Release 2023_021 (2023-08-29)#

Impact#

  • [NixOS 23.05] Machines will reboot after the update to activate the changed kernel.

  • [NixOS 21.05] Machines will schedule a reboot to activate the changed kernel.

NixOS 23.05 platform#

  • Pull upstream NixOS changes, security fixes and package updates: (PL-131687, PL-131688)

    • cacert: 3.90 -> 3.92

    • element-web: 1.11.36 -> 1.11.38

    • gitlab-container-registry: 3.77.0 -> 3.79.0

    • go_1_19: 1.19.10 -> 1.19.12 (CVE-2023-29409)

    • go_1_20: 1.20.6 -> 1.20.7 (CVE-2023-29409)

    • linux: 6.1.43 -> 6.1.45

      • Fixes Inception (AMD) and Downfall (Intel) CPU vulnerabilities.

    • matrix-synapse: 1.89.0 -> 1.90.0

    • nix: 2.13.3 -> 2.13.5

    • nodejs_16: 16.20.1 -> 16.20.2 (CVE-2023-32002, CVE-2023-32006, CVE-2023-32559)

    • nodejs_18: 18.61.1 -> 18.17.1 (CVE-2023-32002, CVE-2023-32006, CVE-2023-32559)

    • nodejs_20: 20.3.1 -> 20.5.1 (CVE-2023-32002, CVE-2023-32004, CVE-2023-32006, CVE-2023-32558, …)

    • openssl: 3.0.9 -> 3.0.10 (CVE-2023-3817, CVE-2023-3446, CVE-2023-2975)

    • php82: 8.2.7 -> 8.2.9

    • postgresql_11: 11.20 -> 11.21 (CVE-2023-39417)

    • postgresql_12: 12.15 -> 12.16 (CVE-2023-39417)

    • postgresql_13: 13.11 -> 13.12 (CVE-2023-39417)

    • postgresql_14: 14.8 -> 14.9 (CVE-2023-39417)

    • postgresql_15: 15.3 -> 15.4 (CVE-2023-39417, CVE-2023-3941)

    • Note for all postgresql versions: If you use BRIN indexes to look up NULL values, you will need to reindex them after upgrading to this release.

    • qemu: 8.0.2 -> 8.0.3

    • sysstat: add patch for CVE-2023-33204

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/291513/download/1/nixexprs.tar.xz

NixOS 21.05 platform#

Detailed Changes#