A Distro Debian 12 Bookworm recebe seu 4º pacote de correções de segurança e bugs. 

Debian Bookworm 12.4 é lançado

Debian, anteriormente chamado Debian GNU/Linux e hoje apenas Debian, é um sistema operacional composto majoritariamente de software livre e mantido oficialmente pelo Projeto Debian. O projeto recebe, ainda, apoio de outros indivíduos e organizações de todo o mundo. Wikipédia

 

O anúncio foi feito em 10de Dezembro de 2023.

"O projeto Debian tem o prazer de anunciar a quarta atualização de sua distribuição estável Debian 12 (codinome "bookworm"). Esta versão pontual adiciona principalmente correções para problemas de segurança, juntamente com alguns ajustes para problemas sérios. Os avisos de segurança já foram publicados separadamente e são referenciados quando disponíveis."

Atualizações de bugs.

Package Reason adequate Skip symbol-size-mismatch test on architectures where array symbols don't include a specific length; disable deprecation warnings about smartmatch, given, when in Perl 5.38; fix warnings from version comparison about smartmatch being experimental amanda Fix local privilege escalation [CVE-2023-30577] arctica-greeter Move logo away from border when greeting awstats Avoid prompts on upgrade due to logrotate configuration cleanup axis Filter out unsupported protocols in the client class ServiceFactory [CVE-2023-40743] base-files Update for the 12.4 point release ca-certificates-java Remove circular dependencies calibre Fix crash in Get Books when regenerating UIC files crun Fix containers with systemd as their init system, when using newer kernel versions cups Take into account that on some printers the ColorModel option's choice for color printing is CMYK and not RGB dav4tbsync New upstream version, restoring compatibility with newer Thunderbird versions debian-edu-artwork Provide an Emerald theme based artwork for Debian Edu 12 debian-edu-config New upstream stable version; fix setting and changing of LDAP passwords debian-edu-doc Update included documentation and translations debian-edu-fai New upstream stable version debian-edu-router Fix dnsmasq conf generation for networks over VLAN; only generate UIF filter rules for SSH if 'Uplink' interface is defined; update translations debian-installer Increase Linux kernel ABI to 6.1.0-15; rebuild against proposed-updates debian-installer-netboot-images Rebuild against proposed-updates debootstrap Backport merged-/usr support changes from trixie: implement merged-/usr by post-merging, default to merged-/usr for suites newer than bookworm in all profiles devscripts Debchange: Update to current Debian distributions dhcpcd5 Change Breaks/Replaces dhcpcd5 to Conflicts di-netboot-assistant Fix support for bookworm live ISO image distro-info Update tests for distro-info-data 0.58+deb12u1, which adjusted Debian 7's EoL date distro-info-data Add Ubuntu 24.04 LTS Noble Numbat; fix several End Of Life dates eas4tbsync New upstream version, restoring compatibility with newer Thunderbird versions exfatprogs Fix out-of-bounds memory access issues [CVE-2023-45897] exim4 Fix security issues relating to the proxy protocol [CVE-2023-42117] and DNSDB lookups [CVE-2023-42119]; add hardening for SPF lookups; disallow UTF-16 surrogates from ${utf8clean:...}; fix crash with "tls_dhparam = none"; fix $recipients expansion when used within ${run...}; fix expiry date of auto-generated SSL certificates; fix crash induced by some combinations of zero-length strings and ${tr...} fonts-noto-color-emoji Add support for Unicode 15.1 gimp Add Conflicts and Replaces: gimp-dds to remove old versions of this plugin shipped by gimp itself since 2.10.10 gnome-characters Add support for Unicode 15.1 gnome-session Open text files in gnome-text-editor if gedit is not installed gnome-shell New upstream stable release; allow notifications to be dismissed with backspace key in addition to the delete key; fix duplicate devices shown when reconnecting to PulseAudio; fix possible use-after-free crashes on PulseAudio/Pipewire restart; avoid sliders in quick settings (volume, etc.) being reported to accessibility tools as their own parent object; align scrolled viewports to the pixel grid to avoid jitter visible during scrolling gnutls28 Fix timing sidechannel issue [CVE-2023-5981] gosa New upstream stable release gosa-plugins-sudo Fix uninitialised variable hash-slinger Fix generation of TLSA records intel-graphics-compiler Fix compatibility with stable's intel-vc-intrinsics version iotop-c Fix the logic in "only" option; fix busy loop when ESC is pressed; fix ASCII graph rendering jdupes Update prompts to help avoid choices that could lead to unexpected data loss lastpass-cli New upstream stable release; update certificate hashes; add support for reading encrypted URLs libapache2-mod-python Ensure binNMU versions are PEP-440-compliant libde265 Fix segmentation violation issue [CVE-2023-27102], buffer overflow issues [CVE-2023-27103 CVE-2023-47471], buffer over-read issue [CVE-2023-43887] libervia-backend Fix start failure without pre-existing configuration; make exec path absolute in dbus service file; fix dependencies on python3-txdbus/python3-dbus libmateweather Locations: add San Miguel de Tucuman (Argentina); update forecast zones for Chicago; update data server URL; fix some location names libsolv Enable support for zstd compression linux Update to upstream stable release 6.1.64; update ABI to 14; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] linux-signed-amd64 Update to upstream stable release 6.1.64; update ABI to 14; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] linux-signed-arm64 Update to upstream stable release 6.1.64; update ABI to 14; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] linux-signed-i386 Update to upstream stable release 6.1.64; update ABI to 14; [rt] Update to 6.1.59-rt16; enable X86_PLATFORM_DRIVERS_HP; nvmet: nul-terminate the NQNs passed in the connect command [CVE-2023-6121] llvm-toolchain-16 New backported package to support builds of newer chromium versions lxc Fix creating of ephemeral copies mda-lv2 Fix LV2 plugin installation location midge Remove non-free example files minizip Fix integer and heap overflow issues [CVE-2023-45853] mrtg Handle relocated configuration file; translation updates mutter New upstream stable release; fix the ability to drag libdecor windows by their title bar on touchscreens; fix flickering and rendering artifacts when using software rendering; improve GNOME Shell app grid performance by avoiding repainting monitors other than the one it is displayed on nagios-plugins-contrib Fix on-disk kernel version detection network-manager-openconnect Add User Agent to Openconnect VPN for NetworkManager node-undici Delete cookie and host headers on cross-origin redirect [CVE-2023-45143] nvidia-graphics-drivers New upstream release; fix null pointer dereference issue [CVE-2023-31022] nvidia-graphics-drivers-tesla New upstream release; fix null pointer dereference issue [CVE-2023-31022] nvidia-graphics-drivers-tesla-470 New upstream release; fix null pointer dereference issue [CVE-2023-31022] nvidia-open-gpu-kernel-modules New upstream release; fix null pointer dereference issue [CVE-2023-31022] opendkim Fix removal of incoming Authentication-Results: headers [CVE-2022-48521] openrefine Fix remote code execution vulnerability [CVE-2023-41887 CVE-2023-41886] opensc Fix out-of-bounds read issue [CVE-2023-4535], potential PIN bypass [CVE-2023-40660], memory-handling issues [CVE-2023-40661] oscrypto Fix OpenSSL version parsing; fix autopkgtest pcs Fix "resource move" perl Fix buffer overrun issue [CVE-2023-47038] php-phpseclib3 Fix denial of service issue [CVE-2023-49316] postgresql-15 New upstream stable release; fix SQL injection issue [CVE-2023-39417]; fix MERGE to enforce row security policies properly [CVE-2023-39418] proftpd-dfsg Fix size of SSH key exchange buffers python-cogent Only skip tests that require multiple CPUs when running on a single CPU system python3-onelogin-saml2 Fix expired test payloads pyzoltan Support building on single core systems qbittorrent Disable UPnP for web UI by default in qbittorrent-nox qemu Update to upstream stable release 7.2.7; hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] qpdf Fix data loss issue with some quoted octal strings redis Drop ProcSubset=pid hardening flag from the systemd unit due to it causing crashes rust-sd Ensure binary package versions sorts correctly relative to older releases (where it was built from a different source package) sitesummary Use systemd timer for running sitesummary-client if available speech-dispatcher-contrib Enable voxin on armhf and arm64 spyder Fix interface language auto-configuration symfony Fix session fixation issue [CVE-2023-46733]; add missing escaping [CVE-2023-46734] systemd New upstream stable release tbsync New upstream version, restoring compatibility with newer Thunderbird versions toil Only request a single core for tests tzdata Update leap second list unadf Fix buffer overflow issue [CVE-2016-1243]; fix code execution issue [CVE-2016-1244] vips Fix null pointer dereference issue [CVE-2023-40032] weborf Fix denial of service issue wormhole-william Disable flaky tests, fixing build failures xen New upstream stable update; fix several security issues [CVE-2022-40982 CVE-2023-20569 CVE-2023-20588 CVE-2023-20593 CVE-2023-34320 CVE-2023-34321 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-46835 CVE-2023-46836] yuzu Strip :native from glslang-tools build dependency, fixing build failure

Atualizações de segurança

Advisory ID Package DSA-5499 chromium DSA-5506 firefox-esr DSA-5508 chromium DSA-5511 mosquitto DSA-5512 exim4 DSA-5513 thunderbird DSA-5514 glibc DSA-5515 chromium DSA-5516 libxpm DSA-5517 libx11 DSA-5518 libvpx DSA-5519 grub-efi-amd64-signed DSA-5519 grub-efi-arm64-signed DSA-5519 grub-efi-ia32-signed DSA-5519 grub2 DSA-5520 mediawiki DSA-5521 tomcat10 DSA-5523 curl DSA-5524 libcue DSA-5525 samba DSA-5526 chromium DSA-5527 webkit2gtk DSA-5528 node-babel7 DSA-5529 slurm-wlm-contrib DSA-5529 slurm-wlm DSA-5531 roundcube DSA-5532 openssl DSA-5533 gst-plugins-bad1.0 DSA-5534 xorg-server DSA-5535 firefox-esr DSA-5536 chromium DSA-5538 thunderbird DSA-5539 node-browserify-sign DSA-5540 jetty9 DSA-5541 request-tracker5 DSA-5542 request-tracker4 DSA-5543 open-vm-tools DSA-5544 zookeeper DSA-5545 vlc DSA-5546 chromium DSA-5547 pmix DSA-5548 jtreg6 DSA-5548 openjdk-17 DSA-5549 trafficserver DSA-5550 cacti DSA-5551 chromium DSA-5552 ffmpeg DSA-5553 postgresql-15 DSA-5555 openvpn DSA-5556 chromium DSA-5557 webkit2gtk DSA-5558 netty DSA-5559 wireshark DSA-5560 strongswan DSA-5561 firefox-esr DSA-5562 tor DSA-5563 intel-microcode DSA-5564 gimp DSA-5565 gst-plugins-bad1.0 DSA-5566 thunderbird DSA-5567 tiff DSA-5568 fastdds DSA-5569 chromium DSA-5570 nghttp2 DSA-5571 rabbitmq-server Removed packages The following packages were removed due to circumstances beyond our control: Package Reason gimp-dds No longer required; integrated into GIMP

Atualização

Para atualizar o seu Debian, execute no terminal.

Atualize a lista de pacotes.

sudo apt update

Atualize o sistema.

sudo apt full-upgrade