Uppdaterad Debian 12; 12.4 utgiven

10 december 2023

Vänligen notera att detta dokument har uppdaterats på bästa möjligt sätt för att reflektera att Debian 12.3 ersätts av Debian 12.4. Dessa förändringar kom på grund av en felrapport #1057843 i sista sekunden rörande problem med linux-image-6.1.0-14 (6.1.64-1).

Debian 12.4 släpps med linux-image-6.1.0-15 (6.1.66-1), tillsammans med några andra felrättningar.

Debianprojektet presenterar stolt sin fjärde uppdatering till dess stabila utgåva Debian 12 (med kodnamnet bookworm). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 12 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bookworm. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket	Orsak
adequate	Skip symbol-size-mismatch test on architectures where array symbols don't include a specific length; disable deprecation warnings about smartmatch, given, when in Perl 5.38; fix warnings from version comparison about smartmatch being experimental
amanda	Fix local privilege escalation [CVE-2023-30577]
arctica-greeter	Move logo away from border when greeting
awstats	Avoid prompts on upgrade due to logrotate configuration cleanup
axis	Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743]
base-files	Update for the 12.4 point release
ca-certificates-java	Remove circular dependencies
calibre	Fix crash in Get Books when regenerating UIC files
crun	Fix containers with systemd as their init system, when using newer kernel versions
cups	Take into account that on some printers the ColorModel option's choice for color printing is CMYK and not RGB
dav4tbsync	New upstream version, restoring compatibility with newer Thunderbird versions
debian-edu-artwork	Provide an Emerald theme based artwork for Debian Edu 12
debian-edu-config	New upstream stable version; fix setting and changing of LDAP passwords
debian-edu-doc	Update included documentation and translations
debian-edu-fai	New upstream stable version
debian-edu-router	Fix dnsmasq conf generation for networks over VLAN; only generate UIF filter rules for SSH if 'Uplink' interface is defined; update translations
debian-installer	Increase Linux kernel ABI to 6.1.0-15; rebuild against proposed-updates
debian-installer-netboot-images	Rebuild against proposed-updates
debootstrap	Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles
devscripts	Debchange: Update to current Debian distributions
dhcpcd5	Change Breaks/Replaces dhcpcd5 to Conflicts
di-netboot-assistant	Fix support for bookworm live ISO image
distro-info	Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date
distro-info-data	Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates
eas4tbsync	New upstream version, restoring compatibility with newer Thunderbird versions
exfatprogs	Fix out-of-bounds memory access issues [CVE-2023-45897]
exim4	Fix security issues relating to the proxy protocol [CVE-2023-42117] and DNSDB lookups [CVE-2023-42119]; add hardening for SPF lookups; disallow UTF-16 surrogates from ${utf8clean:...}; fix crash with tls_dhparam = none; fix $recipients expansion when used within ${run...}; fix expiry date of auto-generated SSL certificates; fix crash induced by some combinations of zero-length strings and ${tr...}
fonts-noto-color-emoji	Add support for Unicode 15.1
gimp	Add Conflicts and Replaces: gimp-dds to remove old versions of this plugin shipped by gimp itself since 2.10.10
gnome-characters	Add support for Unicode 15.1
gnome-session	Open text files in gnome-text-editor if gedit is not installed
gnome-shell	New upstream stable release; allow notifications to be dismissed with backspace key in addition to the delete key; fix duplicate devices shown when reconnecting to PulseAudio; fix possible use-after-free crashes on PulseAudio/Pipewire restart; avoid sliders in quick settings (volume, etc.) being reported to accessibility tools as their own parent object; align scrolled viewports to the pixel grid to avoid jitter visible during scrolling
gnutls28	Fix timing sidechannel issue [CVE-2023-5981]
gosa	New upstream stable release
gosa-plugins-sudo	Fix uninitialised variable
hash-slinger	Fix generation of TLSA records
intel-graphics-compiler	Fix compatibility with stable's intel-vc-intrinsics version
iotop-c	Fix the logic in only option; fix busy loop when ESC is pressed; fix ASCII graph rendering
jdupes	Update prompts to help avoid choices that could lead to unexpected data loss
lastpass-cli	New upstream stable release; update certificate hashes; add support for reading encrypted URLs
libapache2-mod-python	Ensure binNMU versions are PEP-440-compliant
libde265	Fix segmentation violation issue [CVE-2023-27102], buffer overflow issues [CVE-2023-27103 CVE-2023-47471], buffer over-read issue [CVE-2023-43887]
libervia-backend	Fix start failure without pre-existing configuration; make exec path absolute in dbus service file; fix dependencies on python3-txdbus/python3-dbus
libmateweather	Locations: add San Miguel de Tucuman (Argentina); update forecast zones for Chicago; update data server URL; fix some location names
libsolv	Enable support for zstd compression
linux	Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121]
linux-signed-amd64	Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121]
linux-signed-arm64	Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121]
linux-signed-i386	Update to upstream stable release 6.1.66; update ABI to 15; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121]
llvm-toolchain-16	New backported package to support builds of newer chromium versions
lxc	Fix creating of ephemeral copies
mda-lv2	Fix LV2 plugin installation location
midge	Remove non-free example files
minizip	Fix integer and heap overflow issues [CVE-2023-45853]
mrtg	Handle relocated configuration file; translation updates
mutter	New upstream stable release; fix the ability to drag libdecor windows by their title bar on touchscreens; fix flickering and rendering artifacts when using software rendering; improve GNOME Shell app grid performance by avoiding repainting monitors other than the one it is displayed on
nagios-plugins-contrib	Fix on-disk kernel version detection
network-manager-openconnect	Add User Agent to Openconnect VPN for NetworkManager
node-undici	Delete cookie and host headers on cross-origin redirect [CVE-2023-45143]
nvidia-graphics-drivers	New upstream release; fix null pointer dereference issue [CVE-2023-31022]
nvidia-graphics-drivers-tesla	New upstream release; fix null pointer dereference issue [CVE-2023-31022]
nvidia-graphics-drivers-tesla-470	New upstream release; fix null pointer dereference issue [CVE-2023-31022]
nvidia-open-gpu-kernel-modules	New upstream release; fix null pointer dereference issue [CVE-2023-31022]
opendkim	Fix removal of incoming Authentication-Results: headers [CVE-2022-48521]
openrefine	Fix remote code execution vulnerability [CVE-2023-41887 CVE-2023-41886]
opensc	Fix out-of-bounds read issue [CVE-2023-4535], potential PIN bypass [CVE-2023-40660], memory-handling issues [CVE-2023-40661]
oscrypto	Fix OpenSSL version parsing; fix autopkgtest
pcs	Fix resource move
perl	Fix buffer overrun issue [CVE-2023-47038]
php-phpseclib3	Fix denial of service issue [CVE-2023-49316]
postgresql-15	New upstream stable release; fix SQL injection issue [CVE-2023-39417]; fix MERGE to enforce row security policies properly [CVE-2023-39418]
proftpd-dfsg	Fix size of SSH key exchange buffers
python-cogent	Only skip tests that require multiple CPUs when running on a single CPU system
python3-onelogin-saml2	Fix expired test payloads
pyzoltan	Support building on single core systems
qbittorrent	Disable UPnP for web UI by default in qbittorrent-nox
qemu	Update to upstream stable release 7.2.7; hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467]
qpdf	Fix data loss issue with some quoted octal strings
redis	Drop ProcSubset=pid hardening flag from the systemd unit due to it causing crashes
rust-sd	Ensure binary package versions sorts correctly relative to older releases (where it was built from a different source package)
sitesummary	Use systemd timer for running sitesummary-client if available
speech-dispatcher-contrib	Enable voxin on armhf and arm64
spyder	Fix interface language auto-configuration
symfony	Fix session fixation issue [CVE-2023-46733]; add missing escaping [CVE-2023-46734]
systemd	New upstream stable release
tbsync	New upstream version, restoring compatibility with newer Thunderbird versions
toil	Only request a single core for tests
tzdata	Update leap andra list
unadf	Fix buffer overflow issue [CVE-2016-1243]; fix code execution issue [CVE-2016-1244]
vips	Fix null pointer dereference issue [CVE-2023-40032]
weborf	Fix denial of service issue
wormhole-william	Disable flaky tests, fixing build failures
xen	New upstream stable update; fix several security issues [CVE-2022-40982 CVE-2023-20569 CVE-2023-20588 CVE-2023-20593 CVE-2023-34320 CVE-2023-34321 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-46835 CVE-2023-46836]
yuzu	Strip :native from glslang-tools build dependency, fixing build failure

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID	Paket
DSA-5499	chromium
DSA-5506	firefox-esr
DSA-5508	chromium
DSA-5511	mosquitto
DSA-5512	exim4
DSA-5513	thunderbird
DSA-5514	glibc
DSA-5515	chromium
DSA-5516	libxpm
DSA-5517	libx11
DSA-5518	libvpx
DSA-5519	grub-efi-amd64-signed
DSA-5519	grub-efi-arm64-signed
DSA-5519	grub-efi-ia32-signed
DSA-5519	grub2
DSA-5520	mediawiki
DSA-5521	tomcat10
DSA-5523	curl
DSA-5524	libcue
DSA-5525	samba
DSA-5526	chromium
DSA-5527	webkit2gtk
DSA-5528	node-babel7
DSA-5529	slurm-wlm-contrib
DSA-5529	slurm-wlm
DSA-5531	roundcube
DSA-5532	openssl
DSA-5533	gst-plugins-bad1.0
DSA-5534	xorg-server
DSA-5535	firefox-esr
DSA-5536	chromium
DSA-5538	thunderbird
DSA-5539	node-browserify-sign
DSA-5540	jetty9
DSA-5541	request-tracker5
DSA-5542	request-tracker4
DSA-5543	open-vm-tools
DSA-5544	zookeeper
DSA-5545	vlc
DSA-5546	chromium
DSA-5547	pmix
DSA-5548	jtreg6
DSA-5548	openjdk-17
DSA-5549	trafficserver
DSA-5550	cacti
DSA-5551	chromium
DSA-5552	ffmpeg
DSA-5553	postgresql-15
DSA-5555	openvpn
DSA-5556	chromium
DSA-5557	webkit2gtk
DSA-5558	netty
DSA-5559	wireshark
DSA-5560	strongswan
DSA-5561	firefox-esr
DSA-5562	tor
DSA-5563	intel-microcode
DSA-5564	gimp
DSA-5565	gst-plugins-bad1.0
DSA-5566	thunderbird
DSA-5567	tiff
DSA-5568	fastdds
DSA-5569	chromium
DSA-5570	nghttp2
DSA-5571	rabbitmq-server

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket	Orsak
gimp-dds	No longer required; integrated into GIMP

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

Den aktuella stabila utgåvan:

https://deb.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

https://deb.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <[email protected]>, eller kontakta gruppen för stabila utgåvor på <[email protected]>.