[Monitoring] 15 Debian package update(s) for quigon.federez.net

apticron report [Thu, 01 Jun 2017 00:38:22 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: imagemagick 8:6.8.9.9-5+deb8u9 imagemagick-6.q16 8:6.8.9.9-5+deb8u9 imagemagick-common 8:6.8.9.9-5+deb8u9 ldap-utils 2.4.40+dfsg-1+deb8u3 libjbig2dec0 0.13-4~deb8u2 libldap-2.4-2 2.4.40+dfsg-1+deb8u3 libmagickcore-6.q16-2 8:6.8.9.9-5+deb8u9 libmagickcore-6.q16-2-extra 8:6.8.9.9-5+deb8u9 libmagickwand-6.q16-2 8:6.8.9.9-5+deb8u9 libtasn1-6 4.2-3+deb8u3 login 1:4.2-3+deb8u4 passwd 1:4.2-3+deb8u4 python-cffi-backend 1.9.1-2~bpo8+1 slapd 2.4.40+dfsg-1+deb8u3 sudo 1.8.10p3-1+deb8u4 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour imagemagick (imagemagick imagemagick-6.q16 imagemagick-common libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickwand-6.q16-2) --- imagemagick (8:6.8.9.9-5+deb8u9) jessie-security; urgency=high * Security fixes various: + CVE-2017-7606: Undefined behavior in rle (Closes: #859771). + CVE-2017-7619: Infinite loop due to rounding error (Closes: #859769). + CVE-2017-7941 memory leak in sgi (Closes: #860734). + CVE-2017-7943 memory leak in svg (Closes: #860736). * Security fixes DOS: + Fix CVE-2017-8343: The ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862572). + Fix CVE-2017-8344: Fix DOS in PCX file coders. (Closes: #862574). + Fix CVE-2017-8345: The ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862573) + Fix CVE-2017-8346: The ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (Closes: #862575). + Fix CVE-2017-8347: Fix DOS in EXR file coders. (Closes: #862577). + Fix CVE-2017-8348: Fix DOS in MAT file coders. (Closes: #862578). + Fix CVE-2017-8349: Fix DOS in SWF file coders. (Closes: #862579). + Fix CVE-2017-8350: Fix DOS in png file coders. (Closes: #862587). + Fix CVE-2017-8351: Fix DOS in pcd file coders. (Closes: #862589). + Fix CVE-2017-8352: Fix DOS in xwd file coders. (Closes: #862590). + Fix CVE-2017-8353: Fix DOS in pict file coders. (Closes: #862632). + Fix CVE-2017-8354: Fix DOS in bmp file coders. (Closes: #862633). + Fix CVE-2017-8355: Fix DOS in mtv file coders. (Closes: #862634). + Fix CVE-2017-8356: Fix DOS in sun file coders. (Closes: #862635). + Fix CVE-2017-8357: Fix DOS in ept file coders. (Closes: #862636). + Fix CVE-2017-8765: Fix DOS in icon file coders. (Closes: #862653). + Fix CVE-2017-8830: Fix DOS in bmp file coders. (Closes: #862637). * Security fixes assertion failure and memory leaks: + Check for EOF conditions for RLE image format. (Closes: #863126). Fix CVE-2017-9144. + A crafted file revealed an assertion failure in blob.c. (Closes: #863125). Fix CVE-2017-9142. + A crafted file revealed an assertion failure in profile.c. (Closes: #863124). Fix CVE-2017-9142. + Specially crafted arts file could lead to memory leak. (Closes: #863123). Fix CVE-2017-9143. * Fix an information leak due to the use of uninitialized memory in RLE decoder. (Closes: #862967). Fix CVE-2017-9098. * Fix a regression in memory allocation due to a previous security fix. (Closes: #859772). * Change my mail adress to the debian one. -- Bastien Roucariès <rouca(a)debian.org> Fri, 05 May 2017 11:47:25 +0200 --- Modifications pour jbig2dec (libjbig2dec0) --- jbig2dec (0.13-4~deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Prevent integer overflow vulnerability (CVE-2017-7885) (Closes: #860460) * Prevent SEGV due to integer overflow (CVE-2017-7975) (Closes: #860788) * Bounds check before reading from image source data (CVE-2017-7976) (Closes: #860787) -- Salvatore Bonaccorso <carnil(a)debian.org> Tue, 16 May 2017 22:35:00 +0200 --- Modifications pour libtasn1-6 --- libtasn1-6 (4.2-3+deb8u3) jessie-security; urgency=high * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-6891 (Closes: #863186) two errors in the "asn1_find_node()" function (lib/parser_aux.c) can be exploited to cause a stacked-based buffer overflow. -- Thorsten Alteholz <debian(a)alteholz.de> Tue, 23 May 2017 19:01:02 +0200 --- Modifications pour openldap (ldap-utils libldap-2.4-2 slapd) --- openldap (2.4.40+dfsg-1+deb8u3) jessie-security; urgency=high * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free in the MDB backend on a search including the Paged Results control with a page size of 0. (ITS#8655) (CVE-2017-9287) (Closes: #863563) -- Ryan Tandy <ryan(a)nardis.ca> Sun, 28 May 2017 16:08:03 -0700 --- Modifications pour shadow (login passwd) --- shadow (1:4.2-3+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Reset pid_child only if waitpid was successful. This is a regression fix for CVE-2017-2616. If su receives a signal like SIGTERM, it is not propagated to the child. (Closes: #862806) -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 17 May 2017 12:58:54 +0200 --- Modifications pour sudo --- sudo (1.8.10p3-1+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2017-1000367: Fix parsing of /proc/[pid]/stat -- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 28 May 2017 13:25:43 +0200 --- Modifications pour python-cffi (python-cffi-backend) --- python-cffi (1.9.1-2~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports, carrying this change from 1.4.2-2~bpo8+1: - Breaks: Packages in jessie that aren't compatible with cffi 1.0. * Don't generate versioned Provides, dpkg isn't ready for them yet. -- Stefano Rivera <stefanor(a)debian.org> Tue, 23 May 2017 17:19:24 -0700 python-cffi (1.9.1-2) unstable; urgency=medium * Patch kfreebsd-mtime-resolution: Explicitly flush import cache after creating a Python module in test_recompiler. Fixes test failures on kFreeBSD. -- Stefano Rivera <stefanor(a)debian.org> Fri, 30 Dec 2016 19:15:07 +0100 python-cffi (1.9.1-1) unstable; urgency=medium * New upstream release. -- Stefano Rivera <stefanor(a)debian.org> Fri, 30 Dec 2016 12:54:55 +0100 python-cffi (1.7.0-1) unstable; urgency=medium * New upstream release. (Closes: #811953) -- Stefano Rivera <stefanor(a)debian.org> Mon, 01 Aug 2016 12:52:35 -0400 python-cffi (1.6.0-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 3.9.8, no changes needed. * britney now supports versioned Provides, so generate them in pydist. -- Stefano Rivera <stefanor(a)debian.org> Sat, 07 May 2016 18:57:57 +0200 python-cffi (1.5.2-1) unstable; urgency=medium * New upstream release. * Drop all patches, superseded upstream. * Switch VCS fields to the same https URL * Switch watch file to use https. * Bump Standards-Version to 3.9.7, no changes needed. * Instruct virtualenv to never download, during package tests. -- Stefano Rivera <stefanor(a)debian.org> Thu, 18 Feb 2016 00:09:22 -0800 python-cffi (1.5.0-1) unstable; urgency=medium * New upstream release * Bump dh-python Build-Dep to a version that can correctly use --ext-dest-dir. * Drop patches superseded upstream. * Patch the new extension system to work with pybuild, and support -dbg interpreters. * Bump copyright years. -- Stefano Rivera <stefanor(a)debian.org> Sun, 17 Jan 2016 11:03:41 -0800 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron