Release 2024_019 (2024-06-24)

Impact

• [NixOS 23.11] Machines will schedule a maintenance reboot to activate the updated kernel.

NixOS 23.11 platform

• Pull upstream NixOS changes, security fixes and package updates (PL-132692):

  • asterisk: 20.5.2 -> 20.8.1 (CVE-2024-35190)

  • chromedriver: 125.0.6422.78 -> 125.0.6422.141

  • chromium: 125.0.6422.112 -> 125.0.6422.141

  • git: 2.42.0 -> 2.42.2 (CVE-2024-32002, CVE-2024-32004, CVE-2024-32465, CVE-2024-32020, CVE-2024-32021)

  • gitlab: 16.10.6 -> 16.10.7

  • glibc: 2.38-66 -> 2.38-77 (CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)

  • github-runner: 2.316.1 -> 2.317.0

  • go: 1.21.9 -> 1.21.10

  • grafana: 10.2.6 -> 10.2.7

  • libxml2: 2.11.7 -> 2.11.8 (CVE-2024-34459)

  • linux_5_15: 5.15.159 -> 5.15.160

  • mastodon: 4.2.8 -> 4.2.9

  • matrix-synapse: 1.107.0 -> 1.108.0

  • nginxMainline: 1.25.4 -> 1.25.5 (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161)

  • nss_latest: 3.100 -> 3.101

  • php81: 8.1.28 -> 8.1.29 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

  • php82: 8.2.19 -> 8.2.20 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

  • php83: 8.3.7 -> 8.3.8 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

  • phpPackages.composer: 2.7.6 -> 2.7.7 (CVE-2024-35241, CVE-2024-3524)

  • postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3 (CVE-2024-4317)

  • ruby_3_2: 3.2.3 -> 3.2.4

  • util-linux: backport patch for CVE-2024-28085

• Production channel URL for this release: https://hydra.flyingcircus.io/build/443808/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.11: [platform code](https://github.com/flyingcircusio/fc-nixos/compare/fc/r2024_017/23.11… 0d9defa6c4d6d4434387f9059abfec952e0b058c), nixpkgs/upstream changes