Uppdaterad Debian 12; 12.8 utgiven

9 november 2024

Debianprojektet presenterar stolt sin åttonde uppdatering till dess stabila utgåva Debian 12 (med kodnamnet bookworm). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 12 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bookworm. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket Orsak
7zip Fix heap buffer overflow in NTFS handler [CVE-2023-52168]; fix out-of-bounds read in NTFS handler [CVE-2023-52169]
amanda Update incomplete fix for CVE-2022-37704, restoring operation with xfsdump
apr Use 0600 perms for named shared mem consistently [CVE-2023-49582]
base-files Update for the point release
btrfs-progs Fix checksum calculation errors during volume conversion in btrfs-convert
calamares-settings-debian Fix missing launcher on KDE desktops; fix btrfs mounts
cjson Fix segmentation violation issue [CVE-2024-31755]
clamav New upstream stable release; fix denial of service issue [CVE-2024-20505], file corruption issue [CVE-2024-20506]
cloud-init Add support for multiple networkd Route sections
cloud-initramfs-tools Add missing dependencies in the initramfs
curl Fix incorrect handling of some OCSP responses [CVE-2024-8096]
debian-installer Reinstate some armel netboot targets (openrd); increase Linux kernel ABI to 6.1.0-27; rebuild against proposed-updates
debian-installer-netboot-images Rebuild against proposed-updates
devscripts bts: always upgrade to STARTTLS on 587/tcp; build-rdeps: add support for non-free-firmware; chdist: update sources.list examples with non-free-firmware; build-rdeps: use all available distros by default
diffoscope Fix build failure when processing a deliberately overlapping zip file in tests
distro-info-data Add Ubuntu 25.04
docker.io Fix bypassing of AuthZ plugins in some circumstances [CVE-2024-41110]
dpdk New upstream stable release
exim4 Fix crash in dbmnz when looking up keys with no content
fcgiwrap Set proper ownership on repositories in git backend
galera-4 New upstream stable release
glib2.0 Provide libgio-2.0-dev from libglib2.0-dev, and libgio-2.0-dev-bin from libglib2.0-dev-bin
glibc Change Croatian locale to use Euro as currency; revert upstream commit that modified the GLIBC_PRIVATE ABI, causing crashes with some static binaries on arm64; vfscanf(): fix matches longer than INT_MAX; ungetc(): fix uninitialized read when putting into unused streams, backup buffer leak on program exit; mremap(): fix support for the MREMAP_DONTUNMAP option; resolv: fix timeouts caused by short error responses or when single-request mode is enabled in resolv.conf
gtk+3.0 Fix letting Orca announce initial focus
ikiwiki-hosting Allow reading of all user repositories
intel-microcode New upstream release; security fixes [CVE-2024-23984 CVE-2024-24968]
ipmitool Fix a buffer overrun in open interface; fix lan print fails on unsupported parameters; fix reading of temperature sensors; fix using hex values when sending raw data
iputils Fix incorrect handling of ICMP responses intended for other processes
kexec-tools Mask kexec.service to prevent the init.d script handling kexec process on a systemd enabled system
lemonldap-ng Fix cross-site scripting vulnerability on login page [CVE-2024-48933]
lgogdownloader Fix parsing of Galaxy URLs
libskk Prevent crash on invalid JSON escape
libvirt Fix running i686 VMs with AppArmor on the host; prevent certain guests from becoming unbootable or disappearing during upgrade
linux New upstream release; bump ABI to 27
linux-signed-amd64 New upstream release; bump ABI to 27
linux-signed-arm64 New upstream release; bump ABI to 27
linux-signed-i386 New upstream release; bump ABI to 27
llvm-toolchain-15 Architecture-specific rebuild on mips64el to sync version with other architectures
nghttp2 Fix denial of service issue [CVE-2024-28182]
ninja-build Support large inode numbers on 32-bit systems
node-dompurify Fix prototype pollution issues [CVE-2024-45801 CVE-2024-48910]
node-es-module-lexer Fix build failure
node-globby Fix build failure
node-mdn-browser-compat-data Fix build failure
node-rollup-plugin-node-polyfills Fix build failure
node-tap Fix build failure
node-xterm Fix TypeScript declarations
node-y-protocols Fix build failure
node-y-websocket Fix build failure
node-ytdl-core Fix build failure
notify-osd Correct executable path in desktop launcher file
ntfs-3g Fix use-after-free in ntfs-uppercase-mbs; re-classify fuse as Depends, not Pre-Depends
openssl New upstream stable release; fix buffer overread issue [CVE-2024-5535], out of bounds memory access [CVE-2024-9143]
ostree Prevent crashing libflatpak when using curl 8.10
puppetserver Reinstate scheduled job to clean reports after 30 days, avoiding disk space exhaustion
puredata Fix privilege escalation issue [CVE-2023-47480]
python-cryptography Fix NULL dereference when loading PKCS7 certificates [CVE-2023-49083]; fix NULL dereference when PKCS#12 key and cert don't match [CVE-2024-26130]
python3.11 Fix regression in zipfile.Path; prevent ReDoS vulnerability with crafted tar archives
reprepro Prevent hangs when running unzstd
sqlite3 Fix a buffer overread issue [CVE-2023-7104], a stack overflow issue and an integer overflow issue
sumo Fix a race condition when building documentation
systemd New upstream stable release
tgt chap: Use proper entropy source [CVE-2024-45751]
timeshift Add missing dependency on pkexec
util-linux Allow lscpu to identify new Arm cores
vmdb2 Set locale to UTF-8
wireshark New upstream security release [CVE-2024-0208, CVE-2024-0209, CVE-2024-2955, CVE-2024-4853, CVE-2024-4854, CVE-2024-4855, CVE-2024-8250, CVE-2024-8645]
xfpt Fix buffer overflow issue [CVE-2024-43700]

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID Paket
DSA-5729 apache2
DSA-5733 thunderbird
DSA-5744 thunderbird
DSA-5758 trafficserver
DSA-5759 python3.11
DSA-5760 ghostscript
DSA-5761 chromium
DSA-5762 webkit2gtk
DSA-5763 pymatgen
DSA-5764 openssl
DSA-5765 firefox-esr
DSA-5766 chromium
DSA-5767 thunderbird
DSA-5768 chromium
DSA-5769 git
DSA-5770 expat
DSA-5771 php-twig
DSA-5772 libreoffice
DSA-5773 chromium
DSA-5774 ruby-saml
DSA-5775 chromium
DSA-5776 tryton-server
DSA-5777 booth
DSA-5778 cups-filters
DSA-5779 cups
DSA-5780 php8.2
DSA-5781 chromium
DSA-5782 linux-signed-amd64
DSA-5782 linux-signed-arm64
DSA-5782 linux-signed-i386
DSA-5782 linux
DSA-5783 firefox-esr
DSA-5784 oath-toolkit
DSA-5785 mediawiki
DSA-5786 libgsf
DSA-5787 chromium
DSA-5788 firefox-esr
DSA-5789 thunderbird
DSA-5790 node-dompurify
DSA-5791 python-reportlab
DSA-5792 webkit2gtk
DSA-5793 chromium
DSA-5794 openjdk-17
DSA-5795 python-sql
DSA-5796 libheif
DSA-5797 twisted
DSA-5798 activemq
DSA-5799 chromium
DSA-5800 xorg-server
DSA-5802 chromium

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

Den aktuella stabila utgåvan:

https://deb.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

https://deb.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.