apticron report [Sun, 17 Dec 2017 22:38:10 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libssl1.0.2 1.0.2l-2+deb9u2 rsync 3.1.2-1+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour openssl1.0 (libssl1.0.2) --- openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high * CVE-2017-3737 (Read/write after SSL object in error state) * Add a testcase for CVE-2017-3737 * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Wed, 13 Dec 2017 23:09:47 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Enforce trailing \0 when receiving xattr name values (CVE-2017-16548) (Closes: #880954) * Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667) * Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665) * Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434) (Closes: #883665) -- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 10 Dec 2017 13:57:17 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron