diff options
author | Donald Norwood <donald@debian.org> | 2023-07-22 07:21:47 -0400 |
---|---|---|
committer | Donald Norwood <donald@debian.org> | 2023-07-22 07:21:47 -0400 |
commit | 12bca8feb02709ac7bb36c278cd8ecb5541f8269 (patch) | |
tree | 512c90c6f98a5add6d19390ca1cebed06244698c /english/News | |
parent | 0b0e12e42370f857970dd7828e91177aa04d705a (diff) |
Debian 12.1 point release
Diffstat (limited to 'english/News')
-rw-r--r-- | english/News/2023/20230722.wml | 243 |
1 files changed, 243 insertions, 0 deletions
diff --git a/english/News/2023/20230722.wml b/english/News/2023/20230722.wml new file mode 100644 index 00000000000..3071066e93a --- /dev/null +++ b/english/News/2023/20230722.wml @@ -0,0 +1,243 @@ +<define-tag pagetitle>Updated Debian 12: 12.1 released</define-tag> +<define-tag release_date>2023-07-22/define-tag> +#use wml::debian::news +# $Id: + +<define-tag release>12</define-tag> +<define-tag codename>bookworm</define-tag> +<define-tag revision>12.1</define-tag> + +<define-tag dsa> + <tr><td align="center"><a href="$(HOME)/security/%0/dsa-%1">DSA-%1</a></td> + <td align="center"><: + my @p = (); + for my $p (split (/,\s*/, "%2")) { + push (@p, sprintf ('<a href="https://packages.debian.org/src:%s">%s</a>', $p, $p)); + } + print join (", ", @p); +:></td></tr> +</define-tag> + +<define-tag correction> + <tr><td><a href="https://packages.debian.org/src:%0">%0</a></td> <td>%1</td></tr> +</define-tag> + +<define-tag srcpkg><a href="https://packages.debian.org/src:%0">%0</a></define-tag> + +<p>The Debian project is pleased to announce the first update of its +stable distribution Debian <release> (codename <q><codename></q>). +This point release mainly adds corrections for security issues, +along with a few adjustments for serious problems. Security advisories +have already been published separately and are referenced where available.</p> + +<p>Please note that the point release does not constitute a new version of Debian +<release> but only updates some of the packages included. There is +no need to throw away old <q><codename></q> media. After installation, +packages can be upgraded to the current versions using an up-to-date Debian +mirror.</p> + +<p>Those who frequently install updates from security.debian.org won't have +to update many packages, and most such updates are +included in the point release.</p> + +<p>New installation images will be available soon at the regular locations.</p> + +<p>Upgrading an existing installation to this revision can be achieved by +pointing the package management system at one of Debian's many HTTP mirrors. +A comprehensive list of mirrors is available at:</p> + +<div class="center"> + <a href="$(HOME)/mirror/list">https://www.debian.org/mirror/list</a> +</div> + + + + +<h2>Miscellaneous Bugfixes</h2> + +<p>This stable update adds a few important corrections to the following packages:</p> + +<table border=0> +<tr><th>Package</th> <th>Reason</th></tr> +<correction aide "Properly handle creating the system user; fix child directory processing on equal match"> +<correction autofs "Fix hang when using Kerberos-authenticated LDAP"> +<correction ayatana-indicator-datetime "Fix playing of custom alarm sounds"> +<correction base-files "Update for the 12.1 point release"> +<correction bepasty "Fix rendering of text uploads"> +<correction boost1.81 "Add missing dependency on libboost-json1.81.0 to libboost-json1.81-dev"> +<correction bup "Correctly restore POSIX ACLs"> +<correction context "Enable socket in ConTeXt mtxrun"> +<correction cpdb-libs "Fix a buffer overflow vulnerability [CVE-2023-34095]"> +<correction cpp-httplib "Fix CRLF injection issue [CVE-2023-26130]"> +<correction crowdsec "Fix default acquis.yaml to also include the journalctl datasource, limited to the ssh.service unit, making sure acquisition works even without the traditional auth.log file; make sure an invalid datasource doesn't make the engine error out"> +<correction cups "Security fixes: use-after-free [CVE-2023-34241]; heap buffer overflow [CVE-2023-32324]"> +<correction cvs "Configure full path to ssh"> +<correction dbus "New upstream stable release; fix denial of service issue [CVE-2023-34969]; stop trying to take DPKG_ROOT into account, restoring copying of systemd's /etc/machine-id in preference to creating an entirely new machine ID"> +<correction debian-installer "Increase Linux kernel ABI to 6.1.0-10; rebuild against proposed-updates"> +<correction debian-installer-netboot-images "Rebuild against proposed-updates"> +<correction desktop-base "Remove emerald alternatives on package uninstallation"> +<correction dh-python "Re-introduce Breaks+Replaces on python2 needed to help apt in some upgrade scenarios"> +<correction dkms "Add Breaks against obsolete, incompatible *-dkms packages"> +<correction dnf "Fix default DNF const PYTHON_INSTALL_DIR"> +<correction dpdk "New upstream stable release"> +<correction exim4 "Fix argument parsing for ${run } expansion; fix ${srs_encode ..} returning incorrect result every 1024 days"> +<correction fai "Fix IP address lifetime"> +<correction glibc "Fix a buffer overflow in gmon; fix a deadlock in getaddrinfo (__check_pf) with deferred cancellation; fix y2038 support in strftime on 32-bit architectures; fix corner case parsing of /etc/gshadow which can return bad pointers, causing segfaults in applications; fix a deadlock in system() when called concurrently from multiple threads; cdefs: limit definition of fortification macros to __FORTIFY_LEVEL > 0 to support old C90 compilers"> +<correction gnome-control-center "New upstream bugfix release"> +<correction gnome-maps "New upstream bugfix release"> +<correction gnome-shell "New upstream bugfix release"> +<correction gnome-software "New upstream release; memory leak fixes"> +<correction gosa "Silence PHP 8.2 deprecation warnings; fix missing template in default theme; fix table styling; fix use of debugLevel > 0"> +<correction groonga "Fix documentation links"> +<correction guestfs-tools "Security update [CVE-2022-2211]"> +<correction indent "Restore the ROUND_UP macro and adjust the initial buffer size"> +<correction installation-guide "Enable Indonesian translation"> +<correction kanboard "Fix malicious injection of HTML tags into DOM [CVE-2023-32685]; fix parameter-based indirect object referencing leading to private file exposure [CVE-2023-33956]; fix missing access controls [CVE-2023-33968, CVE-2023-33970]; fix stored XSS in Task External Link functionality [CVE-2023-33969]"> +<correction kf5-messagelib "Search also for subkeys"> +<correction libmatekbd "Fix memory leaks"> +<correction libnginx-mod-http-modsecurity "Binary rebuild with pcre2"> +<correction libreoffice "New upstream bugfix release"> +<correction libreswan "Fix potential denial-of-service issue [CVE-2023-30570]"> +<correction libxml2 "Fix NULL pointer dereference issue [CVE-2022-2309]"> +<correction linux "New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]"> +<correction linux-signed-amd64 "New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]"> +<correction linux-signed-arm64 "New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]"> +<correction linux-signed-i386 "New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001]"> +<correction mailman3 "Drop redundant cron job; handle ordering of services when MariaDB is present"> +<correction marco "Show correct window title when owned by superuser"> +<correction mate-control-center "Fix several memory leaks"> +<correction mate-power-manager "Fix several memory leaks"> +<correction mate-session-manager "Fix several memory leaks; allow clutter backends other than x11"> +<correction multipath-tools "Hide underlying paths from LVM; prevent initial service failure on new installations"> +<correction mutter "New upstream bugfix release"> +<correction network-manager-strongswan "Build editor component with GTK 4 support"> +<correction nfdump "Return success when starting; fix segfault in option parsing"> +<correction nftables "Fix regression in set listing format"> +<correction node-openpgp-seek-bzip "Correct installation of files in seek-bzip package"> +<correction node-tough-cookie "Fix prototype pollution issue [CVE-2023-26136]"> +<correction node-undici "Security fixes: protect <q>Host</q> HTTP header from CLRF injection [CVE-2023-23936]; potential ReDoS on Headers.set and Headers.append [CVE-2023-24807]"> +<correction node-webpack "Security fix (cross-realm objects) [CVE-2023-28154]"> +<correction nvidia-cuda-toolkit "Update bundled openjdk-8-jre"> +<correction nvidia-graphics-drivers "New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]"> +<correction nvidia-graphics-drivers-tesla "New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]"> +<correction nvidia-graphics-drivers-tesla-470 "New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]"> +<correction nvidia-modprobe "New upstream bugfix release"> +<correction nvidia-open-gpu-kernel-modules "New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516]"> +<correction nvidia-support "Add Breaks against incompatible packages from bullseye"> +<correction onionshare "Fix installation of desktop furniture"> +<correction openvpn "Fix memory leak and dangling pointer (possible crash vector)"> +<correction pacemaker "Fix regression in the resource scheduler"> +<correction postfix "New upstream bugfix release; fix <q>postfix set-permissions</q>"> +<correction proftpd-dfsg "Do not enable inetd-style socket at installation"> +<correction qemu "New upstream stable release; fix USB devices not being available to XEN HVM domUs; 9pfs: prevent opening special files [CVE-2023-2861]; fix reentrancy issues in the LSI controller [CVE-2023-0330]"> +<correction request-tracker5 "Fix links to documentation"> +<correction rime-cantonese "Sort words and characters by frequency"> +<correction rime-luna-pinyin "Install missing pinyin schema data"> +<correction samba "New upstream stable release; ensure manpages are generated during build; enable ability to store kerberos tickets in kernel keyring; fix build issues on armel and mipsel; fix windows logon/trust issues with 2023-07 windows updates"> +<correction schleuder-cli "Security fix (value escaping)"> +<correction smarty4 "Fix arbitrary code execution issue [CVE-2023-28447]"> +<correction spip "Various security issues; security fix (authentication data filtering)"> +<correction sra-sdk "Fix installation of files in libngs-java"> +<correction sudo "Fix event log format"> +<correction systemd "New upstream bugfix release"> +<correction tang "Fix race condition when creating/rotating keys [CVE-2023-1672]"> +<correction texlive-bin "Disable socket in luatex by default [CVE-2023-32668]; make installable on i386"> +<correction unixodbc "Add Breaks+Replaces against odbcinst1debian1"> +<correction usb.ids "Update included data"> +<correction vm "Disable byte compilation"> +<correction vte2.91 "New upstream bugfix release"> +<correction xerial-sqlite-jdbc "Use a UUID for connection ID [CVE-2023-32697]"> +<correction yajl "Memory leak security fix; fix denial of service issue [CVE-2017-16516], integer overflow issue [CVE-2022-24795]"> +</table> + + +<h2>Security Updates</h2> + + +<p>This revision adds the following security updates to the stable release. +The Security Team has already released an advisory for each of these +updates:</p> + +<table border=0> +<tr><th>Advisory ID</th> <th>Package</th></tr> +<dsa 2023 5423 thunderbird> +<dsa 2023 5425 php8.2> +<dsa 2023 5427 webkit2gtk> +<dsa 2023 5428 chromium> +<dsa 2023 5429 wireshark> +<dsa 2023 5430 openjdk-17> +<dsa 2023 5432 xmltooling> +<dsa 2023 5433 libx11> +<dsa 2023 5434 minidlna> +<dsa 2023 5435 trafficserver> +<dsa 2023 5436 hsqldb1.8.0> +<dsa 2023 5437 hsqldb> +<dsa 2023 5439 bind9> +<dsa 2023 5440 chromium> +<dsa 2023 5443 gst-plugins-base1.0> +<dsa 2023 5444 gst-plugins-bad1.0> +<dsa 2023 5445 gst-plugins-good1.0> +<dsa 2023 5446 ghostscript> +<dsa 2023 5447 mediawiki> +<dsa 2023 5448 linux-signed-amd64> +<dsa 2023 5448 linux-signed-arm64> +<dsa 2023 5448 linux-signed-i386> +<dsa 2023 5448 linux> +<dsa 2023 5449 webkit2gtk> +<dsa 2023 5450 firefox-esr> +<dsa 2023 5451 thunderbird> +</table> + + + +<h2>Debian Installer</h2> +<p>The installer has been updated to include the fixes incorporated +into stable by the point release.</p> + +<h2>URLs</h2> + +<p>The complete lists of packages that have changed with this revision:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/<downcase <codename>>/ChangeLog"> +</div> + +<p>The current stable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/stable/"> +</div> + +<p>Proposed updates to the stable distribution:</p> + +<div class="center"> + <url "https://deb.debian.org/debian/dists/proposed-updates"> +</div> + +<p>stable distribution information (release notes, errata etc.):</p> + +<div class="center"> + <a + href="$(HOME)/releases/stable/">https://www.debian.org/releases/stable/</a> +</div> + +<p>Security announcements and information:</p> + +<div class="center"> + <a href="$(HOME)/security/">https://www.debian.org/security/</a> +</div> + +<h2>About Debian</h2> + +<p>The Debian Project is an association of Free Software developers who +volunteer their time and effort in order to produce the completely +free operating system Debian.</p> + +<h2>Contact Information</h2> + +<p>For further information, please visit the Debian web pages at +<a href="$(HOME)/">https://www.debian.org/</a>, send mail to +<press@debian.org>, or contact the stable release team at +<debian-release@lists.debian.org>.</p> + + |