Uppdaterad Debian 12; 12.10 utgiven

15 mars 2025

Debianprojektet presenterar stolt sin tionde uppdatering till dess stabila utgåva Debian 12 (med kodnamnet bookworm). Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem, tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner har redan publicerats separat och refereras när de finns tillgängliga.

Vänligen notera att punktutgåvan inte innebär en ny version av Debian 12 utan endast uppdaterar några av de inkluderade paketen. Det behövs inte kastas bort gamla media av bookworm. Efter installationen kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad Debianspegling..

De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.

Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.

En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:

https://www.debian.org/mirror/list

Blandade felrättningar

Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:

Paket	Orsak
389-ds-base	Fix crash when modifying userPassword using malformed input [CVE-2024-2199 CVE-2024-8445]; prevent denial of service while attempting to log in with a user with a malformed hash in their password [CVE-2024-5953]; prevent denial of service on the directory server with specially-crafted LDAP query [CVE-2024-3657]
base-files	Update for the point release
bup	New upstream bugfix release
containerd	Fix tests causing FTBFS on the auto-builder network
curl	Fix unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used [CVE-2024-9681]; prevent stopping of stunnel before retries in the built-time tests; fix possible credentials leakage issues [CVE-2024-11053 CVE-2025-0167]; fix test failures due to port clashes
dacite	Do not cache result of get_default_value_for_field
dcmtk	Fix issue when rendering an invalid monochrome DICOM image [CVE-2024-47796]; ensure: HighBit < BitsAllocated [CVE-2024-52333]; fix possible overflows when allocating memory [CVE-2024-27628]; fix two segmentation faults [CVE-2024-34508 CVE-2024-34509]; fix arbitrary code execution issue [CVE-2024-28130]; fix buffer overflow issues [CVE-2025-25472 CVE-2025-25474]; fix NULL pointer dereference issue [CVE-2025-25475]
debian-installer	Increase Linux kernel ABI to 6.1.0-32; rebuild against proposed-updates
debian-ports-archive-keyring	Add 2026 key; move 2023 and 2024 keys to the removed keyring
dgit	Add missing parameters for source upload target
djoser	Fix authentication bypass [CVE-2024-21543]
dns-root-data	Add the DNSKEY record for KSK-2024
edk2	Fix overflow condition in PeCoffLoaderRelocateImage() [CVE-2024-38796]; fix potential UINT32 overflow in S3 ResumeCount [CVE-2024-1298]
elpa	Fix tests on machines with 2 vCPU or fewer
flightgear	Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]
gensim	Fix build failure on single-CPU machines
glibc	Fix buffer overflow when printing assertion failure message [CVE-2025-0395]; fix memset performance for unaligned destinations; fix TLS performance degradation after dlopen() usage; avoid integer truncation when parsing CPUID data with large cache sizes; ensure data passed to the rseq syscall are properly initialized
golang-github-containers-buildah	Disable a test known to fail on the auto-builder network, fixing build failure
intel-microcode	New upstream security release [CVE-2023-34440 CVE-2023-43758 CVE-2024-24582 CVE-2024-28047 CVE-2024-28127 CVE-2024-29214 CVE-2024-31068 CVE-2024-31157 CVE-2024-36293 CVE-2024-37020 CVE-2024-39279 CVE-2024-39355]
iptables-netflow	Fix build with newer bullseye kernels
jinja2	Fix arbitrary code execution issues [CVE-2024-56201 CVE-2024-56326]
joblib	Fix build failure on single-CPU systems
lemonldap-ng	Fix CSRF vulnerability on 2FA registration interface [CVE-2024-52948]
libapache-mod-jk	Set correct default permissions for shared memory [CVE-2024-46544]
libeconf	Fix buffer overflow vulnerability [CVE-2023-32181 CVE-2023-22652]
librabbitmq	Add option to read username/password from file [CVE-2023-35789]
libtar	Fix out-of-bounds read in gnu_longlink() [CVE-2021-33643]; fix out-of-bounds read in gnu_longname() [CVE-2021-33644]; fix memory leak in th_read() [CVE-2021-33645]; fix memory leak in th_read() [CVE-2021-33646]
linux	New upstream release; bump ABI to 32
linux-signed-amd64	New upstream release; bump ABI to 32
linux-signed-arm64	New upstream release; bump ABI to 32
linux-signed-i386	New upstream release; bump ABI to 32
linuxcnc	Fix multi axes movement on single axis G0 MDI call
ltt-control	Fix consumer crash on shutdown
lttng-modules	Fix build with newer bullseye kernels
mariadb	New upstream stable release; fix security issue [CVE-2024-21096]; fix denial of service issue [CVE-2025-21490]
monero	Impose response limits on HTTP server connections [CVE-2025-26819]
mozc	Install fcitx icons to the correct locations
ndcube	Ignore test warnings from astropy
nginx	Fix possible bypass of client certificate authentication [CVE-2025-23419]
node-axios	Fix CSRF vulnerability [CVE-2023-45857]; fix potential vulnerability in URL when determining an origin [CVE-2024-57965]
node-js-sdsl	Fix build failure
node-postcss	Fix mishandling of non-integer values leading to denial of service in nanoid [CVE-2024-55565]; fix parsing of external untrusted CSS [CVE-2023-44270]
node-recast	Fix build failure
node-redis	Fix build failure
node-rollup	Fix build failure arising from changed timeout API
openh264	Fix Cisco download URL
php-nesbot-carbon	Fix arbitrary file include issue [CVE-2025-22145]
postgresql-15	New upstream stable release; harden PQescapeString and allied functions against invalidly-encoded strings; improve behavior of libpq's quoting functions [CVE-2025-1094]
puma	Fix behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers [CVE-2023-40175]; limit size of chunk extensions [CVE-2024-21647]; prevent manipulation of headers set by intermediate proxies [CVE-2024-45614]
python-django	Fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]
python-pycdlib	Run tests only if /tmp is tmpfs, otherwise they are known to fail
rapiddisk	Support Linux versions up to 6.10
rsyslog	Avoid segmentation fault if a SIGTERM is received during startup
runit-services	Do not enable dhclient service by default
seqan3	Fix parallel running of tests
simgear	Fix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]
spamassassin	New upstream stable release
sssd	Apply GPO policy consistently [CVE-2023-3758]
subversion	Fix vulnerable parsing of control characters in paths served by mod_dav_svn [CVE-2024-46901]
sunpy	Ignore test warnings from astropy
systemd	New upstream stable release
tzdata	New upstream release; update data for Paraguay; update leap andra information
vagrant	Fix URL of public Vagrant registry
vim	Fix crash when expanding ~ in substitute [CVE-2023-2610]; fix buffer-overflow in vim_regsub_both() [CVE-2023-4738]; fix heap use after free in ins_compl_get_exp() [CVE-2023-4752]; fix heap-buffer-overflow in vim_regsub_both [CVE-2023-4781]; fix buffer-overflow in trunc_string() [CVE-2023-5344]; fix stack-buffer-overflow in option callback functions [CVE-2024-22667]; fix heap-buffer-overflow in ins_typebuf (CVE-2024-43802]; fix use-after-free when closing a buffer [CVE-2024-47814]; fix build failure on 32-bit architectures
wget	Fix mishandling of semicolons in userinfo in URLs [CVE-2024-38428]
xen	Allow direct kernel boot with kernels >= 6.12

Säkerhetsuppdateringar

Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:

Bulletin-ID	Paket
DSA-5834	chromium
DSA-5836	xen
DSA-5839	firefox-esr
DSA-5840	chromium
DSA-5841	thunderbird
DSA-5842	openafs
DSA-5843	rsync
DSA-5844	chromium
DSA-5845	tomcat10
DSA-5846	libreoffice
DSA-5847	snapcast
DSA-5848	chromium
DSA-5849	git-lfs
DSA-5850	git
DSA-5851	openjpeg2
DSA-5852	pdns-recursor
DSA-5853	pam-u2f
DSA-5854	bind9
DSA-5855	chromium
DSA-5856	redis
DSA-5857	openjdk-17
DSA-5858	firefox-esr
DSA-5859	chromium
DSA-5860	linux-signed-amd64
DSA-5860	linux-signed-arm64
DSA-5860	linux-signed-i386
DSA-5860	linux
DSA-5861	thunderbird
DSA-5862	cacti
DSA-5863	libtasn1-6
DSA-5864	pam-pkcs11
DSA-5865	webkit2gtk
DSA-5866	chromium
DSA-5867	gnutls28
DSA-5868	openssh
DSA-5869	chromium
DSA-5870	openh264
DSA-5871	emacs
DSA-5872	xorg-server
DSA-5873	libreoffice
DSA-5874	firefox-esr
DSA-5875	chromium
DSA-5876	thunderbird

Borttagna paket

Följande paket har tagits bort på grund av omständigheter utom vår kontroll:

Paket	Orsak
kanboard	Icke underhållen; säkerhetsproblem
libnet-easytcp-perl	Icke underhållen uppströms; säkerhetsproblem
looking-glass	Inte lämplig för en stabil utgåva

Debianinstalleraren

Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.

URLer

Den fullständiga listan på paket som har förändrats i denna revision:

https://deb.debian.org/debian/dists/bookworm/ChangeLog

Den aktuella stabila utgåvan:

https://deb.debian.org/debian/dists/stable/

Föreslagna uppdateringar till den stabila utgåvan:

https://deb.debian.org/debian/dists/proposed-updates

Information om den stabila utgåvan (versionsfakta, kända problem osv.):

https://www.debian.org/releases/stable/

Säkerhetsbulletiner och information:

https://www.debian.org/security/

Om Debian

Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.

Kontaktinformation

För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.