------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 12: 12.8 released press@debian.org November 9th, 2024 https://www.debian.org/News/2024/20241109 ------------------------------------------------------------------------ The Debian project is pleased to announce the eighth update of its stable distribution Debian 12 (codename "bookworm"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 12 but only updates some of the packages included. There is no need to throw away old "bookworm" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +--------------------------+------------------------------------------+ | Package | Reason | +--------------------------+------------------------------------------+ | 7zip [1] | Fix heap buffer overflow in NTFS handler | | | [CVE-2023-52168]; fix out-of-bounds read | | | in NTFS handler [CVE-2023-52169] | | | | | amanda [2] | Update incomplete fix for CVE-2022- | | | 37704, restoring operation with xfsdump | | | | | apr [3] | Use 0600 perms for named shared mem | | | consistently [CVE-2023-49582] | | | | | base-files [4] | Update for the point release | | | | | btrfs-progs [5] | Fix checksum calculation errors during | | | volume conversion in btrfs-convert | | | | | calamares-settings- | Fix missing launcher on KDE desktops; | | debian [6] | fix btrfs mounts | | | | | cjson [7] | Fix segmentation violation issue | | | [CVE-2024-31755] | | | | | clamav [8] | New upstream stable release; fix denial | | | of service issue [CVE-2024-20505], file | | | corruption issue [CVE-2024-20506] | | | | | cloud-init [9] | Add support for multiple networkd Route | | | sections | | | | | cloud-initramfs- | Add missing dependencies in the | | tools [10] | initramfs | | | | | curl [11] | Fix incorrect handling of some OCSP | | | responses [CVE-2024-8096] | | | | | debian-installer [12] | Reinstate some armel netboot targets | | | (openrd); increase Linux kernel ABI to | | | 6.1.0-27; rebuild against proposed- | | | updates | | | | | debian-installer- | Rebuild against proposed-updates | | netboot-images [13] | | | | | | devscripts [14] | bts: always upgrade to STARTTLS on 587/ | | | tcp; build-rdeps: add support for non- | | | free-firmware; chdist: update | | | sources.list examples with non-free- | | | firmware; build-rdeps: use all available | | | distros by default | | | | | diffoscope [15] | Fix build failure when processing a | | | deliberately overlapping zip file in | | | tests | | | | | distro-info-data [16] | Add Ubuntu 25.04 | | | | | docker.io [17] | Fix bypassing of AuthZ plugins in some | | | circumstances [CVE-2024-41110] | | | | | dpdk [18] | New upstream stable release | | | | | exim4 [19] | Fix crash in dbmnz when looking up keys | | | with no content | | | | | fcgiwrap [20] | Set proper ownership on repositories in | | | git backend | | | | | galera-4 [21] | New upstream stable release | | | | | glib2.0 [22] | Provide libgio-2.0-dev from libglib2.0- | | | dev, and libgio-2.0-dev-bin from | | | libglib2.0-dev-bin | | | | | glibc [23] | Change Croatian locale to use Euro as | | | currency; revert upstream commit that | | | modified the GLIBC_PRIVATE ABI, causing | | | crashes with some static binaries on | | | arm64; vfscanf(): fix matches longer | | | than INT_MAX; ungetc(): fix | | | uninitialized read when putting into | | | unused streams, backup buffer leak on | | | program exit; mremap(): fix support for | | | the MREMAP_DONTUNMAP option; resolv: fix | | | timeouts caused by short error responses | | | or when single-request mode is enabled | | | in resolv.conf | | | | | gtk+3.0 [24] | Fix letting Orca announce initial focus | | | | | ikiwiki-hosting [25] | Allow reading of all user repositories | | | | | intel-microcode [26] | New upstream release; security fixes | | | [CVE-2024-23984 CVE-2024-24968] | | | | | ipmitool [27] | Fix a buffer overrun in "open" | | | interface; fix "lan print fails on | | | unsupported parameters" ; fix reading of | | | temperature sensors; fix using hex | | | values when sending raw data | | | | | iputils [28] | Fix incorrect handling of ICMP responses | | | intended for other processes | | | | | kexec-tools [29] | Mask kexec.service to prevent the init.d | | | script handling kexec process on a | | | systemd enabled system | | | | | lemonldap-ng [30] | Fix cross-site scripting vulnerability | | | on login page [CVE-2024-48933] | | | | | lgogdownloader [31] | Fix parsing of Galaxy URLs | | | | | libskk [32] | Prevent crash on invalid JSON escape | | | | | libvirt [33] | Fix running i686 VMs with AppArmor on | | | the host; prevent certain guests from | | | becoming unbootable or disappearing | | | during upgrade | | | | | linux [34] | New upstream release; bump ABI to 27 | | | | | linux-signed-amd64 [35] | New upstream release; bump ABI to 27 | | | | | linux-signed-arm64 [36] | New upstream release; bump ABI to 27 | | | | | linux-signed-i386 [37] | New upstream release; bump ABI to 27 | | | | | llvm-toolchain-15 [38] | Architecture-specific rebuild on | | | mips64el to sync version with other | | | architectures | | | | | nghttp2 [39] | Fix denial of service issue [CVE-2024- | | | 28182] | | | | | ninja-build [40] | Support large inode numbers on 32-bit | | | systems | | | | | node-dompurify [41] | Fix prototype pollution issues | | | [CVE-2024-45801 CVE-2024-48910] | | | | | node-es-module- | Fix build failure | | lexer [42] | | | | | | node-globby [43] | Fix build failure | | | | | node-mdn-browser-compat- | Fix build failure | | data [44] | | | | | | node-rollup-plugin-node- | Fix build failure | | polyfills [45] | | | | | | node-tap [46] | Fix build failure | | | | | node-xterm [47] | Fix TypeScript declarations | | | | | node-y-protocols [48] | Fix build failure | | | | | node-y-websocket [49] | Fix build failure | | | | | node-ytdl-core [50] | Fix build failure | | | | | notify-osd [51] | Correct executable path in desktop | | | launcher file | | | | | ntfs-3g [52] | Fix use-after-free in "ntfs-uppercase- | | | mbs" ; re-classify fuse as Depends, not | | | Pre-Depends | | | | | openssl [53] | New upstream stable release; fix buffer | | | overread issue [CVE-2024-5535], out of | | | bounds memory access [CVE-2024-9143] | | | | | ostree [54] | Prevent crashing libflatpak when using | | | curl 8.10 | | | | | puppetserver [55] | Reinstate scheduled job to clean reports | | | after 30 days, avoiding disk space | | | exhaustion | | | | | puredata [56] | Fix privilege escalation issue | | | [CVE-2023-47480] | | | | | python-cryptography [57] | Fix NULL dereference when loading PKCS7 | | | certificates [CVE-2023-49083]; fix NULL | | | dereference when PKCS#12 key and cert | | | don't match [CVE-2024-26130] | | | | | python3.11 [58] | Fix regression in zipfile.Path; prevent | | | ReDoS vulnerability with crafted tar | | | archives | | | | | reprepro [59] | Prevent hangs when running unzstd | | | | | sqlite3 [60] | Fix a buffer overread issue [CVE-2023- | | | 7104], a stack overflow issue and an | | | integer overflow issue | | | | | sumo [61] | Fix a race condition when building | | | documentation | | | | | systemd [62] | New upstream stable release | | | | | tgt [63] | chap: Use proper entropy source | | | [CVE-2024-45751] | | | | | timeshift [64] | Add missing dependency on pkexec | | | | | util-linux [65] | Allow lscpu to identify new Arm cores | | | | | vmdb2 [66] | Set locale to UTF-8 | | | | | wireshark [67] | New upstream security release [CVE-2024- | | | 0208, CVE-2024-0209, CVE-2024-2955, | | | CVE-2024-4853, CVE-2024-4854, CVE-2024- | | | 4855, CVE-2024-8250, CVE-2024-8645] | | | | | xfpt [68] | Fix buffer overflow issue [CVE-2024- | | | 43700] | | | | +--------------------------+------------------------------------------+ 1: https://packages.debian.org/src:7zip 2: https://packages.debian.org/src:amanda 3: https://packages.debian.org/src:apr 4: https://packages.debian.org/src:base-files 5: https://packages.debian.org/src:btrfs-progs 6: https://packages.debian.org/src:calamares-settings-debian 7: https://packages.debian.org/src:cjson 8: https://packages.debian.org/src:clamav 9: https://packages.debian.org/src:cloud-init 10: https://packages.debian.org/src:cloud-initramfs-tools 11: https://packages.debian.org/src:curl 12: https://packages.debian.org/src:debian-installer 13: https://packages.debian.org/src:debian-installer-netboot-images 14: https://packages.debian.org/src:devscripts 15: https://packages.debian.org/src:diffoscope 16: https://packages.debian.org/src:distro-info-data 17: https://packages.debian.org/src:docker.io 18: https://packages.debian.org/src:dpdk 19: https://packages.debian.org/src:exim4 20: https://packages.debian.org/src:fcgiwrap 21: https://packages.debian.org/src:galera-4 22: https://packages.debian.org/src:glib2.0 23: https://packages.debian.org/src:glibc 24: https://packages.debian.org/src:gtk+3.0 25: https://packages.debian.org/src:ikiwiki-hosting 26: https://packages.debian.org/src:intel-microcode 27: https://packages.debian.org/src:ipmitool 28: https://packages.debian.org/src:iputils 29: https://packages.debian.org/src:kexec-tools 30: https://packages.debian.org/src:lemonldap-ng 31: https://packages.debian.org/src:lgogdownloader 32: https://packages.debian.org/src:libskk 33: https://packages.debian.org/src:libvirt 34: https://packages.debian.org/src:linux 35: https://packages.debian.org/src:linux-signed-amd64 36: https://packages.debian.org/src:linux-signed-arm64 37: https://packages.debian.org/src:linux-signed-i386 38: https://packages.debian.org/src:llvm-toolchain-15 39: https://packages.debian.org/src:nghttp2 40: https://packages.debian.org/src:ninja-build 41: https://packages.debian.org/src:node-dompurify 42: https://packages.debian.org/src:node-es-module-lexer 43: https://packages.debian.org/src:node-globby 44: https://packages.debian.org/src:node-mdn-browser-compat-data 45: https://packages.debian.org/src:node-rollup-plugin-node-polyfills 46: https://packages.debian.org/src:node-tap 47: https://packages.debian.org/src:node-xterm 48: https://packages.debian.org/src:node-y-protocols 49: https://packages.debian.org/src:node-y-websocket 50: https://packages.debian.org/src:node-ytdl-core 51: https://packages.debian.org/src:notify-osd 52: https://packages.debian.org/src:ntfs-3g 53: https://packages.debian.org/src:openssl 54: https://packages.debian.org/src:ostree 55: https://packages.debian.org/src:puppetserver 56: https://packages.debian.org/src:puredata 57: https://packages.debian.org/src:python-cryptography 58: https://packages.debian.org/src:python3.11 59: https://packages.debian.org/src:reprepro 60: https://packages.debian.org/src:sqlite3 61: https://packages.debian.org/src:sumo 62: https://packages.debian.org/src:systemd 63: https://packages.debian.org/src:tgt 64: https://packages.debian.org/src:timeshift 65: https://packages.debian.org/src:util-linux 66: https://packages.debian.org/src:vmdb2 67: https://packages.debian.org/src:wireshark 68: https://packages.debian.org/src:xfpt Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+--------------------------+ | Advisory ID | Package | +----------------+--------------------------+ | DSA-5729 [69] | apache2 [70] | | | | | DSA-5733 [71] | thunderbird [72] | | | | | DSA-5744 [73] | thunderbird [74] | | | | | DSA-5758 [75] | trafficserver [76] | | | | | DSA-5759 [77] | python3.11 [78] | | | | | DSA-5760 [79] | ghostscript [80] | | | | | DSA-5761 [81] | chromium [82] | | | | | DSA-5762 [83] | webkit2gtk [84] | | | | | DSA-5763 [85] | pymatgen [86] | | | | | DSA-5764 [87] | openssl [88] | | | | | DSA-5765 [89] | firefox-esr [90] | | | | | DSA-5766 [91] | chromium [92] | | | | | DSA-5767 [93] | thunderbird [94] | | | | | DSA-5768 [95] | chromium [96] | | | | | DSA-5769 [97] | git [98] | | | | | DSA-5770 [99] | expat [100] | | | | | DSA-5771 [101] | php-twig [102] | | | | | DSA-5772 [103] | libreoffice [104] | | | | | DSA-5773 [105] | chromium [106] | | | | | DSA-5774 [107] | ruby-saml [108] | | | | | DSA-5775 [109] | chromium [110] | | | | | DSA-5776 [111] | tryton-server [112] | | | | | DSA-5777 [113] | booth [114] | | | | | DSA-5778 [115] | cups-filters [116] | | | | | DSA-5779 [117] | cups [118] | | | | | DSA-5780 [119] | php8.2 [120] | | | | | DSA-5781 [121] | chromium [122] | | | | | DSA-5782 [123] | linux-signed-amd64 [124] | | | | | DSA-5782 [125] | linux-signed-arm64 [126] | | | | | DSA-5782 [127] | linux-signed-i386 [128] | | | | | DSA-5782 [129] | linux [130] | | | | | DSA-5783 [131] | firefox-esr [132] | | | | | DSA-5784 [133] | oath-toolkit [134] | | | | | DSA-5785 [135] | mediawiki [136] | | | | | DSA-5786 [137] | libgsf [138] | | | | | DSA-5787 [139] | chromium [140] | | | | | DSA-5788 [141] | firefox-esr [142] | | | | | DSA-5789 [143] | thunderbird [144] | | | | | DSA-5790 [145] | node-dompurify [146] | | | | | DSA-5791 [147] | python-reportlab [148] | | | | | DSA-5792 [149] | webkit2gtk [150] | | | | | DSA-5793 [151] | chromium [152] | | | | | DSA-5794 [153] | openjdk-17 [154] | | | | | DSA-5795 [155] | python-sql [156] | | | | | DSA-5796 [157] | libheif [158] | | | | | DSA-5797 [159] | twisted [160] | | | | | DSA-5798 [161] | activemq [162] | | | | | DSA-5799 [163] | chromium [164] | | | | | DSA-5800 [165] | xorg-server [166] | | | | | DSA-5802 [167] | chromium [168] | | | | +----------------+--------------------------+ 69: https://www.debian.org/security/2024/dsa-5729 70: https://packages.debian.org/src:apache2 71: https://www.debian.org/security/2024/dsa-5733 72: https://packages.debian.org/src:thunderbird 73: https://www.debian.org/security/2024/dsa-5744 74: https://packages.debian.org/src:thunderbird 75: https://www.debian.org/security/2024/dsa-5758 76: https://packages.debian.org/src:trafficserver 77: https://www.debian.org/security/2024/dsa-5759 78: https://packages.debian.org/src:python3.11 79: https://www.debian.org/security/2024/dsa-5760 80: https://packages.debian.org/src:ghostscript 81: https://www.debian.org/security/2024/dsa-5761 82: https://packages.debian.org/src:chromium 83: https://www.debian.org/security/2024/dsa-5762 84: https://packages.debian.org/src:webkit2gtk 85: https://www.debian.org/security/2024/dsa-5763 86: https://packages.debian.org/src:pymatgen 87: https://www.debian.org/security/2024/dsa-5764 88: https://packages.debian.org/src:openssl 89: https://www.debian.org/security/2024/dsa-5765 90: https://packages.debian.org/src:firefox-esr 91: https://www.debian.org/security/2024/dsa-5766 92: https://packages.debian.org/src:chromium 93: https://www.debian.org/security/2024/dsa-5767 94: https://packages.debian.org/src:thunderbird 95: https://www.debian.org/security/2024/dsa-5768 96: https://packages.debian.org/src:chromium 97: https://www.debian.org/security/2024/dsa-5769 98: https://packages.debian.org/src:git 99: https://www.debian.org/security/2024/dsa-5770 100: https://packages.debian.org/src:expat 101: https://www.debian.org/security/2024/dsa-5771 102: https://packages.debian.org/src:php-twig 103: https://www.debian.org/security/2024/dsa-5772 104: https://packages.debian.org/src:libreoffice 105: https://www.debian.org/security/2024/dsa-5773 106: https://packages.debian.org/src:chromium 107: https://www.debian.org/security/2024/dsa-5774 108: https://packages.debian.org/src:ruby-saml 109: https://www.debian.org/security/2024/dsa-5775 110: https://packages.debian.org/src:chromium 111: https://www.debian.org/security/2024/dsa-5776 112: https://packages.debian.org/src:tryton-server 113: https://www.debian.org/security/2024/dsa-5777 114: https://packages.debian.org/src:booth 115: https://www.debian.org/security/2024/dsa-5778 116: https://packages.debian.org/src:cups-filters 117: https://www.debian.org/security/2024/dsa-5779 118: https://packages.debian.org/src:cups 119: https://www.debian.org/security/2024/dsa-5780 120: https://packages.debian.org/src:php8.2 121: https://www.debian.org/security/2024/dsa-5781 122: https://packages.debian.org/src:chromium 123: https://www.debian.org/security/2024/dsa-5782 124: https://packages.debian.org/src:linux-signed-amd64 125: https://www.debian.org/security/2024/dsa-5782 126: https://packages.debian.org/src:linux-signed-arm64 127: https://www.debian.org/security/2024/dsa-5782 128: https://packages.debian.org/src:linux-signed-i386 129: https://www.debian.org/security/2024/dsa-5782 130: https://packages.debian.org/src:linux 131: https://www.debian.org/security/2024/dsa-5783 132: https://packages.debian.org/src:firefox-esr 133: https://www.debian.org/security/2024/dsa-5784 134: https://packages.debian.org/src:oath-toolkit 135: https://www.debian.org/security/2024/dsa-5785 136: https://packages.debian.org/src:mediawiki 137: https://www.debian.org/security/2024/dsa-5786 138: https://packages.debian.org/src:libgsf 139: https://www.debian.org/security/2024/dsa-5787 140: https://packages.debian.org/src:chromium 141: https://www.debian.org/security/2024/dsa-5788 142: https://packages.debian.org/src:firefox-esr 143: https://www.debian.org/security/2024/dsa-5789 144: https://packages.debian.org/src:thunderbird 145: https://www.debian.org/security/2024/dsa-5790 146: https://packages.debian.org/src:node-dompurify 147: https://www.debian.org/security/2024/dsa-5791 148: https://packages.debian.org/src:python-reportlab 149: https://www.debian.org/security/2024/dsa-5792 150: https://packages.debian.org/src:webkit2gtk 151: https://www.debian.org/security/2024/dsa-5793 152: https://packages.debian.org/src:chromium 153: https://www.debian.org/security/2024/dsa-5794 154: https://packages.debian.org/src:openjdk-17 155: https://www.debian.org/security/2024/dsa-5795 156: https://packages.debian.org/src:python-sql 157: https://www.debian.org/security/2024/dsa-5796 158: https://packages.debian.org/src:libheif 159: https://www.debian.org/security/2024/dsa-5797 160: https://packages.debian.org/src:twisted 161: https://www.debian.org/security/2024/dsa-5798 162: https://packages.debian.org/src:activemq 163: https://www.debian.org/security/2024/dsa-5799 164: https://packages.debian.org/src:chromium 165: https://www.debian.org/security/2024/dsa-5800 166: https://packages.debian.org/src:xorg-server 167: https://www.debian.org/security/2024/dsa-5802 168: https://packages.debian.org/src:chromium Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/bookworm/ChangeLog The current stable distribution: https://deb.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: https://deb.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
Attachment:
signature.asc
Description: This is a digitally signed message part