Over the weekend, the Debian project announced the availability of Debian 12.10, which comes with all the latest security patches rolled into the ISO image. If you’re already running Debian 12, you can just install available updates to get to Debian 12.10. The main benefit of this update is for those installing Debian on a system, with the updates included; you don’t have to download them post-install.
Many pieces of software have been updated. Firefox ESR, Chromium, Thunderbird, and LibreOffice are some popular pieces of software that receive security updates. Some of the other popular packages that have received updates in Debian 12.10 include:
- Curl: Fix unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used [CVE-2024-9681]; prevent stopping of stunnel before retries in the built-time tests; fix possible credentials leakage issues [CVE-2024-11053 CVE-2025-0167]; fix test failures due to port clashes.
- Glibc: Fix buffer overflow when printing assertion failure message [CVE-2025-0395]; fix memset performance for unaligned destinations; fix TLS performance degradation after dlopen() usage; avoid integer truncation when parsing CPUID data with large cache sizes; ensure data passed to the rseq syscall are properly initialized.
- Linux: New upstream release; bump ABI to 32.
- Mariadb: New upstream stable release; fix security issue [CVE-2024-21096]; fix denial of service issue [CVE-2025-21490].
If you already have Debian 12 installation media, there is no need to download this update; you can simply grab the packages via the updater. If you have an offline machine, obtaining this update could be a good idea, as fixes and security issues are resolved with this new ISO.
The Debian team didn’t mention any other issues in its announcement. If you want to download the new ISO, just head over to the Debian website and go to the download section.
0 Comments - Add comment