Release 2024_008 (2024-03-05)

Impact

  • [NixOS 23.11] Many services will restart due to a core dependency change.

NixOS 23.11 platform

  • Pull upstream NixOS changes, security fixes and package updates (PL-132245):

    • bind: 9.18.19 -> 9.18.24 (CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387, CVE-2023-50868)

    • chromedriver: 121.0.6167.85 -> 122.0.6261.69

    • chromium: 121.0.6167.160 -> 122.0.6261.69

    • element-web: 1.11.57 -> 1.11.58

    • firefox: 122.0.1 -> 123.0

    • grafana: 10.2.2 -> 10.2.4 (CVE-2023-6152)

    • glibc: 2.38-27 -> 2.38-44 (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780)

    • gnupg: 2.4.1 -> 2.4.4

    • grafana: 10.2.2 -> 10.2.4, fix CVE-2023-6152

    • imagemagick: 7.1.1-26 -> 7.1.1-27

    • libxml2: 2.11.5 → 2.11.7

    • linux_5_15: 5.15.148 -> 5.15.149

    • mastodon: 4.2.7 -> 4.2.8

    • matomo: 4.15.1 -> 4.16.1

    • matrix-synapse: 1.100.0 -> 1.101.0

    • nginxMainline: 1.25.3 -> 1.25.4

    • nss_latest: 3.97 -> 3.98 (CVE-2023-5388)

    • openssl_3: 3.0.12 -> 3.0.13 (CVE-2024-0727, CVE-2023-6237, CVE-2023-6129, CVE-2023-5678)

    • percona80: 8.0.34-26 -> 8.0.35-27

    • php82: 8.2.15 -> 8.2.16

    • phpPackages.composer: apply patch for CVE-2024-24821

    • python3Packages.pillow: 10.1.0 -> 10.2.0

    • zip: fix buffer overflow on Unicode path names

  • gitlab: send the Content-Security-Header by default (PL-132241).

  • webproxy add support for multiple definitions of extra command line arguments to Varnish in the flyingcircus.services.varnish.extraCommandLine option. Multiple definitions will be merged as a space-separated string into the command line passed to the varnishd process (PL-132136).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/386429/download/1/nixexprs.tar.xz

Detailed Changes