Uppdaterad Debian 12; 12.4 utgiven
10 december 2023
Vänligen notera att detta dokument har uppdaterats på bästa möjligt sätt för att reflektera att Debian 12.3 ersätts av Debian 12.4. Dessa förändringar kom på grund av en felrapport #1057843 i sista sekunden rörande problem med linux-image-6.1.0-14 (6.1.64-1).
Debian 12.4 släpps med linux-image-6.1.0-15 (6.1.66-1), tillsammans med några andra felrättningar.
Debianprojektet presenterar stolt sin fjärde uppdatering till dess
stabila utgåva Debian 12 (med kodnamnet bookworm
).
Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem,
tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner
har redan publicerats separat och refereras när de finns tillgängliga.
Vänligen notera att punktutgåvan inte innebär en ny version av Debian
12 utan endast uppdaterar några av de inkluderade paketen. Det behövs
inte kastas bort gamla media av bookworm
. Efter installationen
kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad
Debianspegling..
De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.
Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.
En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:
Blandade felrättningar
Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:
Paket | Orsak |
---|---|
adequate | Skip symbol-size-mismatch test on architectures where array symbols don't include a specific length; disable deprecation warnings about smartmatch, given, when in Perl 5.38; fix warnings from version comparison about smartmatch being experimental |
amanda | Fix local privilege escalation [CVE-2023-30577] |
arctica-greeter | Move logo away from border when greeting |
awstats | Avoid prompts on upgrade due to logrotate configuration cleanup |
axis | Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743] |
base-files | Update for the 12.4 point release |
ca-certificates-java | Remove circular dependencies |
calibre | Fix crash in Get Books when regenerating UIC files |
crun | Fix containers with systemd as their init system, when using newer kernel versions |
cups | Take into account that on some printers the ColorModel option's choice for color printing is CMYK and not RGB |
dav4tbsync | New upstream version, restoring compatibility with newer Thunderbird versions |
debian-edu-artwork | Provide an Emerald theme based artwork for Debian Edu 12 |
debian-edu-config | New upstream stable version; fix setting and changing of LDAP passwords |
debian-edu-doc | Update included documentation and translations |
debian-edu-fai | New upstream stable version |
debian-edu-router | Fix dnsmasq conf generation for networks over VLAN; only generate UIF filter rules for SSH if 'Uplink' interface is defined; update translations |
debian-installer | Increase Linux kernel ABI to 6.1.0-15; rebuild against proposed-updates |
debian-installer-netboot-images | Rebuild against proposed-updates |
debootstrap | Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles |
devscripts | Debchange: Update to current Debian distributions |
dhcpcd5 | Change Breaks/Replaces dhcpcd5 to Conflicts |
di-netboot-assistant | Fix support for bookworm live ISO image |
distro-info | Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date |
distro-info-data | Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates |
eas4tbsync | New upstream version, restoring compatibility with newer Thunderbird versions |
exfatprogs | Fix out-of-bounds memory access issues [CVE-2023-45897] |
exim4 | Fix security issues relating to the proxy protocol [CVE-2023-42117] and DNSDB lookups [CVE-2023-42119]; add hardening for SPF lookups; disallow UTF-16 surrogates from ${utf8clean:...}; fix crash with tls_dhparam = none; fix $recipients expansion when used within ${run...}; fix expiry date of auto-generated SSL certificates; fix crash induced by some combinations of zero-length strings and ${tr...} |
fonts-noto-color-emoji | Add support for Unicode 15.1 |
gimp | Add Conflicts and Replaces: gimp-dds to remove old versions of this plugin shipped by gimp itself since 2.10.10 |
gnome-characters | Add support for Unicode 15.1 |
gnome-session | Open text files in gnome-text-editor if gedit is not installed |
gnome-shell | New upstream stable release; allow notifications to be dismissed with backspace key in addition to the delete key; fix duplicate devices shown when reconnecting to PulseAudio; fix possible use-after-free crashes on PulseAudio/Pipewire restart; avoid sliders in quick settings (volume, etc.) being reported to accessibility tools as their own parent object; align scrolled viewports to the pixel grid to avoid jitter visible during scrolling |
gnutls28 | Fix timing sidechannel issue [CVE-2023-5981] |
gosa | New upstream stable release |
gosa-plugins-sudo | Fix uninitialised variable |
hash-slinger | Fix generation of TLSA records |
intel-graphics-compiler | Fix compatibility with stable's intel-vc-intrinsics version |
iotop-c | Fix the logic in onlyoption; fix busy loop when ESC is pressed; fix ASCII graph rendering |
jdupes | Update prompts to help avoid choices that could lead to unexpected data loss |
lastpass-cli | New upstream stable release; update certificate hashes; add support for reading encrypted URLs |
libapache2-mod-python | Ensure binNMU versions are PEP-440-compliant |
libde265 | Fix segmentation violation issue [CVE-2023-27102], buffer overflow issues [CVE-2023-27103 CVE-2023-47471], buffer over-read issue [CVE-2023-43887] |
libervia-backend | Fix start failure without pre-existing configuration; make exec path absolute in dbus service file; fix dependencies on python3-txdbus/python3-dbus |
libmateweather | Locations: add San Miguel de Tucuman (Argentina); update forecast zones for Chicago; update data server URL; fix some location names |
libsolv | Enable support for zstd compression |
linux | Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] |
linux-signed-amd64 | Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] |
linux-signed-arm64 | Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] |
linux-signed-i386 | Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] |
llvm-toolchain-16 | New backported package to support builds of newer chromium versions |
lxc | Fix creating of ephemeral copies |
mda-lv2 | Fix LV2 plugin installation location |
midge | Remove non-free example files |
minizip | Fix integer and heap overflow issues [CVE-2023-45853] |
mrtg | Handle relocated configuration file; translation updates |
mutter | New upstream stable release; fix the ability to drag libdecor windows by their title bar on touchscreens; fix flickering and rendering artifacts when using software rendering; improve GNOME Shell app grid performance by avoiding repainting monitors other than the one it is displayed on |
nagios-plugins-contrib | Fix on-disk kernel version detection |
network-manager-openconnect | Add User Agent to Openconnect VPN for NetworkManager |
node-undici | Delete cookie and host headers on cross-origin redirect [CVE-2023-45143] |
nvidia-graphics-drivers | New upstream release; fix null pointer dereference issue [CVE-2023-31022] |
nvidia-graphics-drivers-tesla | New upstream release; fix null pointer dereference issue [CVE-2023-31022] |
nvidia-graphics-drivers-tesla-470 | New upstream release; fix null pointer dereference issue [CVE-2023-31022] |
nvidia-open-gpu-kernel-modules | New upstream release; fix null pointer dereference issue [CVE-2023-31022] |
opendkim | Fix removal of incoming Authentication-Results: headers [CVE-2022-48521] |
openrefine | Fix remote code execution vulnerability [CVE-2023-41887 CVE-2023-41886] |
opensc | Fix out-of-bounds read issue [CVE-2023-4535], potential PIN bypass [CVE-2023-40660], memory-handling issues [CVE-2023-40661] |
oscrypto | Fix OpenSSL version parsing; fix autopkgtest |
pcs | Fix resource move |
perl | Fix buffer overrun issue [CVE-2023-47038] |
php-phpseclib3 | Fix denial of service issue [CVE-2023-49316] |
postgresql-15 | New upstream stable release; fix SQL injection issue [CVE-2023-39417]; fix MERGE to enforce row security policies properly [CVE-2023-39418] |
proftpd-dfsg | Fix size of SSH key exchange buffers |
python-cogent | Only skip tests that require multiple CPUs when running on a single CPU system |
python3-onelogin-saml2 | Fix expired test payloads |
pyzoltan | Support building on single core systems |
qbittorrent | Disable UPnP for web UI by default in qbittorrent-nox |
qemu | Update to upstream stable release 7.2.7; hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] |
qpdf | Fix data loss issue with some quoted octal strings |
redis | Drop ProcSubset=pid hardening flag from the systemd unit due to it causing crashes |
rust-sd | Ensure binary package versions sorts correctly relative to older releases (where it was built from a different source package) |
sitesummary | Use systemd timer for running sitesummary-client if available |
speech-dispatcher-contrib | Enable voxin on armhf and arm64 |
spyder | Fix interface language auto-configuration |
symfony | Fix session fixation issue [CVE-2023-46733]; add missing escaping [CVE-2023-46734] |
systemd | New upstream stable release |
tbsync | New upstream version, restoring compatibility with newer Thunderbird versions |
toil | Only request a single core for tests |
tzdata | Update leap andra list |
unadf | Fix buffer overflow issue [CVE-2016-1243]; fix code execution issue [CVE-2016-1244] |
vips | Fix null pointer dereference issue [CVE-2023-40032] |
weborf | Fix denial of service issue |
wormhole-william | Disable flaky tests, fixing build failures |
xen | New upstream stable update; fix several security issues [CVE-2022-40982 CVE-2023-20569 CVE-2023-20588 CVE-2023-20593 CVE-2023-34320 CVE-2023-34321 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-46835 CVE-2023-46836] |
yuzu | Strip :native from glslang-tools build dependency, fixing build failure |
Säkerhetsuppdateringar
Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:
Borttagna paket
Följande paket har tagits bort på grund av omständigheter utom vår kontroll:
Paket | Orsak |
---|---|
gimp-dds | No longer required; integrated into GIMP |
Debianinstalleraren
Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.
URLer
Den fullständiga listan på paket som har förändrats i denna revision:
Den aktuella stabila utgåvan:
Föreslagna uppdateringar till den stabila utgåvan:
Information om den stabila utgåvan (versionsfakta, kända problem osv.):
Säkerhetsbulletiner och information:
Om Debian
Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.
Kontaktinformation
För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.