Boa noite, pessoal! Segue a tradução da notícia do lançamento da versão pontual 12.10. É basicamente a mesma da versão anterior, então deve ser bem tranquilo. Abraços, Charles
<define-tag pagetitle>Atualização Debian 12: 12.10 lançado</define-tag>
<define-tag release_date>2025-03-15</define-tag>
#use wml::debian::news
# $Id:
<define-tag release>12</define-tag>
<define-tag codename>bookworm</define-tag>
<define-tag revision>12.10</define-tag>
<define-tag dsa>
<tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td>
<td align="center"><:
my @p = ();
for my $p (split (/,\s*/, "%2")) {
push (@p, sprintf ('<a href="https://packages.debian.org/src:%s";>%s</a>', $p, $p));
}
print join (", ", @p);
:></td></tr>
</define-tag>
<define-tag correction>
<tr><td><a href="https://packages.debian.org/src:%0";>%0</a></td> <td>%1</td></tr>
</define-tag>
<define-tag srcpkg><a href="https://packages.debian.org/src:%0";>%0</a></define-tag>
<p>O projeto Debian está feliz em anunciar a décima atualização de sua
versão estável (stable) do Debian <release> (codinome <q><codename></q>).
Esta versão pontual adiciona principalmente correções para problemas de
segurança, além de pequenos ajustes para problemas mais sérios. Avisos de
segurança já foram publicados em separado e são referenciados quando
necessário.</p>
<p>Por favor, note que a versão pontual não constitui uma nova versão do Debian
<release>, mas apenas atualiza alguns dos pacotes já incluídos. Não há
necessidade de jogar fora as antigas mídias do <q><codename></q>. Após a
instalação, os pacotes podem ser atualizados para as versões atuais usando um
espelho atualizado do Debian.</p>
<p>Aquelas pessoas que frequentemente instalam atualizações a partir de
security.debian.org não terão que atualizar muitos pacotes, e a maioria de tais
atualizações estão incluídas na versão pontual.</p>
<p>Novas imagens de instalação logo estarão disponíveis nos locais
habituais.</p>
<p>A atualização de uma instalação existente para esta revisão pode ser feita
apontando o sistema de gerenciamento de pacotes para um dos muitos espelhos
HTTP do Debian. Uma lista abrangente de espelhos está disponível em:</p>
<div class="center">
<a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a>
</div>
<h2>Correções gerais de bugs</h2>
<p>Esta atualização da versão estável (stable) adiciona algumas correções
importantes para os seguintes pacotes:</p>
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
<correction 389-ds-base "Fix crash when modifying userPassword using malformed input [CVE-2024-2199 CVE-2024-8445]; prevent denial of service while attempting to log in with a user with a malformed hash in their password [CVE-2024-5953]; prevent denial of service on the directory server with specially-crafted LDAP query [CVE-2024-3657]">
<correction base-files "Update for the point release">
<correction bup "New upstream bugfix release">
<correction containerd "Fix tests causing FTBFS on the auto-builder network">
<correction curl "Fix unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used [CVE-2024-9681]; prevent stopping of stunnel before retries in the built-time tests; fix possible credentials leakage issues [CVE-2024-11053 CVE-2025-0167]; fix test failures due to port clashes">
<correction dacite "Do not cache result of get_default_value_for_field">
<correction dcmtk "Fix issue when rendering an invalid monochrome DICOM image [CVE-2024-47796]; ensure: HighBit < BitsAllocated [CVE-2024-52333]; fix possible overflows when allocating memory [CVE-2024-27628]; fix two segmentation faults [CVE-2024-34508 CVE-2024-34509]; fix arbitrary code execution issue [CVE-2024-28130]; fix buffer overflow issues [CVE-2025-25472 CVE-2025-25474]; fix NULL pointer dereference issue [CVE-2025-25475]">
<correction debian-installer "Increase Linux kernel ABI to 6.1.0-32; rebuild against proposed-updates">
<correction debian-ports-archive-keyring "Add 2026 key; move 2023 and 2024 keys to the removed keyring">
<correction dgit "Add missing parameters for source upload target">
<correction djoser "Fix authentication bypass [CVE-2024-21543]">
<correction dns-root-data "Add the DNSKEY record for KSK-2024">
<correction edk2 "Fix overflow condition in PeCoffLoaderRelocateImage() [CVE-2024-38796]; fix potential UINT32 overflow in S3 ResumeCount [CVE-2024-1298]">
<correction elpa "Fix tests on machines with 2 vCPU or fewer">
<correction flightgear "Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]">
<correction gensim "Fix build failure on single-CPU machines">
<correction glibc "Fix buffer overflow when printing assertion failure message [CVE-2025-0395]; fix memset performance for unaligned destinations; fix TLS performance degradation after dlopen() usage; avoid integer truncation when parsing CPUID data with large cache sizes; ensure data passed to the rseq syscall are properly initialized">
<correction golang-github-containers-buildah "Disable a test known to fail on the auto-builder network, fixing build failure">
<correction intel-microcode "New upstream security release [CVE-2023-34440 CVE-2023-43758 CVE-2024-24582 CVE-2024-28047 CVE-2024-28127 CVE-2024-29214 CVE-2024-31068 CVE-2024-31157 CVE-2024-36293 CVE-2024-37020 CVE-2024-39279 CVE-2024-39355]">
<correction iptables-netflow "Fix build with newer bullseye kernels">
<correction jinja2 "Fix arbitrary code execution issues [CVE-2024-56201 CVE-2024-56326]">
<correction joblib "Fix build failure on single-CPU systems">
<correction lemonldap-ng "Fix CSRF vulnerability on 2FA registration interface [CVE-2024-52948]">
<correction libapache-mod-jk "Set correct default permissions for shared memory [CVE-2024-46544]">
<correction libeconf "Fix buffer overflow vulnerability [CVE-2023-32181 CVE-2023-22652]">
<correction librabbitmq "Add option to read username/password from file [CVE-2023-35789]">
<correction libtar "Fix out-of-bounds read in gnu_longlink() [CVE-2021-33643]; fix out-of-bounds read in gnu_longname() [CVE-2021-33644]; fix memory leak in th_read() [CVE-2021-33645]; fix memory leak in th_read() [CVE-2021-33646]">
<correction linux "New upstream release; bump ABI to 32">
<correction linux-signed-amd64 "New upstream release; bump ABI to 32">
<correction linux-signed-arm64 "New upstream release; bump ABI to 32">
<correction linux-signed-i386 "New upstream release; bump ABI to 32">
<correction linuxcnc "Fix multi axes movement on single axis G0 MDI call">
<correction ltt-control "Fix consumer crash on shutdown">
<correction lttng-modules "Fix build with newer bullseye kernels">
<correction mariadb "New upstream stable release; fix security issue [CVE-2024-21096]; fix denial of service issue [CVE-2025-21490]">
<correction monero "Impose response limits on HTTP server connections [CVE-2025-26819]">
<correction mozc "Install fcitx icons to the correct locations">
<correction ndcube "Ignore test warnings from astropy">
<correction nginx "Fix possible bypass of client certificate authentication [CVE-2025-23419]">
<correction node-axios "Fix CSRF vulnerability [CVE-2023-45857]; fix potential vulnerability in URL when determining an origin [CVE-2024-57965]">
<correction node-js-sdsl "Fix build failure">
<correction node-postcss "Fix mishandling of non-integer values leading to denial of service in nanoid [CVE-2024-55565]; fix parsing of external untrusted CSS [CVE-2023-44270]">
<correction node-recast "Fix build failure">
<correction node-redis "Fix build failure">
<correction node-rollup "Fix build failure arising from changed timeout API">
<correction openh264 "Fix Cisco download URL">
<correction php-nesbot-carbon "Fix arbitrary file include issue [CVE-2025-22145]">
<correction postgresql-15 "New upstream stable release; harden PQescapeString and allied functions against invalidly-encoded strings; improve behavior of libpq's quoting functions [CVE-2025-1094]">
<correction puma "Fix behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers [CVE-2023-40175]; limit size of chunk extensions [CVE-2024-21647]; prevent manipulation of headers set by intermediate proxies [CVE-2024-45614]">
<correction python-django "Fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]">
<correction python-pycdlib "Run tests only if /tmp is tmpfs, otherwise they are known to fail">
<correction rapiddisk "Support Linux versions up to 6.10">
<correction rsyslog "Avoid segmentation fault if a SIGTERM is received during startup">
<correction runit-services "Do not enable dhclient service by default">
<correction seqan3 "Fix parallel running of tests">
<correction simgear "Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]">
<correction spamassassin "New upstream stable release">
<correction sssd "Apply GPO policy consistently [CVE-2023-3758]">
<correction subversion "Fix vulnerable parsing of control characters in paths served by mod_dav_svn [CVE-2024-46901]">
<correction sunpy "Ignore test warnings from astropy">
<correction systemd "New upstream stable release">
<correction tzdata "New upstream release; update data for Paraguay; update leap second information">
<correction vagrant "Fix URL of public Vagrant registry">
<correction vim "Fix crash when expanding <q>~</q> in substitute [CVE-2023-2610]; fix buffer-overflow in vim_regsub_both() [CVE-2023-4738]; fix heap use after free in ins_compl_get_exp() [CVE-2023-4752]; fix heap-buffer-overflow in vim_regsub_both [CVE-2023-4781]; fix buffer-overflow in trunc_string() [CVE-2023-5344]; fix stack-buffer-overflow in option callback functions [CVE-2024-22667]; fix heap-buffer-overflow in ins_typebuf (CVE-2024-43802]; fix use-after-free when closing a buffer [CVE-2024-47814]; fix build failure on 32-bit architectures">
<correction wget "Fix mishandling of semicolons in userinfo in URLs [CVE-2024-38428]">
<correction xen "Allow direct kernel boot with kernels >= 6.12">
</table>
<h2>Atualizações de segurança</h2>
<p>Esta revisão adiciona as seguintes atualizações de segurança para a versão
estável (stable).
A equipe de segurança já lançou um aviso para cada uma dessas atualizações:</p>
<table border=0>
<tr><th>ID do aviso</th> <th>Pacote</th></tr>
<dsa 2024 5834 chromium>
<dsa 2024 5836 xen>
<dsa 2025 5839 firefox-esr>
<dsa 2025 5840 chromium>
<dsa 2025 5841 thunderbird>
<dsa 2025 5842 openafs>
<dsa 2025 5843 rsync>
<dsa 2025 5844 chromium>
<dsa 2025 5845 tomcat10>
<dsa 2025 5846 libreoffice>
<dsa 2025 5847 snapcast>
<dsa 2025 5848 chromium>
<dsa 2025 5849 git-lfs>
<dsa 2025 5850 git>
<dsa 2025 5851 openjpeg2>
<dsa 2025 5852 pdns-recursor>
<dsa 2025 5853 pam-u2f>
<dsa 2025 5854 bind9>
<dsa 2025 5855 chromium>
<dsa 2025 5856 redis>
<dsa 2025 5857 openjdk-17>
<dsa 2025 5858 firefox-esr>
<dsa 2025 5859 chromium>
<dsa 2025 5860 linux-signed-amd64>
<dsa 2025 5860 linux-signed-arm64>
<dsa 2025 5860 linux-signed-i386>
<dsa 2025 5860 linux>
<dsa 2025 5861 thunderbird>
<dsa 2025 5862 cacti>
<dsa 2025 5863 libtasn1-6>
<dsa 2025 5864 pam-pkcs11>
<dsa 2025 5865 webkit2gtk>
<dsa 2025 5866 chromium>
<dsa 2025 5867 gnutls28>
<dsa 2025 5868 openssh>
<dsa 2025 5869 chromium>
<dsa 2025 5870 openh264>
<dsa 2025 5871 emacs>
<dsa 2025 5872 xorg-server>
<dsa 2025 5873 libreoffice>
<dsa 2025 5874 firefox-esr>
<dsa 2025 5875 chromium>
<dsa 2025 5876 thunderbird>
</table>
<h2>Pacotes removidos</h2>
<p>Os seguintes pacotes foram removidos por circunstâncias fora de nosso
controle:</p>
<table border=0>
<tr><th>Pacote</th> <th>Justificativa</th></tr>
<correction kanboard "Unmaintained; security issues">
<correction libnet-easytcp-perl "Unmaintained upstream; security issues">
<correction looking-glass "Not suitable for a stable release">
</table>
<h2>Instalador do Debian</h2>
<p>O instalador foi atualizado para incluir as correções incorporadas
na versão estável (stable) pela versão pontual.</p>
<h2>URLs</h2>
<p>As listas completas dos pacotes que foram alterados por esta revisão:</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog">
</div>
<p>A atual versão estável (stable):</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/stable/";>
</div>
<p>Atualizações propostas (proposed updates) para a versão estável (stable):</p>
<div class="center">
<url "https://deb.debian.org/debian/dists/proposed-updates";>
</div>
<p>Informações da versão estável (stable) (notas de lançamento, errata, etc):</p>
<div class="center">
<a
href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a>
</div>
<p>Anúncios de segurança e informações:</p>
<div class="center">
<a href="$(HOME)/security/">https://www.debian.org/security/</a>
</div>
<h2>Sobre o Debian</h2>
<p>O projeto Debian é uma associação de desenvolvedores(as) de Software Livre
que dedicam seu tempo e esforço como voluntários(as) para produzir o sistema
operacional completamente livre Debian.</p>
<h2>Informações de contato</h2>
<p>Para mais informações, por favor visite as páginas web do Debian em
<a href="$(HOME)/">https://www.debian.org/</a>, envie um e-mail (em inglês) para
<press@debian.org>, ou entre em contato (em inglês) com a equipe de
lançamento da versão estável (stable) em
<debian-release@lists.debian.org>.</p>
Attachment:
signature.asc
Description: PGP signature