Debian 12.10 “Bookworm” Has Been Released, Bringing Various Fixes

Unofficial Debian 12.10 Bookworm pretty changelog / release notes.

The Debian Project has announced the release of Debian 12.10 “Bookworm,” marking the tenth update to the Debian 12 series. This point release primarily addresses security vulnerabilities and includes various bug fixes to enhance system stability and performance.

Below is a summary of the most notable changes and improvements in this release. For detailed information, please refer to the official announcement.

Key Changes and Improvements in Debian 12.10:

• Security Updates:
  • 389-ds-base: Addressed multiple vulnerabilities, including:
    • Fixed crash when modifying userPassword with malformed input.
    • Prevented denial of service during login attempts with malformed password hashes.
    • Mitigated denial of service from specially-crafted LDAP queries.
  • curl: Resolved several security issues:
    • Fixed unintended HTTPS upgrades or premature reversion to HTTP in specific scenarios.
    • Addressed potential credential leakage vulnerabilities.
  • dcmtk: Implemented multiple security fixes:
    • Corrected issues when rendering invalid monochrome DICOM images.
    • Ensured HighBit is less than BitsAllocated to prevent errors.
    • Fixed potential overflows during memory allocation.
    • Addressed segmentation faults and arbitrary code execution vulnerabilities.
  • jinja2: Fixed arbitrary code execution vulnerabilities.
  • lemonldap-ng: Resolved a CSRF vulnerability on the 2FA registration interface.
• Bug Fixes and Improvements:
  • base-files: Updated for the point release.
  • bup: Introduced a new upstream bugfix release.
  • containerd: Fixed tests causing FTBFS (Fail To Build From Source) on the auto-builder network.
  • dacite: Adjusted to prevent caching of results from get_default_value_for_field.
  • debian-installer: Increased Linux kernel ABI to 6.1.0-32 and rebuilt against proposed updates.
  • debian-ports-archive-keyring: Added the 2026 key and moved 2023 and 2024 keys to the removed keyring.
  • dgit: Added missing parameters for the source upload target.
  • dns-root-data: Included the DNSKEY record for KSK-2024.
  • edk2: Addressed overflow conditions and potential UINT32 overflows in specific functions.
  • glibc: Implemented multiple fixes:
    • Corrected buffer overflow when printing assertion failure messages.
    • Improved memset performance for unaligned destinations.
    • Enhanced TLS performance after dlopen() usage.
    • Prevented integer truncation when parsing CPUID data with large cache sizes.
    • Ensured proper initialization of data passed to the rseq syscall.

Note: This summary highlights the most significant changes and improvements in Debian 12.10. For a comprehensive list of updates and technical details, please refer to the official announcement.