The Debian project has announced the release of the fifth update for its stable distribution, Debian 12 (codename bookworm). This point release includes important security corrections and fixes for various issues. Security advisories have already been published separately and are available for reference.

This stable update includes important bug fixes for various packages. Here are some notable corrections:

• apktool: Prevents arbitrary file writes with malicious resource names [CVE-2024-21633]
• atril: Fixes crash when opening some epub files, index loading for certain epub documents, and adds fallback for malformed epub files in check_mime_type; uses libarchive for extracting documents instead of an external command [CVE-2023-51698]
• base-files: Updated for the 12.5 point release
• caja: Fixes desktop rendering artifacts after resolution changes and use of informal date format
• calibre: Fixes HTML Input to not add resources that exist outside the folder hierarchy rooted at the parent folder of the input HTML file by default [CVE-2023-46303]
• compton: Removes recommendation of picom
• cryptsetup: Adds support for compressed kernel modules, handles missing /lib/systemd/system-sleep directory, and changes suffix drop logic to match initramfs-tools
• debian-edu-artwork: Provides an Emerald theme based artwork for Debian Edu 12
• debian-edu-config: New upstream release
• debian-edu-doc: Updates included documentation and translations
• debian-edu-fai: New upstream release
• debian-edu-install: New upstream release; fixes security sources.list
• debian-installer: Increases Linux kernel ABI to 6.1.0-18; rebuilds against proposed-updates
• debian-installer-netboot-images: Rebuilds against proposed-updates
• debian-ports-archive-keyring: Adds Debian Ports Archive Automatic Signing Key (2025)
• dpdk: New upstream stable release
• dropbear: Fixes terrapin attack [CVE-2023-48795]
• engrampa: Fixes several memory leaks and archive save as functionality
• espeak-ng: Fixes buffer overflow and underflow issues, as well as a floating point exception issue [CVE-2023-49990 CVE-2023-49992 CVE-2023-49993 CVE-2023-49991 CVE-2023-49994]
• filezilla: Prevents Terrapin exploit [CVE-2023-48795]
• fish: Safely handles Unicode non-printing characters when given as command substitution [CVE-2023-49284]
• fssync: Disables flaky tests
• gnutls28: Fixes assertion failure when verifying a certificate chain with a cycle of cross signatures [CVE-2024-0567] and timing side-channel issue [CVE-2024-0553]
• indent: Fixes buffer under read issue [CVE-2024-0911]
• isl: Fixes use on older CPUs
• jtreg7: New source package to support builds of openjdk-17
• libdatetime-timezone-perl: Updates included timezone data
• libde265: Fixes buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
• libfirefox-marionette-perl: Fixes compatibility with newer firefox-esr versions
• libmateweather: Fixes URL for aviationweather.gov
• libspreadsheet-parsexlsx-perl: Fixes possible memory bomb [CVE-2024-22368] and XML External Entity issue [CVE-2024-23525]
• linux: New upstream stable release; bumps ABI to 18
• linux-signed-amd64: New upstream stable release; bumps ABI to 18
• linux-signed-arm64: New upstream stable release; bumps ABI to 18
• linux-signed-i386: New upstream stable release; bumps ABI to 18
• localslackirc: Sends authorization and cookie headers to the websocket
• mariadb: New upstream stable release; fixes denial of service issue [CVE-2023-22084]
• mate-screensaver: Fixes memory leaks
• mate-settings-daemon: Fixes memory leaks, relaxes High DPI limits, and fixes handling of multiple rfkill events
• mate-utils: Fixes various memory leaks
• monitoring-plugins: Fixes check_http plugin when –no-body is used and the upstream response is chunked
• needrestart: Fixes microcode check regression on AMD CPUs
• netplan.io: Fixes autopkgtests with newer systemd versions
• nextcloud-desktop: Fixes syncing files with special characters like ‘:’ and two-factor authentication notifications
• node-yarnpkg: Fixes use with Commander 8
• onionprobe: Fixes initialization of Tor if using hashed passwords
• pipewire: Uses malloc_trim() to release memory when available
• pluma: Fixes memory leak issues and double activation of extensions
• postfix: New upstream stable release; addresses SMTP smuggling issue [CVE-2023-51764]
• proftpd-dfsg: Implements fix for the Terrapin attack [CVE-2023-48795] and fixes out-of-bounds read issue [CVE-2023-51713]
• proftpd-mod-proxy: Implements fix for the Terrapin attack [CVE-2023-48795]
• pypdf: Fixes infinite loop issue [CVE-2023-36464]
• pypdf2: Fixes infinite loop issue [CVE-2023-36464]
• pypy3: Avoids an rpython assertion error in the JIT if integer ranges don’t overlap in a loop
• qemu: New upstream stable release; fixes virtio-net, null pointer dereference, and suspend/resume functionality issues [CVE-2023-6693 CVE-2023-6683]
• rpm: Enables the read-only BerkeleyDB backend
• rss-glx: Installs screensavers into /usr/libexec/xscreensaver and calls GLFinish() prior to glXSwapBuffers()
• spip: Fixes two cross-site scripting issues
• swupdate: Prevents acquiring root privileges through inappropriate socket mode
• systemd: New upstream stable release; fixes missing verification issue in systemd-resolved [CVE-2023-7008]
• tar: Fixes boundary checking in base-256 decoder [CVE-2022-48303] and handling of extended header prefixes [CVE-2023-39804]
• tinyxml: Fixes assertion issue [CVE-2023-34194]
• tzdata: New upstream stable release
• usb.ids: Updates included data list
• usbutils: Fixes usb-devices not printing all devices
• usrmerge: Cleans up biarch directories when not needed, avoids running convert-etc-shells again on converted systems, handles mounted /lib/modules on Xen systems, improves error reporting, and adds versioned conflicts with libc-bin, dhcpcd, libparted1.8-10, and lustre-utils
• wolfssl: Fixes security issue when client sends neither PSK nor KSE extensions [CVE-2023-3724]
• xen: New upstream stable release; includes security fixes [CVE-2023-46837 CVE-2023-46839 CVE-2023-46840]

For a complete list of package changes in this revision, you can visit https://deb.debian.org/debian/dists/bookworm/ChangeLog.

Debian 12.4 has been released, superseding Debian 12.3 which had a bug that could potentially cause data corruption. The bug, which was reported under the bug advisory #1057843, concerned issues with kernel-image-6.1.0-14 (6.1.64-1). The latest release, Debian 12.4, includes fixes for this bug, along with other important bug fixes.

Debian 12.4 is an update to the stable distribution Debian 12, codenamed “bookworm”. This point release focuses on correcting security issues and addressing other serious problems. It is important to note that Debian 12.4 does not represent a new version of Debian 12, but rather updates certain packages included in the distribution. Users do not need to discard their old Debian 12 media, as they can simply upgrade their packages to the current versions using an up-to-date Debian mirror.

For users who regularly install updates from security.debian.org, there will be minimal package updates with this point release, as most of the updates have already been included. New installation images will be made available soon at the usual locations.

The update includes a comprehensive list of bug fixes for various packages. The complete list of bug fixes can be found in the Debian 12.4 Changelog. In addition to bug fixes, Debian 12.4 also includes security updates. The Security Team has released advisories for each of these updates, addressing vulnerabilities in packages such as Chromium, Firefox ESR, Exim4, Thunderbird, and more. The installer has also been updated to include the fixes incorporated into the stable release by the point release.

For more information about Debian 12.4, including the complete list of packages that have changed, the current stable distribution, proposed updates, and security announcements, visit the Debian website.

Olimex has recently released the STMP157-BASE-SOM-EXT system-on-module (SoM) powered by an STMicro STM32MP157 dual-core Cortex-A7 microprocessor. The SoM is accompanied by the STMP157-BASE-SOM-EVB evaluation board, which is open-source hardware designed in KiCAD. The CPU module features 1GB RAM, an EEPROM for configuration, and power management circuitry. The carrier board provides various interfaces and features including HDMI video output, LCD display interfaces, a 2MP camera, gigabit Ethernet, USB ports, CAN bus terminal block, audio jacks, and several GPIO headers.

The specifications of the STMP157-BASE-SOM-EXT System-on-Module are as follows:

• Microprocessor: STMicro STM32MP157DAA1 dual-core Cortex-A7 processor @ 800 MHz with Arm Cortex-M4 real-time core @ 209 MHz, and Vivante 3D GPU with OpenGL ES 2.0 support
• System Memory: 1GB DDR3
• Storage: Linux configuration EEPROM
• Host interface: 6x 40-pin board-to-board connectors with 1.27mm pitch for I/Os
• Misc: User LED, 24 MHz oscillator
• Power Management: AXP209 PMIC, LDO, DCDC power management
• Dimensions: 72 x 48 mm

The STMP157-BASE-SOM-EVB carrier board is compatible with the STMP157-BASE-SOM-EXT CPU module and offers the following specifications:

• Storage: MicroSD card slot
• Video Output: HDMI output, MIPI LCD connector, RGB LCD connector compatible with LCD-OLinuXino-5CTS, LCD-OLinuXino-7.0CTS, LCD-OLinuXino-10CTS
• Camera: 2MP MIPI CSI camera (OV2640-120 sensor)
• Audio: 3.5mm headphones jack, 3.5mm microphone jack
• Networking: Gigabit Ethernet port
• USB: 2x USB 2.0 Type-A host ports, 1x USB OTG port
• Serial: 2x CAN Bus terminal blocks
• Expansion: UEXT connector, EXT1 and EXT2 GPIO connectors
• Debugging: 3-pin UART connector, optional JTAG connector (not populated)
• Misc: Reset button, Power LED, flash module connector, boot configuration slide switch
• Power Supply: 5V/2A via power barrel jack, 2-pin connector for LiPo battery with built-in charging circuit
• Dimensions: 122 x 106 mm

Olimex provides a minimal Debian 11 image with Linux 6.x for both the module and EVB. User manuals, PDF schematics, and a Linux user guide can be found on the product page for the SoM, while the KiCAD hardware design files, PDF schematics, and user manual for the EVB can be found on GitHub. Pre-orders for the STM32MP157 SoM and EVB are now available for 30 Euros each, with shipping scheduled to begin on November 30. More documentation and the option to purchase can be found on the respective product pages.

Source: CNX Software – Embedded Systems News.

Radxa has introduced the Radxa Zero 3W single-board computer (SBC), which features a 1.6 GHz Rockchip RK3566 processor and up to 8GB of RAM. The board is designed in the compact Raspberry Pi Zero 2 W form factor, making it one of the most powerful Arm Linux SBCs in this size.

The Radxa Zero 3W comes with various features, including an optional eMMC flash with up to 64GB capacity, a microSD card slot, a micro HDMI port, two USB Type-C ports, WiFi 4 and Bluetooth 5.0 wireless connectivity, a MIPI CSI camera connector, and a 40-pin Raspberry Pi GPIO header.

Here are the specifications of the Radxa Zero 3W:

• SoC: Rockchip RK3566 with a quad-core Arm Cortex-A55 processor clocked at 1.6 GHz, Arm Mali G52-2EE GPU, 0.8 TOPS AI accelerator, and 4Kp60 video decoding capabilities
• System Memory: 1GB, 2GB, 4GB, or 8GB LPDDR4
• Storage: Optional 8GB, 16GB, 32GB, or 64GB eMMC 5.1 flash, and a microSD card slot
• Video Output: Micro HDMI port up to 1080p60
• Camera: MIPI CSI connector compatible with Raspberry Pi Camera V1.3 and Raspberry Pi Camera V2
• Wireless: WiFi 4 (802.11 b/g/n) and Bluetooth 5.0
• USB: 1x USB 3.0 Type-C host port and 1x USB 2.0 Type-C OTG port
• Expansion: 40-pin GPIO header with multiple interfaces
• Power Supply: 5V/1A (minimum) via USB-C OTG port
• Dimensions: 65 x 30mm

Radxa provides Debian and Ubuntu OS images, as well as a hardware access/control library for Linux. To get started, users will need a 5V power supply, a microSD card, and necessary peripherals like an HDMI monitor or TV, USB keyboard and mouse, and potentially a USB to serial debug board and a MIPI CSI camera.

Despite having a similar form factor to the Raspberry Pi Zero 2 W, the Radxa Zero 3W has some connector differences, such as micro HDMI instead of mini HDMI, and a different placement of the MIPI CSI connector and microSD card slot.

Performance-wise, the Radxa Zero 3W with the Rockchip RK3566 processor has been found to be significantly faster than the Raspberry Pi Zero 2 W in benchmarks. The RK3566 processor has been in the market for several years, and benchmark results are available.

The Radxa Zero 3W is listed on AllNet China, starting at $15 for the model with 1GB RAM and no eMMC flash or GPIO headers. The price goes up to $66 for the variant with 8GB RAM, 64GB eMMC flash, and female GPIO headers soldered to the board. However, all variants are currently sold out, and it is unclear when there will be stock available.

In addition to the Radxa Zero 3W, Radxa is also working on a wider Zero 2 Pro board with a 2.2 GHz Amlogic A311D processor, which will offer even more performance and require a proper cooling solution with a heatsink and a small fan.

Source: CNX Software – Embedded Systems News.

Debian 12.2 has been released, incorporating the latest security fixes and stable back-ports for Debian 12 Bookworm. This stable point release includes a new version of the Linux 6.1 kernel and the latest linux-firmware/microcode support.

One of the notable updates in Debian 12.2 is the inclusion of mitigations for the AMD Inception (SRSO) vulnerability, which was made public in August. Additionally, the release addresses the Intel Downfall vulnerability, also disclosed in August.

Furthermore, Debian 12.2 includes several other security fixes, enhancing overall system security. For a detailed list of package updates and security fixes, refer to the release announcement on Debian’s website.

Source: Phoronix.