[Monitoring] 4 Debian package update(s) for hexagon.federez.net

apticron report [Wed, 08 Apr 2015 10:48:15 +0200] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: arj 3.10.22-10+deb7u1 libgd2-xpm 2.0.36~rc1~dfsg-6.1+deb7u1 libxml2 2.8.0+dfsg1-7+wheezy4 mailman 1:2.1.15-1+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour arj --- arj (3.10.22-10+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team with patches from Guillem Jover * Fix buffer overflow from size under user control. This is causing free() on an invalid pointer. Fixes: CVE-2015-2782 (Closes: #774015) * Fix absolute path directory traversal. Fixes: CVE-2015-0557 (Closes: #774435) * Fix symlink directory traversal. Fixes: CVE-2015-0556 (Closes: #774434) -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 03 Apr 2015 20:21:46 +0200 --- Modifications pour libgd2 (libgd2-xpm) --- libgd2 (2.0.36~rc1~dfsg-6.1+deb7u1) wheezy-security; urgency=high * Fix NULL pointer dereference when reading XPM files with a crafted color table as per CVE-2014-2497 (Closes: #744719) * Fix buffer read overflow when reading invalid GIF files as per CVE-2014-9709 -- Alessandro Ghedini <ghedo(a)debian.org> Wed, 01 Apr 2015 15:50:38 +0200 --- Modifications pour libxml2 --- libxml2 (2.8.0+dfsg1-7+wheezy4) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add missing required patches for CVE-2014-3660. The two upstream commits a3f1e3e5712257fd279917a9158278534e8f4b72 and cff2546f13503ac028e4c1f63c7b6d85f2f2d777 are required in addition to the commit be2a7edaf289c5da74a4f9ed3a0b6c733e775230 to fix CVE-2014-3660 due to changes in the use of ent->checked. Fixes "libxml2: CVE-2014-3660 patch makes installation-guide FTBFS". (Closes: #774358) * Refresh cve-2014-3660.patch patch * Refresh cve-2014-3660-bis.patch patch -- Salvatore Bonaccorso <carnil(a)debian.org> Sat, 04 Apr 2015 11:01:18 +0200 --- Modifications pour mailman --- mailman (1:2.1.15-1+deb7u1) wheezy-security; urgency=high * Fix security issue: path traversal through local_part. Affects installations which use an Exim or Postfix transport instead of fixed aliases; attacker needs to be able to place files on the local filesystem. (CVE-2015-2775, Closes: 781626) -- Thijs Kinkhorst <thijs(a)debian.org> Mon, 06 Apr 2015 18:17:34 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron