apticron report [Wed, 14 Aug 2019 13:49:11 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: linux-libc-dev 4.9.168-1+deb9u5 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour linux (linux-libc-dev) --- linux (4.9.168-1+deb9u5) stretch-security; urgency=high * [amd64] Add mitigation for Spectre v1 swapgs (CVE-2019-1125): - cpufeatures: Sort feature word 7 - speculation: Prepare entry code for Spectre v1 swapgs mitigations - speculation: Enable Spectre v1 swapgs mitigations - entry: Use JMP instead of JMPQ - speculation/swapgs: Exclude ATOMs from speculation through SWAPGS * [x86] xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) - Add Breaks relation to incompatible qemu-system-x86 versions * ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt * percpu: stop printing kernel addresses (CVE-2018-5995) * scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) * block: blk_init_allocated_queue() set q->fq as NULL in the fail case (CVE-2018-20856) * vfio/type1: Limit DMA mappings per container (CVE-2019-3882) * Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207) * siphash: add cryptographically secure PRF * inet: switch IP ID generator to siphash (CVE-2019-10638, CVE-2019-10639) * Input: gtco - bounds check collection indent level (CVE-2019-13631) * [ppc64el] tm: Fix oops on sigreturn on systems without TM (CVE-2019-13648) * floppy: fix div-by-zero in setup_format_params (CVE-2019-14284) * floppy: fix out-of-bounds read in next_valid_format * floppy: fix invalid pointer dereference in drive_name * floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283) * inet: Avoid ABI change for IP ID hash change * vhost: Fix possible infinite loop (CVE-2019-3900): - vhost-net: set packet weight of tx polling to 2 * vq size - vhost_net: use packet weight for rx handler, too - vhost_net: introduce vhost_exceeds_weight() - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop - vhost: scsi: add weight support * vhost: Ignore ABI changes * netfilter: ctnetlink: don't use conntrack/expect object addresses as id * xen: let alloc_xenballooned_pages() fail if not enough memory free * tcp: Clear sk_send_head after purging the write queue -- Ben Hutchings <ben(a)decadent.org.uk> Sun, 11 Aug 2019 15:53:40 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron