19 Mar
2015
19 Mar
'15
16:38
apticron report [Thu, 19 Mar 2015 16:38:12 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
file 5.11-2+deb7u8
libapache2-mod-php5 5.4.38-0+deb7u1
libmagic1 5.11-2+deb7u8
libssl1.0.0 1.0.1e-2+deb7u15
openssl 1.0.1e-2+deb7u15
php5 5.4.38-0+deb7u1
php5-cli 5.4.38-0+deb7u1
php5-common 5.4.38-0+deb7u1
php5-ldap 5.4.38-0+deb7u1
========================================================================
Package Details:
Lecture des fichiers de modifications (« changelog »)...
--- Modifications pour file (file libmagic1) ---
file (5.11-2+deb7u8) wheezy-security; urgency=high
* Fix partial reads in readelf.c [CVE-2014-9653]. Closes: #777585
-- Christoph Biedl <debian.axhn(a)manchmal.in-ulm.de> Sun, 15 Feb 2015 19:00:38
+0100
--- Modifications pour php5 (libapache2-mod-php5 php5 php5-cli php5-common php5-ldap) ---
php5 (5.4.38-0+deb7u1) wheezy-security; urgency=high
* New upstream version 5.4.38
- Core:
. Removed support for multi-line headers, as the are deprecated by
RFC 7230.
. Added NULL byte protection to exec, system and passthru.
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc
gethostbyname buffer overflow).
. Fixed bug #67827 (broken detection of system crypt sha256/sha512
support).
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
- SOAP:
. Fixed bug #67427 (SoapServer cannot handle large messages)
* Update patches for 5.4.38 release
* Pull patch from DragonFly BSD Project to limit the pattern space to
avoid a 32-bit overflow in Henry Spencer regular expressions (regex)
library (Closes: #778389)
* Drop PHP use system libs crypt patch, it has been broken and it's not
strictly needed
-- Ondřej Surý <ondrej(a)debian.org> Fri, 20 Feb 2015 11:41:40 +0100
php5 (5.4.37-0+deb7u1) wheezy-security; urgency=high
* New upstream version 5.4.37
+ Core:
- Fixed bug #68710 (Use After Free Vulnerability in PHP's
unserialize()) (CVE-2015-0231).
+ CGI:
- Fixed bug #68618 (out of bounds read crashes php-cgi)
(CVE-2014-9427).
+ EXIF:
- Fixed bug #68799 (Free called on unitialized pointer)
(CVE-2015-0232).
+ Fileinfo:
- Removed readelf.c and related code from libmagic sources.
- Fixed bug #68735 (fileinfo out-of-bounds memory access).
+ OpenSSL:
- Fixed bug #55618 (use case-insensitive cert name matching).
* Remove bugfixes that got merged into 5.4.37 release
-- Ondřej Surý <ondrej(a)debian.org> Mon, 26 Jan 2015 11:09:42 +0100
--- Modifications pour openssl (libssl1.0.0 openssl) ---
openssl (1.0.1e-2+deb7u15) wheezy-security; urgency=medium
* Fix CVE-2015-0286
* Fix CVE-2015-0287
* Fix CVE-2015-0289
* Fix CVE-2015-0292
* Fix CVE-2015-0293 (not affected, SSLv2 disabled)
* Fix CVE-2015-0209
* Fix CVE-2015-0288
* Remove export ciphers from DEFAULT.
* Make DTLS always act as if read_ahead is set. This fixes a regression
introduce by the fix for CVE-2014-3571. (Closes: #775502)
* Fix error codes.
-- Kurt Roeckx <kurt(a)roeckx.be> Tue, 17 Mar 2015 19:11:55 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron