apticron report [Sat, 02 Jul 2016 10:48:21 +0200] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: linux-image-3.16.0-4-amd64 3.16.7-ckt25-2+deb8u2 linux-libc-dev 3.16.7-ckt25-2+deb8u2 tzdata 2016e-0+deb8u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour linux (linux-image-3.16.0-4-amd64 linux-libc-dev) --- linux (3.16.7-ckt25-2+deb8u2) jessie-security; urgency=high * Fix backport of "netfilter: x_tables: validate targets of jumps" * netfilter: ensure number of counters is >0 in do_replace() -- Ben Hutchings <ben(a)decadent.org.uk> Sat, 25 Jun 2016 23:36:47 +0200 linux (3.16.7-ckt25-2+deb8u1) jessie-security; urgency=high [ Ben Hutchings ] * include/linux/poison.h: fix LIST_POISON{1,2} offset (CVE-2016-0821) * [s390*] mm: four page table levels vs. fork (CVE-2016-2143) * [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157) * [amd64] entry/compat: Add missing CLAC to entry_INT80_32 * netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-3134, CVE-2016-4997, CVE-2016-4998) - validate e->target_offset early - make sure e->next_offset covers remaining blob size - fix unconditional helper - don't move to non-existent next rule - validate targets of jumps - add and use xt_check_entry_offsets - kill check_entry helper - assert minimum target size - add compat version of xt_check_entry_offsets - check standard target size too - check for bogus target offset - validate all offsets and sizes in a rule - don't reject valid target size on some - arp_tables: simplify translate_compat_table args - ip_tables: simplify translate_compat_table args - ip6_tables: simplify translate_compat_table args - xt_compat_match_from_user doesn't need a retval - do compat validation via translate_table - introduce and use xt_copy_counters_from_user * Ignore ABI change in x_tables * ipv4: Don't do expensive useless work during inetdev destroy. (CVE-2016-3156) * [x86] standardize mmap_rnd() usage * [x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672) * usbnet: Fix possible memory corruption after probe failure (CVE-2016-3951) - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind - usbnet: cleanup after bind() in probe() * atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117) * mm: hugetlb: allow hugepages_supported to be architecture specific * ecryptfs: fix handling of directory opening * ecryptfs: forbid opening files without mmap handler (CVE-2016-1583) * Input: aiptek - fix crash on detecting device without endpoints (CVE-2015-7515) * ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk() (CVE-2016-2184) * ALSA: usb-audio: Add sanity checks for endpoint accesses * Input: ati_remote2 - fix crashes on detecting device with invalid descriptor (CVE-2016-2185) * Input: powermate - fix oops with malicious USB descriptors (CVE-2016-2186) * Input: gtco - fix crash on detecting device without endpoints (CVE-2016-2187) * USB: mct_u232: add sanity checking in probe (CVE-2016-3136) * USB: cypress_m8: add endpoint sanity check (CVE-2016-3137) * USB: cdc-acm: more sanity checking (CVE-2016-3138) * USB: digi_acceleport: do sanity checking for the number of ports (CVE-2016-3140) * mm: migrate dirty page without clear_page_dirty_for_io etc (CVE-2016-3070) * migrate: Fix ABI change * net: fix infoleak in llc (CVE-2016-4485) * net: fix infoleak in rtnetlink (CVE-2016-4486) * net: fix a kernel infoleak in x25 module (CVE-2016-4580) * IB/security: Restrict use of the write() interface (CVE-2016-4565) * ppp: take reference on channels netns (CVE-2016-4805) * KEYS: potential uninitialized variable (CVE-2016-4470) [ Salvatore Bonaccorso ] * [x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955) * [x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961) * get_rock_ridge_filename(): handle malformed NM entries (CVE-2016-4913) * fs/pnode.c: treat zero mnt_group_id-s as unequal * propogate_mnt: Handle the first propogated copy being a slave (CVE-2016-4581) * USB: usbfs: fix potential infoleak in devio (CVE-2016-4482) * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (CVE-2016-4569) * ALSA: timer: Fix leak in events via snd_timer_user_ccallback or snd_timer_user_tinterrupt (CVE-2016-4578) * tipc: fix an infoleak in tipc_node_get_links (CVE-2016-5243) * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244) * nfsd: check permissions when setting ACLs (CVE-2016-1237) -- Ben Hutchings <ben(a)decadent.org.uk> Sat, 25 Jun 2016 12:47:15 +0200 --- Modifications pour tzdata --- tzdata (2016e-0+deb8u1) stable; urgency=medium * New upstream version, affecting the following future time stamp: - Africa/Cairo * Update translations from the sid package. -- Aurelien Jarno <aurel32(a)debian.org> Sun, 26 Jun 2016 15:12:06 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron