Uppdaterad Debian 12; 12.1 utgiven

22 juli 2023

Debianprojektet presenterar stolt sin första uppdatering till dess stabila utgåva Debian 12 (med kodnamnet bookworm). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 12 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bookworm. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling.

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket	Orsak
aide	Properly handle creating the system user; fix child directory processing on equal match
autofs	Fix hang when using Kerberos-authenticated LDAP
ayatana-indicator-datetime	Fix playing of custom alarm sounds
base-files	Update for the 12.1 point release
bepasty	Fix rendering of text uploads
boost1.81	Add missing dependency on libboost-json1.81.0 to libboost-json1.81-dev
bup	Correctly restore POSIX ACLs
context	Enable socket in ConTeXt mtxrun
cpdb-libs	Fix a buffer overflow vulnerability [CVE-2023-34095]
cpp-httplib	Fix CRLF injection issue [CVE-2023-26130]
crowdsec	Fix default acquis.yaml to also include the journalctl datasource, limited to the ssh.service unit, making sure acquisition works even without the traditional auth.log file; make sure an invalid datasource doesn't make the engine error out
cups	Security fixes: use-after-free [CVE-2023-34241]; heap buffer overflow [CVE-2023-32324]
cvs	Configure full path to ssh
dbus	New upstream stable release; fix denial of service issue [CVE-2023-34969]; stop trying to take DPKG_ROOT into account, restoring copying of systemd's /etc/machine-id in preference to creating an entirely new machine ID
debian-installer	Increase Linux kernel ABI to 6.1.0-10; rebuild against proposed-updates
debian-installer-netboot-images	Rebuild against proposed-updates
desktop-base	Remove emerald alternatives on package uninstallation
dh-python	Re-introduce Breaks+Replaces on python2 needed to help apt in some upgrade scenarios
dkms	Add Breaks against obsolete, incompatible *-dkms packages
dnf	Fix default DNF const PYTHON_INSTALL_DIR
dpdk	New upstream stable release
exim4	Fix argument parsing for ${run } expansion; fix ${srs_encode ..} returning incorrect result every 1024 days
fai	Fix IP address lifetime
glibc	Fix a buffer overflow in gmon; fix a deadlock in getaddrinfo (__check_pf) with deferred cancellation; fix y2038 support in strftime on 32-bit architectures; fix corner case parsing of /etc/gshadow which can return bad pointers, causing segfaults in applications; fix a deadlock in system() when called concurrently from multiple threads; cdefs: limit definition of fortification macros to __FORTIFY_LEVEL > 0 to support old C90 compilers
gnome-control-center	New upstream bugfix release
gnome-maps	New upstream bugfix release
gnome-shell	New upstream bugfix release
gnome-software	New upstream release; memory leak fixes
gosa	Silence PHP 8.2 deprecation warnings; fix missing template in default theme; fix table styling; fix use of debugLevel > 0
groonga	Fix documentation links
guestfs-tools	Security update [CVE-2022-2211]
indent	Restore the ROUND_UP macro and adjust the initial buffer size
installation-guide	Enable Indonesian translation
kanboard	Fix malicious injection of HTML tags into DOM [CVE-2023-32685]; fix parameter-based indirect object referencing leading to private file exposure [CVE-2023-33956]; fix missing access controls [CVE-2023-33968, CVE-2023-33970]; fix stored XSS in Task External Link functionality [CVE-2023-33969]
kf5-messagelib	Search also for subkeys
libmatekbd	Fix memory leaks
libnginx-mod-http-modsecurity	Binary rebuild with pcre2
libreoffice	New upstream bugfix release
libreswan	Fix potential denial-of-service issue [CVE-2023-30570]
libxml2	Fix NULL pointer dereference issue [CVE-2022-2309]
linux	New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-amd64	New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-arm64	New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
linux-signed-i386	New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]
mailman3	Drop redundant cron job; handle ordering of services when MariaDB is present
marco	Show correct window title when owned by superuser
mate-control-center	Fix several memory leaks
mate-power-manager	Fix several memory leaks
mate-session-manager	Fix several memory leaks; allow clutter backends other than x11
multipath-tools	Hide underlying paths from LVM; prevent initial service failure on new installations
mutter	New upstream bugfix release
network-manager-strongswan	Build editor component with GTK 4 support
nfdump	Return success when starting; fix segfault in option parsing
nftables	Fix regression in set listing format
node-openpgp-seek-bzip	Correct installation of files in seek-bzip package
node-tough-cookie	Fix prototype pollution issue [CVE-2023-26136]
node-undici	Security fixes: protect Host HTTP header from CLRF injection [CVE-2023-23936]; potential ReDoS on Headers.set and Headers.append [CVE-2023-24807]
node-webpack	Security fix (cross-realm objects) [CVE-2023-28154]
nvidia-cuda-toolkit	Update bundled openjdk-8-jre
nvidia-graphics-drivers	New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-graphics-drivers-tesla	New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-graphics-drivers-tesla-470	New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-modprobe	New upstream bugfix release
nvidia-open-gpu-kernel-modules	New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]
nvidia-support	Add Breaks against incompatible packages from bullseye
onionshare	Fix installation of desktop furniture
openvpn	Fix memory leak and dangling pointer (possible crash vector)
pacemaker	Fix regression in the resource scheduler
postfix	New upstream bugfix release; fix postfix set-permissions
proftpd-dfsg	Do not enable inetd-style socket at installation
qemu	New upstream stable release; fix USB devices not being available to XEN HVM domUs; 9pfs: prevent opening special files [CVE-2023-2861]; fix reentrancy issues in the LSI controller [CVE-2023-0330]
request-tracker5	Fix links to documentation
rime-cantonese	Sort words and characters by frequency
rime-luna-pinyin	Install missing pinyin schema data
samba	New upstream stable release; ensure manpages are generated during build; enable ability to store kerberos tickets in kernel keyring; fix build issues on armel and mipsel; fix windows logon/trust issues with 2023-07 windows updates
schleuder-cli	Security fix (value escaping)
smarty4	Fix arbitrary code execution issue [CVE-2023-28447]
spip	Various security issues; security fix (authentication data filtering)
sra-sdk	Fix installation of files in libngs-java
sudo	Fix event log format
systemd	New upstream bugfix release
tang	Fix race condition when creating/rotating keys [CVE-2023-1672]
texlive-bin	Disable socket in luatex by default [CVE-2023-32668]; make installable on i386
unixodbc	Add Breaks+Replaces against odbcinst1debian1
usb.ids	Update included data
vm	Disable byte compilation
vte2.91	New upstream bugfix release
xerial-sqlite-jdbc	Use a UUID for connection ID [CVE-2023-32697]
yajl	Memory leak security fix; fix denial of service issue [CVE-2017-16516], integer overflow issue [CVE-2022-24795]

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID	Paket
DSA-5423	thunderbird
DSA-5425	php8.2
DSA-5427	webkit2gtk
DSA-5428	chromium
DSA-5429	wireshark
DSA-5430	openjdk-17
DSA-5432	xmltooling
DSA-5433	libx11
DSA-5434	minidlna
DSA-5435	trafficserver
DSA-5436	hsqldb1.8.0
DSA-5437	hsqldb
DSA-5439	bind9
DSA-5440	chromium
DSA-5443	gst-plugins-base1.0
DSA-5444	gst-plugins-bad1.0
DSA-5445	gst-plugins-good1.0
DSA-5446	ghostscript
DSA-5447	mediawiki
DSA-5448	linux-signed-amd64
DSA-5448	linux-signed-arm64
DSA-5448	linux-signed-i386
DSA-5448	linux
DSA-5449	webkit2gtk
DSA-5450	firefox-esr
DSA-5451	thunderbird

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

Den aktuella stabila utgåvan:

https://deb.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

https://deb.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.