Monitoring Mars 2015

monitoring@federez.net

4 participants
47 discussions

par root＠baldrick.crans.org

apticron report [Sun, 15 Mar 2015 16:44:14 +0000] ======================================================================== apticron has detected that some packages need upgrading on: baldrick [ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ] [ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ] The following packages are currently pending an upgrade: libicu48 4.8.1.1-12+deb7u2 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour icu (libicu48) --- icu (4.8.1.1-12+deb7u2) stable-security; urgency=high * Non-maintainer upload by the Security Team. - Thanks to Marc Deslauriers for many of the backports. * Backport of icu's new layout engine. - Fixes CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, and CVE-2013-2419. * CVE-2014-6585: out-of-bounds read. * CVE-2014-6591: more out-of-bounds reads. * CVE-2014-7923: memory corruption in regular expression comparison. * CVE-2014-7926: memory corruption in regular expression comparison. * CVE-2014-7940: uninitialized memory in i18n/icol.cpp. * CVE-2014-9654: more regular expression handling issues. -- Michael Gilbert <mgilbert(a)debian.org> Sun, 15 Mar 2015 01:30:40 +0000 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on baldrick -- apticron

11 années

5 Debian package update(s) for baldrick

par root＠baldrick.crans.org

apticron report [Sat, 14 Mar 2015 16:44:10 +0000] ======================================================================== apticron has detected that some packages need upgrading on: baldrick [ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ] [ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libnss3 2:3.14.5-1+deb7u4 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 --- Modifications pour nss (libnss3) --- nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-1569.patch. CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. (Closes: #773625) -- Salvatore Bonaccorso <carnil(a)debian.org> Mon, 29 Dec 2014 16:11:33 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on baldrick -- apticron

11 années

4 Debian package update(s) for quigon.federez.net

par root＠quigon.rez-gif.supelec.fr

apticron report [Sat, 14 Mar 2015 16:38:12 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron

11 années

5 Debian package update(s) for hexagon.federez.net

par root＠hexagon.federez.net

apticron report [Sat, 14 Mar 2015 09:48:16 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libnss3 2:3.14.5-1+deb7u4 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 --- Modifications pour nss (libnss3) --- nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-1569.patch. CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. (Closes: #773625) -- Salvatore Bonaccorso <carnil(a)debian.org> Mon, 29 Dec 2014 16:11:33 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron

11 années

5 Debian package update(s) for baldrick

par root＠baldrick.crans.org

apticron report [Fri, 13 Mar 2015 16:44:11 +0000] ======================================================================== apticron has detected that some packages need upgrading on: baldrick [ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ] [ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libnss3 2:3.14.5-1+deb7u4 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 --- Modifications pour nss (libnss3) --- nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-1569.patch. CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. (Closes: #773625) -- Salvatore Bonaccorso <carnil(a)debian.org> Mon, 29 Dec 2014 16:11:33 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on baldrick -- apticron

11 années

4 Debian package update(s) for quigon.federez.net

par root＠quigon.rez-gif.supelec.fr

apticron report [Fri, 13 Mar 2015 16:38:11 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron

11 années

5 Debian package update(s) for hexagon.federez.net

par root＠hexagon.federez.net

apticron report [Fri, 13 Mar 2015 09:48:16 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: gnupg 1.4.12-7+deb7u7 gpgv 1.4.12-7+deb7u7 libgcrypt11 1.5.0-5+deb7u3 libnss3 2:3.14.5-1+deb7u4 libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour gnupg (gnupg gpgv) --- gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 18:46:34 +0100 --- Modifications pour libgcrypt11 --- libgcrypt11 (1.5.0-5+deb7u3) wheezy-security; urgency=high * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 04 Mar 2015 19:39:20 +0100 --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 --- Modifications pour nss (libnss3) --- nss (2:3.14.5-1+deb7u4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-1569.patch. CVE-2014-1569: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. (Closes: #773625) -- Salvatore Bonaccorso <carnil(a)debian.org> Mon, 29 Dec 2014 16:11:33 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron

11 années

1 Debian package update(s) for baldrick

par root＠baldrick.crans.org

apticron report [Thu, 12 Mar 2015 16:44:08 +0000] ======================================================================== apticron has detected that some packages need upgrading on: baldrick [ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ] [ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ] The following packages are currently pending an upgrade: libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on baldrick -- apticron

11 années

1 Debian package update(s) for quigon.federez.net

par root＠quigon.rez-gif.supelec.fr

apticron report [Thu, 12 Mar 2015 16:38:09 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron

11 années

1 Debian package update(s) for hexagon.federez.net

par root＠hexagon.federez.net

apticron report [Thu, 12 Mar 2015 09:48:15 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: libssh2-1 1.4.2-1.1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.4.2-1.1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 06 Mar 2015 18:46:50 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron

11 années

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Monitoring Mars 2015