full image - Repost: Debian 12.10.0 Released (from Reddit.com, Debian 12.10.0 Released)
Mining:
Exchanges:
Donations:
Updated Debian 12: 12.10 releasedMarch 15th, 2025The Debian project is pleased to announce the tenth update of its stable distribution Debian 12 (codename bookworm). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.Please note that the point release does not constitute a new version of Debian 12 but only updates some of the packages included. There is no need to throw away old bookworm media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.New installation images will be available soon at the regular locations.Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at:https://ift.tt/iPQuBte BugfixesThis stable update adds a few important corrections to the following packages:PackageReason389-ds-baseFix crash when modifying userPassword using malformed input [CVE-2024-2199 CVE-2024-8445]; prevent denial of service while attempting to log in with a user with a malformed hash in their password [CVE-2024-5953]; prevent denial of service on the directory server with specially-crafted LDAP query [CVE-2024-3657]base-filesUpdate for the point releasebupNew upstream bugfix releasecontainerdFix tests causing FTBFS on the auto-builder networkcurlFix unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used [CVE-2024-9681]; prevent stopping of stunnel before retries in the built-time tests; fix possible credentials leakage issues [CVE-2024-11053 CVE-2025-0167]; fix test failures due to port clashesdaciteDo not cache result of get_default_value_for_fielddcmtkFix issue when rendering an invalid monochrome DICOM image [CVE-2024-47796]; ensure: HighBit < BitsAllocated [CVE-2024-52333]; fix possible overflows when allocating memory [CVE-2024-27628]; fix two segmentation faults [CVE-2024-34508 CVE-2024-34509]; fix arbitrary code execution issue [CVE-2024-28130]; fix buffer overflow issues [CVE-2025-25472 CVE-2025-25474]; fix NULL pointer dereference issue [CVE-2025-25475]debian-installerIncrease Linux kernel ABI to 6.1.0-32; rebuild against proposed-updatesdebian-ports-archive-keyringAdd 2026 key; move 2023 and 2024 keys to the removed keyringdgitAdd missing parameters for source upload targetdjoserFix authentication bypass [CVE-2024-21543]dns-root-dataAdd the DNSKEY record for KSK-2024edk2Fix overflow condition in PeCoffLoaderRelocateImage() [CVE-2024-38796]; fix potential UINT32 overflow in S3 ResumeCount [CVE-2024-1298]elpaFix tests on machines with 2 vCPU or fewerflightgearFix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]gensimFix build failure on single-CPU machinesglibcFix buffer overflow when printing assertion failure message [CVE-2025-0395]; fix memset performance for unaligned destinations; fix TLS performance degradation after dlopen() usage; avoid integer truncation when parsing CPUID data with large cache sizes; ensure data passed to the rseq syscall are properly initializedgolang-github-containers-buildahDisable a test known to fail on the auto-builder network, fixing build failureintel-microcodeNew upstream security release [CVE-2023-34440 CVE-2023-43758 CVE-2024-24582 CVE-2024-28047 CVE-2024-28127 CVE-2024-29214 CVE-2024-31068 CVE-2024-31157 CVE-2024-36293 CVE-2024-37020 CVE-2024-39279 CVE-2024-39355]iptables-netflowFix build with newer bullseye kernelsjinja2Fix arbitrary code execution issues [CVE-2024-56201 CVE-2024-56326]joblibFix build failure on single-CPU systemslemonldap-ngFix CSRF vulnerability on 2FA registration interface [CVE-2024-52948]libapache-mod-jkSet correct default permissions for shared memory [CVE-2024-46544]libeconfFix buffer overflow vulnerability [CVE-2023-32181 CVE-2023-22652]librabbitmqAdd option to read username/password from file [CVE-2023-35789]libtarFix out-of-bounds read in gnu_longlink() [CVE-2021-33643]; fix out-of-bounds read in gnu_longname() [CVE-2021-33644]; fix memory leak in th_read() [CVE-2021-33645]; fix memory leak in th_read() [CVE-2021-33646]linuxNew upstream release; bump ABI to 32linux-signed-amd64New upstream release; bump ABI to 32linux-signed-arm64New upstream release; bump ABI to 32linux-signed-i386New upstream release; bump ABI to 32linuxcncFix multi axes movement on single axis G0 MDI callltt-controlFix consumer crash on shutdownlttng-modulesFix build with newer bullseye kernelsmariadbNew upstream stable release; fix security issue [CVE-2024-21096]; fix denial of service issue [CVE-2025-21490]moneroImpose response limits on HTTP server connections [CVE-2025-26819]mozcInstall fcitx icons to the correct locationsndcubeIgnore test warnings from astropynginxFix possible bypass of client certificate authentication [CVE-2025-23419]node-axiosFix CSRF vulnerability [CVE-2023-45857]; fix potential vulnerability in URL when determining an origin [CVE-2024-57965]node-js-sdslFix build failurenode-postcssFix mishandling of non-integer values leading to denial of service in nanoid [CVE-2024-55565]; fix parsing of external untrusted CSS [CVE-2023-44270]node-recastFix build failurenode-redisFix build failurenode-rollupFix build failure arising from changed timeout APIopenh264Fix Cisco download URLphp-nesbot-carbonFix arbitrary file include issue [CVE-2025-22145]postgresql-15New upstream stable release; harden PQescapeString and allied functions against invalidly-encoded strings; improve behavior of libpq's quoting functions [CVE-2025-1094]pumaFix behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers [CVE-2023-40175]; limit size of chunk extensions [CVE-2024-21647]; prevent manipulation of headers set by intermediate proxies [CVE-2024-45614]python-djangoFix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]python-pycdlibRun tests only if /tmp is tmpfs, otherwise they are known to failrapiddiskSupport Linux versions up to 6.10rsyslogAvoid segmentation fault if a SIGTERM is received during startuprunit-servicesDo not enable dhclient service by defaultseqan3Fix parallel running of testssimgearFix sandbox bypass vulnerability in Nasal scripts [CVE-2025-0781]spamassassinNew upstream stable releasesssdApply GPO policy consistently [CVE-2023-3758]subversionFix vulnerable parsing of control characters in paths served by mod_dav_svn [CVE-2024-46901]sunpyIgnore test warnings from astropysystemdNew upstream stable releasetzdataNew upstream release; update data for Paraguay; update leap second informationvagrantFix URL of public Vagrant registryvim ~ Fix crash when expanding in substitute [CVE-2023-2610]; fix buffer-overflow in vim_regsub_both() [CVE-2023-4738]; fix heap use after free in ins_compl_get_exp() [CVE-2023-4752]; fix heap-buffer-overflow in vim_regsub_both [CVE-2023-4781]; fix buffer-overflow in trunc_string() [CVE-2023-5344]; fix stack-buffer-overflow in option callback functions [CVE-2024-22667]; fix heap-buffer-overflow in ins_typebuf (CVE-2024-43802]; fix use-after-free when closing a buffer [CVE-2024-47814]; fix build failure on 32-bit architectureswgetFix mishandling of semicolons in userinfo in URLs [CVE-2024-38428]xenAllow direct kernel boot with kernels >= 6.12Security UpdatesThis revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates:Advisory IDPackageDSA-5834chromiumDSA-5836xenDSA-5839firefox-esrDSA-5840chromiumDSA-5841thunderbirdDSA-5842openafsDSA-5843rsyncDSA-5844chromiumDSA-5845tomcat10DSA-5846libreofficeDSA-5847snapcastDSA-5848chromiumDSA-5849git-lfsDSA-5850gitDSA-5851openjpeg2DSA-5852pdns-recursorDSA-5853pam-u2fDSA-5854bind9DSA-5855chromiumDSA-5856redisDSA-5857openjdk-17DSA-5858firefox-esrDSA-5859chromiumDSA-5860linux-signed-amd64DSA-5860linux-signed-arm64DSA-5860linux-signed-i386DSA-5860linuxDSA-5861thunderbirdDSA-5862cactiDSA-5863libtasn1-6DSA-5864pam-pkcs11DSA-5865webkit2gtkDSA-5866chromiumDSA-5867gnutls28DSA-5868opensshDSA-5869chromiumDSA-5870openh264DSA-5871emacsDSA-5872xorg-serverDSA-5873libreofficeDSA-5874firefox-esrDSA-5875chromiumDSA-5876thunderbirdRemoved packagesThe following packages were removed due to circumstances beyond our control:PackageReasonkanboardUnmaintained; security issueslibnet-easytcp-perlUnmaintained upstream; security issueslooking-glassNot suitable for a stable releaseDebian InstallerThe installer has been updated to include the fixes incorporated into stable by the point release.Get the torrents here: https://ift.tt/sFN7PKm
Social Media Icons