apticron report [Tue, 26 Dec 2017 22:38:09 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libssl1.0.2 1.0.2l-2+deb9u2 linux-image-4.9.0-4-amd64 4.9.65-3+deb9u1 linux-libc-dev 4.9.65-3+deb9u1 rsync 3.1.2-1+deb9u1 sensible-utils 0.0.9+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour linux (linux-image-4.9.0-4-amd64 linux-libc-dev) --- linux (4.9.65-3+deb9u1) stretch-security; urgency=high * dccp: CVE-2017-8824: use-after-free in DCCP code * media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (CVE-2017-16538) * media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (CVE-2017-16538) * media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644) * bpf/verifier: Fix multiple security issues: - adjust insn_aux_data when patching insns - fix branch pruning logic - reject out-of-bounds stack pointer calculation - fix incorrect sign extension in check_alu_op() (CVE-2017-16995) - Fix states_equal() comparison of pointer and UNKNOWN * netfilter: nfnetlink_cthelper: Add missing permission checks (CVE-2017-17448) * netlink: Add netns check on taps (CVE-2017-17449) * netfilter: xt_osf: Add missing permission checks (CVE-2017-17450) * USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558) * net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712) * [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio (CVE-2017-17741) * crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805) * crypto: hmac - require that the underlying hash algorithm is unkeyed (CVE-2017-17806) * KEYS: add missing permission check for request_key() destination (CVE-2017-17807) * [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (CVE-2017-1000407) * bluetooth: Prevent stack info leak from the EFS element. (CVE-2017-1000410) -- Ben Hutchings <ben(a)decadent.org.uk> Sat, 23 Dec 2017 00:39:51 +0000 --- Modifications pour openssl1.0 (libssl1.0.2) --- openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high * CVE-2017-3737 (Read/write after SSL object in error state) * Add a testcase for CVE-2017-3737 * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Wed, 13 Dec 2017 23:09:47 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Enforce trailing \0 when receiving xattr name values (CVE-2017-16548) (Closes: #880954) * Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667) * Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665) * Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434) (Closes: #883665) -- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 10 Dec 2017 13:57:17 +0100 --- Modifications pour sensible-utils --- sensible-utils (0.0.9+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Argument injection in sensible-browser (CVE-2017-17512) Thanks to Gabriel Corona (Closes: #881767) -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 20 Dec 2017 14:39:04 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron