------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Updated Debian 12: 12.1 released press@debian.org
July 22nd, 2023 https://www.debian.org/News/2023/20230722
------------------------------------------------------------------------
The Debian project is pleased to announce the first update of its stable
distribution Debian 12 (codename "bookworm"). This point release mainly
adds corrections for security issues, along with a few adjustments for
serious problems. Security advisories have already been published
separately and are referenced where available.
Please note that the point release does not constitute a new version of
Debian 12 but only updates some of the packages included. There is no
need to throw away old "bookworm" media. After installation, packages
can be upgraded to the current versions using an up-to-date Debian
mirror.
Those who frequently install updates from security.debian.org won't have
to update many packages, and most such updates are included in the point
release.
New installation images will be available soon at the regular locations.
Upgrading an existing installation to this revision can be achieved by
pointing the package management system at one of Debian's many HTTP
mirrors. A comprehensive list of mirrors is available at:
https://www.debian.org/mirror/list
Miscellaneous Bugfixes
----------------------
This stable update adds a few important corrections to the following
packages:
+--------------------------+------------------------------------------+
| Package | Reason |
+--------------------------+------------------------------------------+
| aide [1] | Properly handle creating the system |
| | user; fix child directory processing on |
| | equal match |
| | |
| autofs [2] | Fix hang when using Kerberos- |
| | authenticated LDAP |
| | |
| ayatana-indicator- | Fix playing of custom alarm sounds |
| datetime [3] | |
| | |
| base-files [4] | Update for the 12.1 point release |
| | |
| bepasty [5] | Fix rendering of text uploads |
| | |
| boost1.81 [6] | Add missing dependency on libboost- |
| | json1.81.0 to libboost-json1.81-dev |
| | |
| bup [7] | Correctly restore POSIX ACLs |
| | |
| context [8] | Enable socket in ConTeXt mtxrun |
| | |
| cpdb-libs [9] | Fix a buffer overflow vulnerability |
| | [CVE-2023-34095] |
| | |
| cpp-httplib [10] | Fix CRLF injection issue [CVE-2023- |
| | 26130] |
| | |
| crowdsec [11] | Fix default acquis.yaml to also include |
| | the journalctl datasource, limited to |
| | the ssh.service unit, making sure |
| | acquisition works even without the |
| | traditional auth.log file; make sure an |
| | invalid datasource doesn't make the |
| | engine error out |
| | |
| cups [12] | Security fixes: use-after-free |
| | [CVE-2023-34241]; heap buffer overflow |
| | [CVE-2023-32324] |
| | |
| cvs [13] | Configure full path to ssh |
| | |
| dbus [14] | New upstream stable release; fix denial |
| | of service issue [CVE-2023-34969]; stop |
| | trying to take DPKG_ROOT into account, |
| | restoring copying of systemd's /etc/ |
| | machine-id in preference to creating an |
| | entirely new machine ID |
| | |
| debian-installer [15] | Increase Linux kernel ABI to 6.1.0-10; |
| | rebuild against proposed-updates |
| | |
| debian-installer- | Rebuild against proposed-updates |
| netboot-images [16] | |
| | |
| desktop-base [17] | Remove emerald alternatives on package |
| | uninstallation |
| | |
| dh-python [18] | Re-introduce Breaks+Replaces on python2 |
| | needed to help apt in some upgrade |
| | scenarios |
| | |
| dkms [19] | Add Breaks against obsolete, |
| | incompatible *-dkms packages |
| | |
| dnf [20] | Fix default DNF const PYTHON_INSTALL_DIR |
| | |
| dpdk [21] | New upstream stable release |
| | |
| exim4 [22] | Fix argument parsing for ${run } |
| | expansion; fix ${srs_encode ..} |
| | returning incorrect result every 1024 |
| | days |
| | |
| fai [23] | Fix IP address lifetime |
| | |
| glibc [24] | Fix a buffer overflow in gmon; fix a |
| | deadlock in getaddrinfo (__check_pf) |
| | with deferred cancellation; fix y2038 |
| | support in strftime on 32-bit |
| | architectures; fix corner case parsing |
| | of /etc/gshadow which can return bad |
| | pointers, causing segfaults in |
| | applications; fix a deadlock in system() |
| | when called concurrently from multiple |
| | threads; cdefs: limit definition of |
| | fortification macros to __FORTIFY_LEVEL |
| | > 0 to support old C90 compilers |
| | |
| gnome-control- | New upstream bugfix release |
| center [25] | |
| | |
| gnome-maps [26] | New upstream bugfix release |
| | |
| gnome-shell [27] | New upstream bugfix release |
| | |
| gnome-software [28] | New upstream release; memory leak fixes |
| | |
| gosa [29] | Silence PHP 8.2 deprecation warnings; |
| | fix missing template in default theme; |
| | fix table styling; fix use of debugLevel |
| | > 0 |
| | |
| groonga [30] | Fix documentation links |
| | |
| guestfs-tools [31] | Security update [CVE-2022-2211] |
| | |
| indent [32] | Restore the ROUND_UP macro and adjust |
| | the initial buffer size |
| | |
| installation-guide [33] | Enable Indonesian translation |
| | |
| kanboard [34] | Fix malicious injection of HTML tags |
| | into DOM [CVE-2023-32685]; fix |
| | parameter-based indirect object |
| | referencing leading to private file |
| | exposure [CVE-2023-33956]; fix missing |
| | access controls [CVE-2023-33968, |
| | CVE-2023-33970]; fix stored XSS in Task |
| | External Link functionality [CVE-2023- |
| | 33969] |
| | |
| kf5-messagelib [35] | Search also for subkeys |
| | |
| libmatekbd [36] | Fix memory leaks |
| | |
| libnginx-mod-http- | Binary rebuild with pcre2 |
| modsecurity [37] | |
| | |
| libreoffice [38] | New upstream bugfix release |
| | |
| libreswan [39] | Fix potential denial-of-service issue |
| | [CVE-2023-30570] |
| | |
| libxml2 [40] | Fix NULL pointer dereference issue |
| | [CVE-2022-2309] |
| | |
| linux [41] | New upstream stable release; netfilter: |
| | nf_tables: do not ignore genmask when |
| | looking up chain by id [CVE-2023-31248], |
| | prevent OOB access in nft_byteorder_eval |
| | [CVE-2023-35001] |
| | |
| linux-signed-amd64 [42] | New upstream stable release; netfilter: |
| | nf_tables: do not ignore genmask when |
| | looking up chain by id [CVE-2023-31248], |
| | prevent OOB access in nft_byteorder_eval |
| | [CVE-2023-35001] |
| | |
| linux-signed-arm64 [43] | New upstream stable release; netfilter: |
| | nf_tables: do not ignore genmask when |
| | looking up chain by id [CVE-2023-31248], |
| | prevent OOB access in nft_byteorder_eval |
| | [CVE-2023-35001] |
| | |
| linux-signed-i386 [44] | New upstream stable release; netfilter: |
| | nf_tables: do not ignore genmask when |
| | looking up chain by id [CVE-2023-31248], |
| | prevent OOB access in nft_byteorder_eval |
| | [CVE-2023-35001] |
| | |
| mailman3 [45] | Drop redundant cron job; handle ordering |
| | of services when MariaDB is present |
| | |
| marco [46] | Show correct window title when owned by |
| | superuser |
| | |
| mate-control-center [47] | Fix several memory leaks |
| | |
| mate-power-manager [48] | Fix several memory leaks |
| | |
| mate-session- | Fix several memory leaks; allow clutter |
| manager [49] | backends other than x11 |
| | |
| multipath-tools [50] | Hide underlying paths from LVM; prevent |
| | initial service failure on new |
| | installations |
| | |
| mutter [51] | New upstream bugfix release |
| | |
| network-manager- | Build editor component with GTK 4 |
| strongswan [52] | support |
| | |
| nfdump [53] | Return success when starting; fix |
| | segfault in option parsing |
| | |
| nftables [54] | Fix regression in set listing format |
| | |
| node-openpgp-seek- | Correct installation of files in seek- |
| bzip [55] | bzip package |
| | |
| node-tough-cookie [56] | Fix prototype pollution issue [CVE-2023- |
| | 26136] |
| | |
| node-undici [57] | Security fixes: protect "Host" HTTP |
| | header from CLRF injection [CVE-2023- |
| | 23936]; potential ReDoS on Headers.set |
| | and Headers.append [CVE-2023-24807] |
| | |
| node-webpack [58] | Security fix (cross-realm objects) |
| | [CVE-2023-28154] |
| | |
| nvidia-cuda-toolkit [59] | Update bundled openjdk-8-jre |
| | |
| nvidia-graphics- | New upstream stable release; security |
| drivers [60] | fixes [CVE-2023-25515 CVE-2023-25516] |
| | |
| nvidia-graphics-drivers- | New upstream stable release; security |
| tesla [61] | fixes [CVE-2023-25515 CVE-2023-25516] |
| | |
| nvidia-graphics-drivers- | New upstream stable release; security |
| tesla-470 [62] | fixes [CVE-2023-25515 CVE-2023-25516] |
| | |
| nvidia-modprobe [63] | New upstream bugfix release |
| | |
| nvidia-open-gpu-kernel- | New upstream stable release; security |
| modules [64] | fixes [CVE-2023-25515 CVE-2023-25516] |
| | |
| nvidia-support [65] | Add Breaks against incompatible packages |
| | from bullseye |
| | |
| onionshare [66] | Fix installation of desktop furniture |
| | |
| openvpn [67] | Fix memory leak and dangling pointer |
| | (possible crash vector) |
| | |
| pacemaker [68] | Fix regression in the resource scheduler |
| | |
| postfix [69] | New upstream bugfix release; fix |
| | "postfix set-permissions" |
| | |
| proftpd-dfsg [70] | Do not enable inetd-style socket at |
| | installation |
| | |
| qemu [71] | New upstream stable release; fix USB |
| | devices not being available to XEN HVM |
| | domUs; 9pfs: prevent opening special |
| | files [CVE-2023-2861]; fix reentrancy |
| | issues in the LSI controller [CVE-2023- |
| | 0330] |
| | |
| request-tracker5 [72] | Fix links to documentation |
| | |
| rime-cantonese [73] | Sort words and characters by frequency |
| | |
| rime-luna-pinyin [74] | Install missing pinyin schema data |
| | |
| samba [75] | New upstream stable release; ensure |
| | manpages are generated during build; |
| | enable ability to store kerberos tickets |
| | in kernel keyring; fix build issues on |
| | armel and mipsel; fix windows logon/ |
| | trust issues with 2023-07 windows |
| | updates |
| | |
| schleuder-cli [76] | Security fix (value escaping) |
| | |
| smarty4 [77] | Fix arbitrary code execution issue |
| | [CVE-2023-28447] |
| | |
| spip [78] | Various security issues; security fix |
| | (authentication data filtering) |
| | |
| sra-sdk [79] | Fix installation of files in libngs-java |
| | |
| sudo [80] | Fix event log format |
| | |
| systemd [81] | New upstream bugfix release |
| | |
| tang [82] | Fix race condition when creating/ |
| | rotating keys [CVE-2023-1672] |
| | |
| texlive-bin [83] | Disable socket in luatex by default |
| | [CVE-2023-32668]; make installable on |
| | i386 |
| | |
| unixodbc [84] | Add Breaks+Replaces against |
| | odbcinst1debian1 |
| | |
| usb.ids [85] | Update included data |
| | |
| vm [86] | Disable byte compilation |
| | |
| vte2.91 [87] | New upstream bugfix release |
| | |
| xerial-sqlite-jdbc [88] | Use a UUID for connection ID [CVE-2023- |
| | 32697] |
| | |
| yajl [89] | Memory leak security fix; fix denial of |
| | service issue [CVE-2017-16516], integer |
| | overflow issue [CVE-2022-24795] |
| | |
+--------------------------+------------------------------------------+
1: https://packages.debian.org/src:aide
2: https://packages.debian.org/src:autofs
3: https://packages.debian.org/src:ayatana-indicator-datetime
4: https://packages.debian.org/src:base-files
5: https://packages.debian.org/src:bepasty
6: https://packages.debian.org/src:boost1.81
7: https://packages.debian.org/src:bup
8: https://packages.debian.org/src:context
9: https://packages.debian.org/src:cpdb-libs
10: https://packages.debian.org/src:cpp-httplib
11: https://packages.debian.org/src:crowdsec
12: https://packages.debian.org/src:cups
13: https://packages.debian.org/src:cvs
14: https://packages.debian.org/src:dbus
15: https://packages.debian.org/src:debian-installer
16: https://packages.debian.org/src:debian-installer-netboot-images
17: https://packages.debian.org/src:desktop-base
18: https://packages.debian.org/src:dh-python
19: https://packages.debian.org/src:dkms
20: https://packages.debian.org/src:dnf
21: https://packages.debian.org/src:dpdk
22: https://packages.debian.org/src:exim4
23: https://packages.debian.org/src:fai
24: https://packages.debian.org/src:glibc
25: https://packages.debian.org/src:gnome-control-center
26: https://packages.debian.org/src:gnome-maps
27: https://packages.debian.org/src:gnome-shell
28: https://packages.debian.org/src:gnome-software
29: https://packages.debian.org/src:gosa
30: https://packages.debian.org/src:groonga
31: https://packages.debian.org/src:guestfs-tools
32: https://packages.debian.org/src:indent
33: https://packages.debian.org/src:installation-guide
34: https://packages.debian.org/src:kanboard
35: https://packages.debian.org/src:kf5-messagelib
36: https://packages.debian.org/src:libmatekbd
37: https://packages.debian.org/src:libnginx-mod-http-modsecurity
38: https://packages.debian.org/src:libreoffice
39: https://packages.debian.org/src:libreswan
40: https://packages.debian.org/src:libxml2
41: https://packages.debian.org/src:linux
42: https://packages.debian.org/src:linux-signed-amd64
43: https://packages.debian.org/src:linux-signed-arm64
44: https://packages.debian.org/src:linux-signed-i386
45: https://packages.debian.org/src:mailman3
46: https://packages.debian.org/src:marco
47: https://packages.debian.org/src:mate-control-center
48: https://packages.debian.org/src:mate-power-manager
49: https://packages.debian.org/src:mate-session-manager
50: https://packages.debian.org/src:multipath-tools
51: https://packages.debian.org/src:mutter
52: https://packages.debian.org/src:network-manager-strongswan
53: https://packages.debian.org/src:nfdump
54: https://packages.debian.org/src:nftables
55: https://packages.debian.org/src:node-openpgp-seek-bzip
56: https://packages.debian.org/src:node-tough-cookie
57: https://packages.debian.org/src:node-undici
58: https://packages.debian.org/src:node-webpack
59: https://packages.debian.org/src:nvidia-cuda-toolkit
60: https://packages.debian.org/src:nvidia-graphics-drivers
61: https://packages.debian.org/src:nvidia-graphics-drivers-tesla
62: https://packages.debian.org/src:nvidia-graphics-drivers-tesla-470
63: https://packages.debian.org/src:nvidia-modprobe
64: https://packages.debian.org/src:nvidia-open-gpu-kernel-modules
65: https://packages.debian.org/src:nvidia-support
66: https://packages.debian.org/src:onionshare
67: https://packages.debian.org/src:openvpn
68: https://packages.debian.org/src:pacemaker
69: https://packages.debian.org/src:postfix
70: https://packages.debian.org/src:proftpd-dfsg
71: https://packages.debian.org/src:qemu
72: https://packages.debian.org/src:request-tracker5
73: https://packages.debian.org/src:rime-cantonese
74: https://packages.debian.org/src:rime-luna-pinyin
75: https://packages.debian.org/src:samba
76: https://packages.debian.org/src:schleuder-cli
77: https://packages.debian.org/src:smarty4
78: https://packages.debian.org/src:spip
79: https://packages.debian.org/src:sra-sdk
80: https://packages.debian.org/src:sudo
81: https://packages.debian.org/src:systemd
82: https://packages.debian.org/src:tang
83: https://packages.debian.org/src:texlive-bin
84: https://packages.debian.org/src:unixodbc
85: https://packages.debian.org/src:usb.ids
86: https://packages.debian.org/src:vm
87: https://packages.debian.org/src:vte2.91
88: https://packages.debian.org/src:xerial-sqlite-jdbc
89: https://packages.debian.org/src:yajl
Security Updates
----------------
This revision adds the following security updates to the stable release.
The Security Team has already released an advisory for each of these
updates:
+----------------+---------------------------+
| Advisory ID | Package |
+----------------+---------------------------+
| DSA-5423 [90] | thunderbird [91] |
| | |
| DSA-5425 [92] | php8.2 [93] |
| | |
| DSA-5427 [94] | webkit2gtk [95] |
| | |
| DSA-5428 [96] | chromium [97] |
| | |
| DSA-5429 [98] | wireshark [99] |
| | |
| DSA-5430 [100] | openjdk-17 [101] |
| | |
| DSA-5432 [102] | xmltooling [103] |
| | |
| DSA-5433 [104] | libx11 [105] |
| | |
| DSA-5434 [106] | minidlna [107] |
| | |
| DSA-5435 [108] | trafficserver [109] |
| | |
| DSA-5436 [110] | hsqldb1.8.0 [111] |
| | |
| DSA-5437 [112] | hsqldb [113] |
| | |
| DSA-5439 [114] | bind9 [115] |
| | |
| DSA-5440 [116] | chromium [117] |
| | |
| DSA-5443 [118] | gst-plugins-base1.0 [119] |
| | |
| DSA-5444 [120] | gst-plugins-bad1.0 [121] |
| | |
| DSA-5445 [122] | gst-plugins-good1.0 [123] |
| | |
| DSA-5446 [124] | ghostscript [125] |
| | |
| DSA-5447 [126] | mediawiki [127] |
| | |
| DSA-5448 [128] | linux-signed-amd64 [129] |
| | |
| DSA-5448 [130] | linux-signed-arm64 [131] |
| | |
| DSA-5448 [132] | linux-signed-i386 [133] |
| | |
| DSA-5448 [134] | linux [135] |
| | |
| DSA-5449 [136] | webkit2gtk [137] |
| | |
| DSA-5450 [138] | firefox-esr [139] |
| | |
| DSA-5451 [140] | thunderbird [141] |
| | |
+----------------+---------------------------+
90: https://www.debian.org/security/2023/dsa-5423
91: https://packages.debian.org/src:thunderbird
92: https://www.debian.org/security/2023/dsa-5425
93: https://packages.debian.org/src:php8.2
94: https://www.debian.org/security/2023/dsa-5427
95: https://packages.debian.org/src:webkit2gtk
96: https://www.debian.org/security/2023/dsa-5428
97: https://packages.debian.org/src:chromium
98: https://www.debian.org/security/2023/dsa-5429
99: https://packages.debian.org/src:wireshark
100: https://www.debian.org/security/2023/dsa-5430
101: https://packages.debian.org/src:openjdk-17
102: https://www.debian.org/security/2023/dsa-5432
103: https://packages.debian.org/src:xmltooling
104: https://www.debian.org/security/2023/dsa-5433
105: https://packages.debian.org/src:libx11
106: https://www.debian.org/security/2023/dsa-5434
107: https://packages.debian.org/src:minidlna
108: https://www.debian.org/security/2023/dsa-5435
109: https://packages.debian.org/src:trafficserver
110: https://www.debian.org/security/2023/dsa-5436
111: https://packages.debian.org/src:hsqldb1.8.0
112: https://www.debian.org/security/2023/dsa-5437
113: https://packages.debian.org/src:hsqldb
114: https://www.debian.org/security/2023/dsa-5439
115: https://packages.debian.org/src:bind9
116: https://www.debian.org/security/2023/dsa-5440
117: https://packages.debian.org/src:chromium
118: https://www.debian.org/security/2023/dsa-5443
119: https://packages.debian.org/src:gst-plugins-base1.0
120: https://www.debian.org/security/2023/dsa-5444
121: https://packages.debian.org/src:gst-plugins-bad1.0
122: https://www.debian.org/security/2023/dsa-5445
123: https://packages.debian.org/src:gst-plugins-good1.0
124: https://www.debian.org/security/2023/dsa-5446
125: https://packages.debian.org/src:ghostscript
126: https://www.debian.org/security/2023/dsa-5447
127: https://packages.debian.org/src:mediawiki
128: https://www.debian.org/security/2023/dsa-5448
129: https://packages.debian.org/src:linux-signed-amd64
130: https://www.debian.org/security/2023/dsa-5448
131: https://packages.debian.org/src:linux-signed-arm64
132: https://www.debian.org/security/2023/dsa-5448
133: https://packages.debian.org/src:linux-signed-i386
134: https://www.debian.org/security/2023/dsa-5448
135: https://packages.debian.org/src:linux
136: https://www.debian.org/security/2023/dsa-5449
137: https://packages.debian.org/src:webkit2gtk
138: https://www.debian.org/security/2023/dsa-5450
139: https://packages.debian.org/src:firefox-esr
140: https://www.debian.org/security/2023/dsa-5451
141: https://packages.debian.org/src:thunderbird
Debian Installer
----------------
The installer has been updated to include the fixes incorporated into
stable by the point release.
URLs
----
The complete lists of packages that have changed with this revision:
https://deb.debian.org/debian/dists/bookworm/ChangeLog
The current stable distribution:
https://deb.debian.org/debian/dists/stable/
Proposed updates to the stable distribution:
https://deb.debian.org/debian/dists/proposed-updates
stable distribution information (release notes, errata etc.):
https://www.debian.org/releases/stable/
Security announcements and information:
https://www.debian.org/security/
About Debian
------------
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/, send mail to <press@debian.org>, or contact the
stable release team at <debian-release@lists.debian.org>.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature