تحديث دبيان 12: الإصدار 12.1

22 يوليوز 2023

يسعد مشروع دبيان الإعلان عن التحديث الأول لتوزيعته المستقرة دبيان 12 (الاسم الرمزي bookworm). بالإضافة إلى تسوية بعض المشكلات الحرجة يصلح هذا التحديث بالأساس مشاكلات الأمان. تنبيهات الأمان أعلنت بشكل منفصل ومشار إليها فقط في هذا الإعلان.

يرجى ملاحظة أن هذا التحديث لا يشكّل إصدار جديد لدبيان 12 بل فقط تحديثات لبعض الحزم المضمّنة وبالتالي ليس بالضرورة رمي الوسائط القديمة للإصدار bookworm، يمكن تحديث الحزم باستخدام مرآة دبيان محدّثة.

الذين يثبّتون التحديثات من security.debian.org باستمرار لن يكون عليهم تحديث العديد من الحزم، أغلب التحديثات مضمّنة في هذا التحديث.

صور جديدة لأقراص التثبيت ستكون متوفرة في موضعها المعتاد.

يمكن الترقية من تثبيت آنيّ إلى هذه المراجعة بتوجيه نظام إدارة الحزم إلى إحدى مرايا HTTP الخاصة بدبيان. قائمة شاملة لمرايا دبيان على المسار:

https://www.debian.org/mirror/list

إصلاح العديد من العلاّت

أضاف هذا التحديث للإصدار المستقر بعض الإصلاحات المهمة للحزم التالية:

الحزمة السبب
aide Properly handle creating the system user; fix child directory processing on equal match
autofs Fix hang when using Kerberos-authenticated LDAP
ayatana-indicator-datetime Fix playing of custom alarm sounds
base-files Update for the 12.1 point release
bepasty Fix rendering of text uploads
boost1.81 Add missing dependency on libboost-json1.81.0 to libboost-json1.81-dev
bup Correctly restore POSIX ACLs
context Enable socket in ConTeXt mtxrun
cpdb-libs Fix a buffer overflow vulnerability [CVE-2023-34095]
cpp-httplib Fix CRLF injection issue [CVE-2023-26130]
crowdsec Fix default acquis.yaml to also include the journalctl datasource, limited to the ssh.service unit, making sure acquisition works even without the traditional auth.log file; make sure an invalid datasource doesn't make the engine error out
cups Security fixes: use-after-free [CVE-2023-34241]; heap buffer overflow [CVE-2023-32324]
cvs Configure full path to ssh
dbus New upstream stable release; fix denial of service issue [CVE-2023-34969]; stop trying to take DPKG_ROOT into account, restoring copying of systemd's /etc/machine-id in preference to creating an entirely new machine ID
debian-installer Increase Linux kernel ABI to 6.1.0-10; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
desktop-base Remove emerald alternatives on package uninstallation
dh-python Re-introduce Breaks+Replaces on python2 needed to help apt in some upgrade scenarios
dkms Add Breaks against obsolete, incompatible *-dkms packages
dnf Fix default DNF const PYTHON_INSTALL_DIR
dpdk New upstream stable release
exim4 Fix argument parsing for ${run } expansion; fix ${srs_encode ..} returning incorrect result every 1024 days
fai Fix IP address lifetime
glibc Fix a buffer overflow in gmon; fix a deadlock in getaddrinfo (__check_pf) with deferred cancellation; fix y2038 support in strftime on 32-bit architectures; fix corner case parsing of /etc/gshadow which can return bad pointers, causing segfaults in applications; fix a deadlock in system() when called concurrently from multiple threads; cdefs: limit definition of fortification macros to __FORTIFY_LEVEL > 0 to support old C90 compilers
gnome-control-center New upstream bugfix release
gnome-maps New upstream bugfix release
gnome-shell New upstream bugfix release
gnome-software New upstream release; memory leak fixes
gosa Silence PHP 8.2 deprecation warnings; fix missing template in default theme; fix table styling; fix use of debugLevel > 0
groonga Fix documentation links
guestfs-tools Security update [CVE-2022-2211]
indent Restore the ROUND_UP macro and adjust the initial buffer size
installation-guide Enable Indonesian translation
kanboard Fix malicious injection of HTML tags into DOM [CVE-2023-32685]; fix parameter-based indirect object referencing leading to private file exposure [CVE-2023-33956]; fix missing access controls [CVE-2023-33968, CVE-2023-33970]; fix stored XSS in Task External Link functionality [CVE-2023-33969]
kf5-messagelib Search also for subkeys
libmatekbd Fix memory leaks
libnginx-mod-http-modsecurity Binary rebuild with pcre2
libreoffice New upstream bugfix release
libreswan Fix potential denial-of-service issue [CVE-2023-30570]
libxml2 Fix NULL pointer dereference issue [CVE-2022-2309]
linux New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-amd64 New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-arm64 New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-i386 New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
mailman3 Drop redundant cron job; handle ordering of services when MariaDB is present
marco Show correct window title when owned by superuser
mate-control-center Fix several memory leaks
mate-power-manager Fix several memory leaks
mate-session-manager Fix several memory leaks; allow clutter backends other than x11
multipath-tools Hide underlying paths from LVM; prevent initial service failure on new installations
mutter New upstream bugfix release
network-manager-strongswan Build editor component with GTK 4 support
nfdump Return success when starting; fix segfault in option parsing
nftables Fix regression in set listing format
node-openpgp-seek-bzip Correct installation of files in seek-bzip package
node-tough-cookie Fix prototype pollution issue [CVE-2023-26136]
node-undici Security fixes: protect Host HTTP header from CLRF injection [CVE-2023-23936]; potential ReDoS on Headers.set and Headers.append [CVE-2023-24807]
node-webpack Security fix (cross-realm objects) [CVE-2023-28154]
nvidia-cuda-toolkit Update bundled openjdk-8-jre
nvidia-graphics-drivers New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-graphics-drivers-tesla New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-graphics-drivers-tesla-470 New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-modprobe New upstream bugfix release
nvidia-open-gpu-kernel-modules New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-support Add Breaks against incompatible packages from bullseye
onionshare Fix installation of desktop furniture
openvpn Fix memory leak and dangling pointer (possible crash vector)
pacemaker Fix regression in the resource scheduler
postfix New upstream bugfix release; fix postfix set-permissions
proftpd-dfsg Do not enable inetd-style socket at installation
qemu New upstream stable release; fix USB devices not being available to XEN HVM domUs; 9pfs: prevent opening special files [CVE-2023-2861]; fix reentrancy issues in the LSI controller [CVE-2023-0330]
request-tracker5 Fix links to documentation
rime-cantonese Sort words and characters by frequency
rime-luna-pinyin Install missing pinyin schema data
samba New upstream stable release; ensure manpages are generated during build; enable ability to store kerberos tickets in kernel keyring; fix build issues on armel and mipsel; fix windows logon/trust issues with 2023-07 windows updates
schleuder-cli Security fix (value escaping)
smarty4 Fix arbitrary code execution issue [CVE-2023-28447]
spip Various security issues; security fix (authentication data filtering)
sra-sdk Fix installation of files in libngs-java
sudo Fix event log format
systemd New upstream bugfix release
tang Fix race condition when creating/rotating keys [CVE-2023-1672]
texlive-bin Disable socket in luatex by default [CVE-2023-32668]; make installable on i386
unixodbc Add Breaks+Replaces against odbcinst1debian1
usb.ids Update included data
vm Disable byte compilation
vte2.91 New upstream bugfix release
xerial-sqlite-jdbc Use a UUID for connection ID [CVE-2023-32697]
yajl Memory leak security fix; fix denial of service issue [CVE-2017-16516], integer overflow issue [CVE-2022-24795]

تحديثات الأمان

أضافت هذه المراجعة تحديثات الأمان التالية للإصدار المستقر. سبق لفريق الأمان نشر تنبيه لكل تحديث:

معرَّف التنبيه الحزمة
DSA-5423 thunderbird
DSA-5425 php8.2
DSA-5427 webkit2gtk
DSA-5428 chromium
DSA-5429 wireshark
DSA-5430 openjdk-17
DSA-5432 xmltooling
DSA-5433 libx11
DSA-5434 minidlna
DSA-5435 trafficserver
DSA-5436 hsqldb1.8.0
DSA-5437 hsqldb
DSA-5439 bind9
DSA-5440 chromium
DSA-5443 gst-plugins-base1.0
DSA-5444 gst-plugins-bad1.0
DSA-5445 gst-plugins-good1.0
DSA-5446 ghostscript
DSA-5447 mediawiki
DSA-5448 linux-signed-amd64
DSA-5448 linux-signed-arm64
DSA-5448 linux-signed-i386
DSA-5448 linux
DSA-5449 webkit2gtk
DSA-5450 firefox-esr
DSA-5451 thunderbird

مُثبِّت دبيان

حدِّث المُثبِّت ليتضمن الإصلاحات المندرجة في هذا الإصدار المستقر.

المسارات

القائمة الكاملة للحزم المغيّرة في هذه المراجعة:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

التوزيعة المستقرة الحالية:

https://deb.debian.org/debian/dists/stable/

التحديثات المقترحة للتوزيعة المستقرة:

https://deb.debian.org/debian/dists/proposed-updates

معلومات حول التوزيعة المستقرة (ملاحظات الإصدار والأخطاء إلخ):

https://www.debian.org/releases/stable/

معلومات وإعلانات الأمان:

https://www.debian.org/security/

حول دبيان

مشروع دبيان هو اتحاد لمطوري البرمجيات الحرة تطوعوا بالوقت والمجهود لإنتاج نظام تشعيل دبيان حر بالكامل.

معلومات الاتصال

لمزيد من المعلومات يرجى زيارة موقع دبيان https://www.debian.org/ أو إرسال بريد إلكتروني إلى <press@debian.org> أو الاتصال بفريق إصدار المستقرة على <debian-release@lists.debian.org>.