vulnerabilities reported in the Apache HTTPD server are fixed: CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098.
- Nghttp2: Two vulnerabilities, CVE-2019-9511 and CVE-2019-9513 found in the HTTP/2 code of the nghttp2 HTTP server are fixed.
- PHP 7.3: In PHP five security issues were fixed that could result in information disclosure or denial of service. These were CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042.
- Linux: In the Linux kernel five security issues were fixed that may have otherwise lead to a privilege escalation, denial of service, or information leaks. These were CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902.
- Thunderbird: The security issues reported in Thunderbird could have potentially resulted in the execution of arbitrary code, cross-site scripting, and information disclosure. These are tracked as CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752.
Debian 10.2 brings several new bug fixes for some popular packages, some of which are:
- Emacs: The European Patent Litigation Agreement (EPLA) key is now updated.
- Flatpak: Debian 10.2 includes the new upstream stable release of Flatpak, a tool for building and distributing desktop applications on Linux.
- GNOME Shell: In addition to including the new upstream stable release of GNOME Shell, this release fixes truncation of long messages in Shell-modal dialogs and avoids crash on the reallocation of dead actors
- LibreOffice: The PostgreSQL driver with PostgreSQL 12 is now fixed.
- Systemd: Starting from Debian 10.2, the reload failure does not get propagated to service results. The ‘sync_file_range’ failures in nspawn containers on ARM and PPC systems are fixed.
- uBlock: The uBlock adblocker is updated to its new upstream version and is compatible with Firefox ESR68.
These were some of the updates in Debian 10.2. Check out the official announcement by the Debian team to know what else has shipped in this release.