A versão 12.2 da Distro Debian bookworm é o segundo pacote de correções de segurança e bugs.

 Lançado o Debian "bookworm" 12.2

Debian, anteriormente chamado Debian GNU/Linux e hoje apenas Debian, é um sistema operacional composto majoritariamente de software livre e mantido oficialmente pelo Projeto Debian. O projeto recebe, ainda, apoio de outros indivíduos e organizações de todo o mundo. Wikipédia

O anúncio foi feito em 07 de Outubro de 2023.

"O projeto Debian tem o prazer de anunciar a segunda atualização de sua distribuição estável Debian 12 (codinome "bookworm"). Esta versão pontual adiciona principalmente correções para problemas de segurança, juntamente com alguns ajustes para problemas sérios. Os avisos de segurança já foram publicados separadamente e são referenciados quando disponíveis."

Bugs corrigidos.

amd64-microcode Update included microcode, including fixes for "AMD Inception" on AMD Zen4 processors [CVE-2023-20569] arctica-greeter Support configuring the onscreen keyboard theme via ArcticaGreeter's gsettings; use "Compact" OSK layout (instead of Small) which includes special keys such as German Umlauts; fix display of authentication failure messages; use active theme rather than emerald autofs Fix regression determining reachability on dual-stack hosts base-files Update for the 12.2 point release batik Fix Server Side Request Forgery issues [CVE-2022-44729 CVE-2022-44730] boxer-data No longer install https-everywhere for Firefox brltty xbrlapi: Do not try to start brltty with ba+a2 when unavailable; fix cursor routing and braille panning in Orca when xbrlapi is installed but the a2 screen driver is not ca-certificates-java Work around unconfigured JRE during new installations cairosvg Handle data: URLs in safe mode calibre Fix export feature clamav New upstream stable release; security fixes [CVE-2023-20197 CVE-2023-20212] cryptmount Avoid memory initialisation issues in command line parser cups Fix heap-based buffer overflow issue [CVE-2023-4504]; fix unauthenticated access issue [CVE-2023-32360] curl Build with OpenLDAP to correct improper fetch of binary LDAP attributes; fix excessive memory consumption issue [CVE-2023-38039] cyrus-imapd Ensure mailboxes are not lost on upgrades from bullseye dar Fix issues with creating isolated catalogs when dar was built using a recent gcc version dbus New upstream stable release; fix a dbus-daemon crash during policy reload if a connection belongs to a user account that has been deleted, or if a Name Service Switch plugin is broken, on kernels not supporting SO_PEERGROUPS; report the error correctly if getting the groups of a uid fails; dbus-user-session: Copy XDG_CURRENT_DESKTOP to activation environment debian-archive-keyring Clean up leftover keyrings in trusted.gpg.d debian-edu-doc Update Debian Edu Bookworm manual debian-edu-install New upstream release; adjust D-I auto-partitioning sizes debian-installer Increase Linux kernel ABI to 6.1.0-13; rebuild against proposed-updates debian-installer-netboot-images Rebuild against proposed-updates debian-parl Rebuild with newer boxer-data; no longer depend on webext-https-everywhere debianutils Fix duplicate entries in /etc/shells; manage /bin/sh in the state file; fix canonicalization of shells in aliased locations dgit Use the old /updates security map only for buster; prevent pushing older versions than are already in the archive dhcpcd5 Ease upgrades with leftovers from wheezy; drop deprecated ntpd integration; fix version in cleanup script dpdk New upstream stable release dput-ng Update permitted upload targets; fix failure to build from source efibootguard Fix Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files [CVE-2023-39950] electrum Fix a Lightning security issue filezilla Fix builds for 32-bit architectures; fix crash when removing filetypes from list firewalld Don't mix IPv4 and IPv6 addresses in a single nftables rule flann Drop extra -llz4 from flann.pc foot Ignore XTGETTCAP queries with invalid hex encodings freedombox Use n= in apt preferences for smooth upgrades freeradius Ensure TLS-Client-Cert-Common-Name contains correct data ghostscript Fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS server startup [CVE-2023-43115] gitit Rebuild against new pandoc gjs Avoid infinite loops of idle callbacks if an idle handler is called during GC glibc Fix the value of F_GETLK/F_SETLK/F_SETLKW with __USE_FILE_OFFSET64 on ppc64el; fix a stack read overflow in getaddrinfo in no-aaaa mode [CVE-2023-4527]; fix use after free in getcanonname [CVE-2023-4806 CVE-2023-5156]; fix _dl_find_object to return correct values even during early startup gosa-plugins-netgroups Silence deprecation warnings in web interface gosa-plugins-systems Fix management of DHCP/DNS entries in default theme; fix adding (standalone) "Network printer" systems; fix generation of target DNs for various system types; fix icon rendering in DHCP servlet; enforce unqualified hostname for workstations gtk+3.0 New upstream stable release; fix several crashes; show more information in the "inspector" debugging interface; silence GFileInfo warnings if used with a backported version of GLib; use a light colour for the caret in dark themes, making it much easier to see in some apps, in particular Evince gtk4 Fix truncation in places sidebar with large text accessibility setting haskell-hakyll Rebuild against new pandoc highway Fix support for armhf systems lacking NEON hnswlib Fix double free in init_index when the M argument is a large integer [CVE-2023-37365] horizon Fix open redirect issue [CVE-2022-45582] icingaweb2 Suppress undesirable deprecation notices imlib2 Fix preservation of alpha channel flag indent Fix out of buffer read; fix buffer overwrite [CVE-2023-40305] inetutils Check return values when dropping privileges [CVE-2023-40303] inn2 Fix nnrpd hangs when compression is enabled; add support for high-precision syslog timestamps; make inn-{radius,secrets}.conf not world readable jekyll Support YAML aliases kernelshark Fix segfault in libshark-tepdata; fix capturing when target directory contains a space krb5 Fix freeing of uninitialised pointer [CVE-2023-36054] lemonldap-ng Apply login control to auth-slave requests; fix open redirection due to incorrect escape handling; fix open redirection when OIDC RP has no redirect URIs; fix Server Side Request Forgery issue [CVE-2023-44469] libapache-mod-jk Remove implicit mapping functionality, which could lead to unintended exposure of the status worker and/or bypass of security constraints [CVE-2023-41081] libclamunrar New upstream stable release libmatemixer Fix heap corruptions / application crashes when removing audio devices libpam-mklocaluser pam-auth-update: ensure the module is ordered before other session type modules libxnvctrl New source package split from nvidia-settings linux New upstream stable release linux-signed-amd64 New upstream stable release linux-signed-arm64 New upstream stable release linux-signed-i386 New upstream stable release llvm-defaults Fix /usr/include/lld symlink; add Breaks against not co-installable packages for smoother upgrades from bullseye ltsp Avoid using mv on init symlink lxc Fix nftables syntax for IPv6 NAT lxcfs Fix CPU reporting within an arm32 container with large numbers of CPUs marco Only enable compositing if it is available mariadb New upstream bugfix release mate-notification-daemon Fix two memory leaks mgba Fix broken audio in libretro core; fix crash on hardware incapable of OpenGL 3.2 modsecurity Fix denial of service issue [CVE-2023-38285] monitoring-plugins check_disk: avoid mounting when searching for matching mount points, resolving a regression in speed from bullseye mozjs102 New upstream stable release; fix "incorrect value used during WASM compilation" [CVE-2023-4046], potential use after free issue [CVE-2023-37202], memory safety issues [CVE-2023-37211 CVE-2023-34416] mutt New upstream stable release nco Re-enable udunits2 support nftables Fix incorrect bytecode generation hit with new kernel check that rejects adding rules to bound chains node-dottie Security fix (prototype pollution) [CVE-2023-26132] nvidia-settings New upstream bugfix release nvidia-settings-tesla New upstream bugfix release nx-libs Fix missing symlink /usr/share/nx/fonts; fix manpage open-ath9k-htc-firmware Load correct firmware openbsd-inetd Fix memory handling issues openrefine Fix arbitrary code execution issue [CVE-2023-37476] openscap Fix dependencies of openscap-utils and python3-openscap openssh Fix remote code execution issue via a forwarded agent socket [CVE-2023-38408] openssl New upstream stable release; security fixes [CVE-2023-2975 CVE-2023-3446 CVE-2023-3817] pam Fix pam-auth-update --disable; update Turkish translation pandoc Fix arbitrary file write issue [CVE-2023-35936] plasma-framework Fix plasmashell crashes plasma-workspace Fix crash in krunner python-git Fix remote code execution issue [CVE-2023-40267], blind local file inclusion issue [CVE-2023-41040] pywinrm Fix compatibility with Python 3.11 qemu Update to upstream 7.2.5 tree; ui/vnc-clipboard: fix infinite loop in inflate_buffer [CVE-2023-3255]; fix NULL pointer dereference issue [CVE-2023-3354]; fix buffer overflow issue [CVE-2023-3180] qtlocation-opensource-src Fix freeze when loading map tiles rar Upstream bugfix release [CVE-2023-40477] reprepro Fix race condition when using external decompressors rmlint Fix error in other packages caused by invalid python package version; fix GUI startup failure with recent python3.11 roundcube New upstream stable release; fix OAuth2 authentication; fix cross site scripting issues [CVE-2023-43770] runit-services dhclient: don't hardcode use of eth1 samba New upstream stable release sitesummary New upstream release; fix installation of sitesummary-maintenance CRON/systemd-timerd script; fix insecure temporary file and directory creation slbackup-php Bug fixes: log remote commands to stderr; disable SSH known hosts files; PHP 8 compatibility spamprobe Fix crashes parsing JPEG attachments stunnel4 Fix handling of a peer closing TLS connection without proper shutdown messaging systemd New upstream stable release; fix minor security issue in arm64 and riscv64 systemd-boot (EFI) with device tree blobs loading testng7 Backport to stable for future openjdk-17 builds timg Fix buffer overflow vulnerability [CVE-2023-40968] transmission Replace openssl3 compat patch to fix memory leak unbound Fix error log flooding when using DNS over TLS with openssl 3.0 unrar-nonfree Fix remote code execution issue [CVE-2023-40477] vorta Handle ctime and mtime changes in diffs vte2.91 Invalidate ring view more often when necessary, fixing various assertion failures during event handling x2goserver x2goruncommand: add support for KDE Plasma 5; x2gostartagent: prevent logfile corruption; keystrokes.cfg: sync with nx-libs; fix encoding of Finnish translation

Atualizações de segurança

DSA-5454 kanboard DSA-5455 iperf3 DSA-5456 chromium DSA-5457 webkit2gtk DSA-5458 openjdk-17 DSA-5459 amd64-microcode DSA-5460 curl DSA-5462 linux-signed-amd64 DSA-5462 linux-signed-arm64 DSA-5462 linux-signed-i386 DSA-5462 linux DSA-5463 thunderbird DSA-5464 firefox-esr DSA-5465 python-django DSA-5466 ntpsec DSA-5467 chromium DSA-5468 webkit2gtk DSA-5469 thunderbird DSA-5471 libhtmlcleaner-java DSA-5472 cjose DSA-5473 orthanc DSA-5474 intel-microcode DSA-5475 linux-signed-amd64 DSA-5475 linux-signed-arm64 DSA-5475 linux-signed-i386 DSA-5475 linux DSA-5476 gst-plugins-ugly1.0 DSA-5477 samba DSA-5479 chromium DSA-5481 fastdds DSA-5482 tryton-server DSA-5483 chromium DSA-5484 librsvg DSA-5485 firefox-esr DSA-5487 chromium DSA-5488 thunderbird DSA-5491 chromium DSA-5492 linux-signed-amd64 DSA-5492 linux-signed-arm64 DSA-5492 linux-signed-i386 DSA-5492 linux DSA-5493 open-vm-tools DSA-5494 mutt DSA-5495 frr DSA-5496 firefox-esr DSA-5497 libwebp DSA-5498 thunderbird DSA-5501 gnome-shell DSA-5504 bind9 DSA-5505 lldpd DSA-5507 jetty9 DSA-5510 libvpx

Atualização

Para atualizar execute no terminal.

sudo apt update ; sudo apt full-upgrade

 Ai está.