Release 2024_019 (2024-06-24)

Impact

  • [NixOS 23.11] Machines will schedule a maintenance reboot to activate the updated kernel.

NixOS 23.11 platform

  • Pull upstream NixOS changes, security fixes and package updates (PL-132692):

    • asterisk: 20.5.2 -> 20.8.1 (CVE-2024-35190)

    • chromedriver: 125.0.6422.78 -> 125.0.6422.141

    • chromium: 125.0.6422.112 -> 125.0.6422.141

    • git: 2.42.0 -> 2.42.2 (CVE-2024-32002, CVE-2024-32004, CVE-2024-32465, CVE-2024-32020, CVE-2024-32021)

    • gitlab: 16.10.6 -> 16.10.7

    • glibc: 2.38-66 -> 2.38-77 (CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)

    • github-runner: 2.316.1 -> 2.317.0

    • go: 1.21.9 -> 1.21.10

    • grafana: 10.2.6 -> 10.2.7

    • libxml2: 2.11.7 -> 2.11.8 (CVE-2024-34459)

    • linux_5_15: 5.15.159 -> 5.15.160

    • mastodon: 4.2.8 -> 4.2.9

    • matrix-synapse: 1.107.0 -> 1.108.0

    • nginxMainline: 1.25.4 -> 1.25.5 (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161)

    • nss_latest: 3.100 -> 3.101

    • php81: 8.1.28 -> 8.1.29 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

    • php82: 8.2.19 -> 8.2.20 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

    • php83: 8.3.7 -> 8.3.8 (CVE-2024-4577, CVE-2024-5458, CVE-2024-2408, CVE-2024-5585)

    • phpPackages.composer: 2.7.6 -> 2.7.7 (CVE-2024-35241, CVE-2024-3524)

    • postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3 (CVE-2024-4317)

    • ruby_3_2: 3.2.3 -> 3.2.4

    • util-linux: backport patch for CVE-2024-28085

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/443808/download/1/nixexprs.tar.xz

Detailed Changes