تحديث دبيان 12: الإصدار 12.1
22 يوليوز 2023
يسعد مشروع دبيان الإعلان عن التحديث الأول لتوزيعته المستقرة دبيان 12 (الاسم الرمزي bookworm
).
بالإضافة إلى تسوية بعض المشكلات الحرجة يصلح هذا التحديث بالأساس مشاكلات الأمان. تنبيهات الأمان أعلنت بشكل منفصل ومشار إليها فقط في هذا الإعلان.
يرجى ملاحظة أن هذا التحديث لا يشكّل إصدار جديد لدبيان 12 بل فقط تحديثات لبعض الحزم المضمّنة
وبالتالي ليس بالضرورة رمي الوسائط القديمة للإصدار bookworm
، يمكن تحديث الحزم باستخدام مرآة دبيان محدّثة.
الذين يثبّتون التحديثات من security.debian.org باستمرار لن يكون عليهم تحديث العديد من الحزم، أغلب التحديثات مضمّنة في هذا التحديث.
صور جديدة لأقراص التثبيت ستكون متوفرة في موضعها المعتاد.
يمكن الترقية من تثبيت آنيّ إلى هذه المراجعة بتوجيه نظام إدارة الحزم إلى إحدى مرايا HTTP الخاصة بدبيان. قائمة شاملة لمرايا دبيان على المسار:
إصلاح العديد من العلاّت
أضاف هذا التحديث للإصدار المستقر بعض الإصلاحات المهمة للحزم التالية:
| الحزمة | السبب |
|---|---|
| aide | Properly handle creating the system user; fix child directory processing on equal match |
| autofs | Fix hang when using Kerberos-authenticated LDAP |
| ayatana-indicator-datetime | Fix playing of custom alarm sounds |
| base-files | Update for the 12.1 point release |
| bepasty | Fix rendering of text uploads |
| boost1.81 | Add missing dependency on libboost-json1.81.0 to libboost-json1.81-dev |
| bup | Correctly restore POSIX ACLs |
| context | Enable socket in ConTeXt mtxrun |
| cpdb-libs | Fix a buffer overflow vulnerability [CVE-2023-34095] |
| cpp-httplib | Fix CRLF injection issue [CVE-2023-26130] |
| crowdsec | Fix default acquis.yaml to also include the journalctl datasource, limited to the ssh.service unit, making sure acquisition works even without the traditional auth.log file; make sure an invalid datasource doesn't make the engine error out |
| cups | Security fixes: use-after-free [CVE-2023-34241]; heap buffer overflow [CVE-2023-32324] |
| cvs | Configure full path to ssh |
| dbus | New upstream stable release; fix denial of service issue [CVE-2023-34969]; stop trying to take DPKG_ROOT into account, restoring copying of systemd's /etc/machine-id in preference to creating an entirely new machine ID |
| debian-installer | Increase Linux kernel ABI to 6.1.0-10; rebuild against proposed-updates |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| desktop-base | Remove emerald alternatives on package uninstallation |
| dh-python | Re-introduce Breaks+Replaces on python2 needed to help apt in some upgrade scenarios |
| dkms | Add Breaks against obsolete, incompatible *-dkms packages |
| dnf | Fix default DNF const PYTHON_INSTALL_DIR |
| dpdk | New upstream stable release |
| exim4 | Fix argument parsing for ${run } expansion; fix ${srs_encode ..} returning incorrect result every 1024 days |
| fai | Fix IP address lifetime |
| glibc | Fix a buffer overflow in gmon; fix a deadlock in getaddrinfo (__check_pf) with deferred cancellation; fix y2038 support in strftime on 32-bit architectures; fix corner case parsing of /etc/gshadow which can return bad pointers, causing segfaults in applications; fix a deadlock in system() when called concurrently from multiple threads; cdefs: limit definition of fortification macros to __FORTIFY_LEVEL > 0 to support old C90 compilers |
| gnome-control-center | New upstream bugfix release |
| gnome-maps | New upstream bugfix release |
| gnome-shell | New upstream bugfix release |
| gnome-software | New upstream release; memory leak fixes |
| gosa | Silence PHP 8.2 deprecation warnings; fix missing template in default theme; fix table styling; fix use of debugLevel > 0 |
| groonga | Fix documentation links |
| guestfs-tools | Security update [CVE-2022-2211] |
| indent | Restore the ROUND_UP macro and adjust the initial buffer size |
| installation-guide | Enable Indonesian translation |
| kanboard | Fix malicious injection of HTML tags into DOM [CVE-2023-32685]; fix parameter-based indirect object referencing leading to private file exposure [CVE-2023-33956]; fix missing access controls [CVE-2023-33968, CVE-2023-33970]; fix stored XSS in Task External Link functionality [CVE-2023-33969] |
| kf5-messagelib | Search also for subkeys |
| libmatekbd | Fix memory leaks |
| libnginx-mod-http-modsecurity | Binary rebuild with pcre2 |
| libreoffice | New upstream bugfix release |
| libreswan | Fix potential denial-of-service issue [CVE-2023-30570] |
| libxml2 | Fix NULL pointer dereference issue [CVE-2022-2309] |
| linux | New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001] |
| linux-signed-amd64 | New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001] |
| linux-signed-arm64 | New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001] |
| linux-signed-i386 | New upstream stable release; netfilter: nf_tables: do not ignore genmask when looking up chain by id [CVE-2023-31248], prevent OOB access in nft_byteorder_eval [CVE-2023-35001] |
| mailman3 | Drop redundant cron job; handle ordering of services when MariaDB is present |
| marco | Show correct window title when owned by superuser |
| mate-control-center | Fix several memory leaks |
| mate-power-manager | Fix several memory leaks |
| mate-session-manager | Fix several memory leaks; allow clutter backends other than x11 |
| multipath-tools | Hide underlying paths from LVM; prevent initial service failure on new installations |
| mutter | New upstream bugfix release |
| network-manager-strongswan | Build editor component with GTK 4 support |
| nfdump | Return success when starting; fix segfault in option parsing |
| nftables | Fix regression in set listing format |
| node-openpgp-seek-bzip | Correct installation of files in seek-bzip package |
| node-tough-cookie | Fix prototype pollution issue [CVE-2023-26136] |
| node-undici | Security fixes: protect HostHTTP header from CLRF injection [CVE-2023-23936]; potential ReDoS on Headers.set and Headers.append [CVE-2023-24807] |
| node-webpack | Security fix (cross-realm objects) [CVE-2023-28154] |
| nvidia-cuda-toolkit | Update bundled openjdk-8-jre |
| nvidia-graphics-drivers | New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516] |
| nvidia-graphics-drivers-tesla | New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516] |
| nvidia-graphics-drivers-tesla-470 | New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516] |
| nvidia-modprobe | New upstream bugfix release |
| nvidia-open-gpu-kernel-modules | New upstream stable release; security fixes [CVE-2023-25515 CVE-2023-25516] |
| nvidia-support | Add Breaks against incompatible packages from bullseye |
| onionshare | Fix installation of desktop furniture |
| openvpn | Fix memory leak and dangling pointer (possible crash vector) |
| pacemaker | Fix regression in the resource scheduler |
| postfix | New upstream bugfix release; fix postfix set-permissions |
| proftpd-dfsg | Do not enable inetd-style socket at installation |
| qemu | New upstream stable release; fix USB devices not being available to XEN HVM domUs; 9pfs: prevent opening special files [CVE-2023-2861]; fix reentrancy issues in the LSI controller [CVE-2023-0330] |
| request-tracker5 | Fix links to documentation |
| rime-cantonese | Sort words and characters by frequency |
| rime-luna-pinyin | Install missing pinyin schema data |
| samba | New upstream stable release; ensure manpages are generated during build; enable ability to store kerberos tickets in kernel keyring; fix build issues on armel and mipsel; fix windows logon/trust issues with 2023-07 windows updates |
| schleuder-cli | Security fix (value escaping) |
| smarty4 | Fix arbitrary code execution issue [CVE-2023-28447] |
| spip | Various security issues; security fix (authentication data filtering) |
| sra-sdk | Fix installation of files in libngs-java |
| sudo | Fix event log format |
| systemd | New upstream bugfix release |
| tang | Fix race condition when creating/rotating keys [CVE-2023-1672] |
| texlive-bin | Disable socket in luatex by default [CVE-2023-32668]; make installable on i386 |
| unixodbc | Add Breaks+Replaces against odbcinst1debian1 |
| usb.ids | Update included data |
| vm | Disable byte compilation |
| vte2.91 | New upstream bugfix release |
| xerial-sqlite-jdbc | Use a UUID for connection ID [CVE-2023-32697] |
| yajl | Memory leak security fix; fix denial of service issue [CVE-2017-16516], integer overflow issue [CVE-2022-24795] |
تحديثات الأمان
أضافت هذه المراجعة تحديثات الأمان التالية للإصدار المستقر. سبق لفريق الأمان نشر تنبيه لكل تحديث:
مُثبِّت دبيان
حدِّث المُثبِّت ليتضمن الإصلاحات المندرجة في هذا الإصدار المستقر.
المسارات
القائمة الكاملة للحزم المغيّرة في هذه المراجعة:
التوزيعة المستقرة الحالية:
التحديثات المقترحة للتوزيعة المستقرة:
معلومات حول التوزيعة المستقرة (ملاحظات الإصدار والأخطاء إلخ):
معلومات وإعلانات الأمان:
حول دبيان
مشروع دبيان هو اتحاد لمطوري البرمجيات الحرة تطوعوا بالوقت والمجهود لإنتاج نظام تشعيل دبيان حر بالكامل.
معلومات الاتصال
لمزيد من المعلومات يرجى زيارة موقع دبيان https://www.debian.org/ أو إرسال بريد إلكتروني إلى <[email protected]> أو الاتصال بفريق إصدار المستقرة على <[email protected]>.