Uppdaterad Debian 12; 12.5 utgiven

10 februari 2024

Debianprojektet presenterar stolt sin femte uppdatering till dess stabila utgåva Debian 12 (med kodnamnet bookworm). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 12 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bookworm. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket Orsak
apktool Prevent arbitrary file writes with malicious resource names [CVE-2024-21633]
atril Fix crash when opening some epub files; fix index loading for certain epub documents; add fallback for malformed epub files in check_mime_type; use libarchive instead of external command for extracting documents [CVE-2023-51698]
base-files Update for the 12.5 point release
caja Fix desktop rendering artifacts after resolution changes; fix use of informal date format
calibre Fix HTML Input: Don't add resources that exist outside the folder hierarchy rooted at the parent folder of the input HTML file by default [CVE-2023-46303]
compton Remove recommendation of picom
cryptsetup cryptsetup-initramfs: Add support for compressed kernel modules; cryptsetup-suspend-wrapper: Don't error out on missing /lib/systemd/system-sleep directory; add_modules(): Change suffix drop logic to match initramfs-tools
debian-edu-artwork Provide an Emerald theme based artwork for Debian Edu 12
debian-edu-config New upstream release
debian-edu-doc Update included documentation and translations
debian-edu-fai New upstream release
debian-edu-install New upstream release; fix security sources.list
debian-installer Increase Linux kernel ABI to 6.1.0-18; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
debian-ports-archive-keyring Add Debian Ports Archive Automatic Signing Key (2025)
dpdk New upstream stable release
dropbear Fix terrapin attack [CVE-2023-48795]
engrampa Fix several memory leaks; fix archive save as functionality
espeak-ng Fix buffer overflow issues [CVE-2023-49990 CVE-2023-49992 CVE-2023-49993], buffer underflow issue [CVE-2023-49991], floating point exception issue [CVE-2023-49994]
filezilla Prevent Terrapin exploit [CVE-2023-48795]
fish Handle Unicode non-printing characters safely when given as command substitution [CVE-2023-49284]
fssync Disable flaky tests
gnutls28 Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [CVE-2024-0567]; fix timing side-channel issue [CVE-2024-0553]
indent Fix buffer under read issue [CVE-2024-0911]
isl Fix use on older CPUs
jtreg7 New source package to support builds of openjdk-17
libdatetime-timezone-perl Update included timezone data
libde265 Fix buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
libfirefox-marionette-perl Fix compatibility with newer firefox-esr versions
libmateweather Fix URL for aviationweather.gov
libspreadsheet-parsexlsx-perl Fix possible memory bomb [CVE-2024-22368]; fix XML External Entity issue [CVE-2024-23525]
linux New upstream stable release; bump ABI to 18
linux-signed-amd64 New upstream stable release; bump ABI to 18
linux-signed-arm64 New upstream stable release; bump ABI to 18
linux-signed-i386 New upstream stable release; bump ABI to 18
localslackirc Send authorization and cookie headers to the websocket
mariadb New upstream stable release; fix denial of service issue [CVE-2023-22084]
mate-screensaver Fix memory leaks
mate-settings-daemon Fix memory leaks; relax High DPI limits; fix handling of multiple rfkill events
mate-utils Fix various memory leaks
monitoring-plugins Fix check_http plugin when --no-body is used and the upstream response is chunked
needrestart Fix microcode check regression on AMD CPUs
netplan.io Fix autopkgtests with newer systemd versions
nextcloud-desktop Fix fails to sync files with special chars like ':'; fix two-factor authentication notifications
node-yarnpkg Fix use with Commander 8
onionprobe Fix initialisation of Tor if using hashed passwords
pipewire Use malloc_trim() when available to release memory
pluma Fix memory leak issues; fix double activation of extensions
postfix New upstream stable release; address SMTP smuggling issue [CVE-2023-51764]
proftpd-dfsg Implement fix for the Terrapin attack [CVE-2023-48795]; fix out-of-bounds read issue [CVE-2023-51713]
proftpd-mod-proxy Implement fix for the Terrapin attack [CVE-2023-48795]
pypdf Fix infinite loop issue [CVE-2023-36464]
pypdf2 Fix infinite loop issue [CVE-2023-36464]
pypy3 Avoid an rpython assertion error in the JIT if integer ranges don't overlap in a loop
qemu New upstream stable release; virtio-net: correctly copy vnet header when flushing TX [CVE-2023-6693]; fix null pointer dereference issue [CVE-2023-6683]; revert patch causing regressions in suspend / resume functionality
rpm Enable the read-only BerkeleyDB backend
rss-glx Install screensavers into /usr/libexec/xscreensaver; call GLFinish() prior to glXSwapBuffers()
spip Fix two cross-site scripting issues
swupdate Prevent acquiring root privileges through inappropriate socket mode
systemd New upstream stable release; fix missing verification issue in systemd-resolved [CVE-2023-7008]
tar Fix boundary checking in base-256 decoder [CVE-2022-48303], handling of extended header prefixes [CVE-2023-39804]
tinyxml Fix assertion issue [CVE-2023-34194]
tzdata New upstream stable release
usb.ids Update included data list
usbutils Fix usb-devices not printing all devices
usrmerge Clean up biarch directories when not needed; don't run convert-etc-shells again on converted systems; handle mounted /lib/modules on Xen systems; improve error reporting; add versioned conflicts with libc-bin, dhcpcd, libparted1.8-10 and lustre-utils
wolfssl Fix security issue when client sent neither PSK nor KSE extensions [CVE-2023-3724]
xen New upstream stable release; security fixes [CVE-2023-46837 CVE-2023-46839 CVE-2023-46840]

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID Paket
DSA-5572 roundcube
DSA-5573 chromium
DSA-5574 libreoffice
DSA-5576 xorg-server
DSA-5577 chromium
DSA-5578 ghostscript
DSA-5579 freeimage
DSA-5581 firefox-esr
DSA-5582 thunderbird
DSA-5583 gst-plugins-bad1.0
DSA-5584 bluez
DSA-5585 chromium
DSA-5586 openssh
DSA-5587 curl
DSA-5588 putty
DSA-5589 node-undici
DSA-5590 haproxy
DSA-5591 libssh
DSA-5592 libspreadsheet-parseexcel-perl
DSA-5593 linux-signed-amd64
DSA-5593 linux-signed-arm64
DSA-5593 linux-signed-i386
DSA-5593 linux
DSA-5595 chromium
DSA-5597 exim4
DSA-5598 chromium
DSA-5599 phpseclib
DSA-5600 php-phpseclib
DSA-5601 php-phpseclib3
DSA-5602 chromium
DSA-5603 xorg-server
DSA-5605 thunderbird
DSA-5606 firefox-esr
DSA-5607 chromium
DSA-5608 gst-plugins-bad1.0
DSA-5609 slurm-wlm
DSA-5610 redis
DSA-5611 glibc
DSA-5612 chromium
DSA-5613 openjdk-17
DSA-5614 zbar
DSA-5615 runc

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

Den aktuella stabila utgåvan:

https://deb.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

https://deb.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.