The manufacturer Debian Project has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Secure Boot and other operating systems

Updated Debian 12: 12.7 released
August 31st, 2024

Secure Boot and other operating systems

  • Users who boot other operating systems on the same hardware, and who have Secure Boot enabled, should be aware that shim 15.8 (included with Debian 12.7) revokes signatures across older versions of shim in the UEFI firmware. This may leave other operating systems using shim before 15.8 unable to boot.
    Affected users can temporarily disable Secure Boot before updating other operating systems.

Miscellaneous Bugfixes
This stable update adds a few important corrections to the following packages:

  • amd64-microcode: New upstream release; security fixes [CVE-2023-31315]; SEV firmware fixes [CVE-2023-20584 CVE-2023-31356]
    - ansible: New upstream stable release; fix key leakage issue [CVE-2023-4237]
  • ansible-core: New upstream stable release; fix information disclosure issue [CVE-2024-0690]; fix template injection issue [CVE-2023-5764]; fix path traversal issue [CVE-2023-5115]
  • apache2: New upstream stable release; fix content disclosure issue [CVE-2024-40725]
  • base-files: Update for the point release
  • cacti Fix remote code execution issues [CVE-2024-25641 CVE-2024-31459], cross site scripting issues [CVE-2024-29894 CVE-2024-31443 CVE-2024-31444], SQL injection issues [CVE-2024-31445 CVE-2024-31458 CVE-2024-31460], type juggling issue [CVE-2024-34340]; fix autopkgtest failure
  • calamares-settings-debian Fix Xfce launcher permission issue
  • calibre Fix remote code execution issue [CVE-2024-6782, cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009]
  • choose-mirror Update list of available mirrors
    - cockpit Fix denial of service issue [CVE-2024-6126]
    - cups Fix issues with domain socket handling [CVE-2024-35235]
  • curl Fix ASN.1 date parser overread issue [CVE-2024-7264]
  • cyrus-imapd Fix regression introduced in CVE-2024-34055 fix
  • dcm2niix Fix potential code execution issue [CVE-2024-27629]
  • debian-installer Increase Linux kernel ABI to 6.1.0-25; rebuild against proposed-updates
    - debian-installer-netboot-images Rebuild against proposed-updates
  • dmitry Security fixes [CVE-2024-31837 CVE-2020-14931 CVE-2017-7938]
  • dropbear Fix noremotetcp behaviour of keepalive packets in combination with the no-port-forwarding authorized_keys(5) restriction
    - gettext.js Fix server side request forgery issue [CVE-2024-43370]
    - glibc Fix freeing uninitialized memory in libc_freeres_fn(); fix several performance issues and possible crashses
  • glogic Require Gtk 3.0 and PangoCairo 1.0
  • graphviz Fix broken scale
  • gtk+2.0 Avoid looking for modules in the current working directory [CVE-2024-6655]
    - gtk+3.0 Avoid looking for modules in the current working directory [CVE-2024-6655]
    - imagemagick Fix segmentation fault issue; fix incomplete fix for CVE-2023-34151
    - initramfs-tools hook_functions: Fix copy_file with source including a directory symlink; hook-functions: copy_file: Canonicalise target filename; install hid-multitouch module for Surface Pro 4 Keyboard; add hyper-keyboard module, needed to enter LUKS password in Hyper-V; auto_add_modules: Add onboard_usb_hub, onboard_usb_dev
  • intel-microcode New upstream release; security fixes [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939]
    - ipmitool Add missing enterprise-numbers.txt file
  • libapache2-mod-auth-openidc Avoid crash when the Forwarded header is not present but OIDCXForwardedHeaders is configured for it
    - libnvme Fix buffer overflow during scanning devices that do not support sub-4k reads
    - libvirt birsh: Make domif-setlink work more than once; qemu: domain Fix logic when tainting domain; fix denial of service issues [CVE-2023-3750 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496]
  • linux New upstream release; bump ABI to 25
  • linux-signed-amd64 New upstream release; bump ABI to 25
  • linux-signed-arm64 New upstream release; bump ABI to 25
  • linux-signed-i386 New upstream release; bump ABI to 25
  • newlib Fix buffer overflow issue [CVE-2021-3420]
  • numpy Conflict with python-numpy
  • openssl New upstream stable release; fix denial of service issues [CVE-2024-2511 CVE-2024-4603]; fix use after free issue [CVE-2024-4741]
  • poe.app Make comment cells editable; fix drawing when an NSActionCell in the preferences is acted on to change state
  • putty Fix weak ECDSA nonce generation allowing secret key recovery [CVE-2024-31497]
  • qemu New upstream stable release; fix denial of service issue [CVE-2024-4467]
  • riemann-c-client Prevent malformed payload in GnuTLS send/receive operations
    - rustc-web New upstream stable release, to support building new chromium and firefox-esr versions
  • shim New upstream release
  • shim-helpers-amd64-signed Rebuild against shim 15.8.1
  • shim-helpers-arm64-signed Rebuild against shim 15.8.1
  • shim-helpers-i386-signed Rebuild against shim 15.8.1
    - shim-signed New upstream stable release
  • systemd: New upstream stable release; update hwdb
  • usb.ids Update: included data list
  • xmedcon: Fix buffer overflow issue [CVE-2024-29421]
Receive Important Update Messages Stay tuned for upcoming Debian Project Debian updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad