https://www.debian.org/News/2024/20240831 Debian [ ] [Search] Skip Quicknav * Blog * Micronews * Planet Latest News / News from 2024 / News -- Updated Debian 12: 12.7 released Updated Debian 12: 12.7 released August 31st, 2024 The Debian project is pleased to announce the seventh update of its stable distribution Debian 12 (codename `bookworm'). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 12 but only updates some of the packages included. There is no need to throw away old `bookworm' media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Secure Boot and other operating systems Users who boot other operating systems on the same hardware, and who have Secure Boot enabled, should be aware that shim 15.8 (included with Debian 12.7) revokes signatures across older versions of shim in the UEFI firmware. This may leave other operating systems using shim before 15.8 unable to boot. Affected users can temporarily disable Secure Boot before updating other operating systems. Miscellaneous Bugfixes This stable update adds a few important corrections to the following packages: Package Reason New upstream release; security fixes amd64-microcode [CVE-2023-31315]; SEV firmware fixes [CVE-2023-20584 CVE-2023-31356] ansible New upstream stable release; fix key leakage issue [CVE-2023-4237] New upstream stable release; fix information disclosure issue ansible-core [CVE-2024-0690]; fix template injection issue [CVE-2023-5764]; fix path traversal issue [CVE-2023-5115] New upstream stable release; fix apache2 content disclosure issue [CVE-2024-40725] base-files Update for the point release Fix remote code execution issues [CVE-2024-25641 CVE-2024-31459], cross site scripting issues [CVE-2024-29894 CVE-2024-31443 cacti CVE-2024-31444], SQL injection issues [CVE-2024-31445 CVE-2024-31458 CVE-2024-31460], `type juggling' issue [CVE-2024-34340]; fix autopkgtest failure calamares-settings-debian Fix Xfce launcher permission issue Fix remote code execution issue calibre [CVE-2024-6782, cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009] choose-mirror Update list of available mirrors cockpit Fix denial of service issue [CVE-2024-6126] cups Fix issues with domain socket handling [CVE-2024-35235] curl Fix ASN.1 date parser overread issue [CVE-2024-7264] cyrus-imapd Fix regression introduced in CVE-2024-34055 fix dcm2niix Fix potential code execution issue [CVE-2024-27629] Increase Linux kernel ABI to debian-installer 6.1.0-25; rebuild against proposed-updates debian-installer-netboot-images Rebuild against proposed-updates dmitry Security fixes [CVE-2024-31837 CVE-2020-14931 CVE-2017-7938] Fix `noremotetcp' behaviour of dropbear keepalive packets in combination with the `no-port-forwarding' authorized_keys(5) restriction gettext.js Fix server side request forgery issue [CVE-2024-43370] Fix freeing uninitialized memory in glibc libc_freeres_fn(); fix several performance issues and possible crashses glogic Require Gtk 3.0 and PangoCairo 1.0 graphviz Fix broken scale Avoid looking for modules in the gtk+2.0 current working directory [CVE-2024-6655] Avoid looking for modules in the gtk+3.0 current working directory [CVE-2024-6655] imagemagick Fix segmentation fault issue; fix incomplete fix for CVE-2023-34151 hook_functions: Fix copy_file with source including a directory symlink; hook-functions: copy_file: Canonicalise target filename; install initramfs-tools hid-multitouch module for Surface Pro 4 Keyboard; add hyper-keyboard module, needed to enter LUKS password in Hyper-V; auto_add_modules: Add onboard_usb_hub, onboard_usb_dev New upstream release; security fixes intel-microcode [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939] ipmitool Add missing enterprise-numbers.txt file Avoid crash when the Forwarded header libapache2-mod-auth-openidc is not present but OIDCXForwardedHeaders is configured for it Fix buffer overflow during scanning libnvme devices that do not support sub-4k reads birsh: Make domif-setlink work more than once; qemu: domain: Fix logic libvirt when tainting domain; fix denial of service issues [CVE-2023-3750 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496] linux New upstream release; bump ABI to 25 linux-signed-amd64 New upstream release; bump ABI to 25 linux-signed-arm64 New upstream release; bump ABI to 25 linux-signed-i386 New upstream release; bump ABI to 25 newlib Fix buffer overflow issue [CVE-2021-3420] numpy Conflict with python-numpy New upstream stable release; fix openssl denial of service issues [CVE-2024-2511 CVE-2024-4603]; fix use after free issue [CVE-2024-4741] Make comment cells editable; fix poe.app drawing when an NSActionCell in the preferences is acted on to change state Fix weak ECDSA nonce generation putty allowing secret key recovery [CVE-2024-31497] New upstream stable release; fix qemu denial of service issue [CVE-2024-4467] riemann-c-client Prevent malformed payload in GnuTLS send/receive operations New upstream stable release, to rustc-web support building new chromium and firefox-esr versions shim New upstream release shim-helpers-amd64-signed Rebuild against shim 15.8.1 shim-helpers-arm64-signed Rebuild against shim 15.8.1 shim-helpers-i386-signed Rebuild against shim 15.8.1 shim-signed New upstream stable release systemd New upstream stable release; update hwdb usb.ids Update included data list xmedcon Fix buffer overflow issue [CVE-2024-29421] Security Updates This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: Advisory ID Package DSA-5617 chromium DSA-5629 chromium DSA-5634 chromium DSA-5636 chromium DSA-5639 chromium DSA-5648 chromium DSA-5654 chromium DSA-5656 chromium DSA-5668 chromium DSA-5675 chromium DSA-5676 chromium DSA-5683 chromium DSA-5687 chromium DSA-5689 chromium DSA-5694 chromium DSA-5696 chromium DSA-5697 chromium DSA-5701 chromium DSA-5710 chromium DSA-5716 chromium DSA-5719 emacs DSA-5720 chromium DSA-5722 libvpx DSA-5723 plasma-workspace DSA-5724 openssh DSA-5725 znc DSA-5726 krb5 DSA-5727 firefox-esr DSA-5728 exim4 DSA-5729 apache2 DSA-5731 linux-signed-amd64 DSA-5731 linux-signed-arm64 DSA-5731 linux-signed-i386 DSA-5731 linux DSA-5732 chromium DSA-5734 bind9 DSA-5735 chromium DSA-5737 libreoffice DSA-5738 openjdk-17 DSA-5739 wpa DSA-5740 firefox-esr DSA-5741 chromium DSA-5743 roundcube DSA-5745 postgresql-15 DSA-5748 ffmpeg DSA-5749 bubblewrap DSA-5749 flatpak DSA-5750 python-asyncssh DSA-5751 squid DSA-5752 dovecot DSA-5753 aom DSA-5754 cinder DSA-5755 glance DSA-5756 nova DSA-5757 chromium Removed packages The following packages were removed due to circumstances beyond our control: Package Reason bcachefs-tools Buggy; obsolete Debian Installer The installer has been updated to include the fixes incorporated into stable by the point release. URLs The complete lists of packages that have changed with this revision: https://deb.debian.org/debian/dists/bookworm/ChangeLog The current stable distribution: https://deb.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: https://deb.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information For further information, please visit the Debian web pages at https:/ /www.debian.org/, send mail to , or contact the stable release team at . --------------------------------------------------------------------- Back to: other Debian news || Debian Project homepage. --------------------------------------------------------------------- This page is also available in the following languages: francais Portugues svenska How to set the default document language --------------------------------------------------------------------- Home * About + Social Contract + Code of Conduct + Free Software + Legal Info * Help Debian * Getting Debian + Network install + CD/USB ISO images + Pure Blends + Debian Packages + Developers' Corner * News + Project News + Events * Documentation + Release Info + Debian Wiki * Support + Debian International + Security Information + Bug reports + Mailing Lists * Site map * Search * The Debian Blog * Debian Micronews * Debian Planet See our contact page to get in touch. Web site source code is available. Last Modified: Sat, Aug 31 12:27:40 UTC 2024 Last Built: Sat, Aug 31 12:28:34 UTC 2024 Copyright (c) 2024 SPI and others; See license terms Debian is a registered trademark of Software in the Public Interest, Inc.