6 Jan
2018
6 Jan
'18
22:38
apticron report [Sat, 06 Jan 2018 22:38:06 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
quigon.federez.net
[ 160.228.155.65 ]
The following packages are currently pending an upgrade:
imagemagick 8:6.9.7.4+dfsg-11+deb9u4
imagemagick-6-common 8:6.9.7.4+dfsg-11+deb9u4
imagemagick-6.q16 8:6.9.7.4+dfsg-11+deb9u4
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-11+deb9u4
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-11+deb9u4
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-11+deb9u4
libssl1.0.2 1.0.2l-2+deb9u2
linux-image-4.9.0-4-amd64 4.9.65-3+deb9u1
linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2
linux-image-amd64 4.9+80+deb9u3
linux-libc-dev 4.9.65-3+deb9u2
rsync 3.1.2-1+deb9u1
sensible-utils 0.0.9+deb9u1
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour linux (linux-image-4.9.0-4-amd64 linux-libc-dev) ---
linux (4.9.65-3+deb9u2) stretch-security; urgency=high
* x86: setup PCID, preparation work for KPTI.
- x86/mm/64: Fix reboot interaction with CR4.PCIDE
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Disable PCID on 32-bit kernels
- x86/mm: Enable CR4.PCIDE on supported systems
* [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
(CVE-2017-5754)
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- kaiser: align addition to x86/mm/Makefile
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: cleanups while trying for gold link
- kaiser: delete KAISER_REAL_SWITCH option
- kaiser: disabled on Xen PV
- kaiser: do not set _PAGE_NX on pgd_none
- kaiser: drop is_atomic arg to kaiser_pagetable_walk()
- kaiser: enhanced by kernel and user PCIDs
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL
- kaiser: fix build and FIXME in alloc_ldt_struct()
- kaiser: fix perf crashes
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
- kaiser: fix unlikely error in alloc_ldt_struct()
- kaiser: KAISER depends on SMP
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- kaiser: kaiser_remove_mapping() move along the pgd
- KAISER: Kernel Address Isolation
- x86_64: KAISER - do not map kernel in user mode
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
- kaiser: merged update
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
- kaiser: paranoid_entry pass cr3 need to paranoid_exit
- kaiser: PCID 0 for kernel and 128 for user
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
- kaiser: tidied up asm/kaiser.h somewhat
- kaiser: tidied up kaiser_add/remove_mapping slightly
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
- KPTI: Rename to PAGE_TABLE_ISOLATION
- KPTI: Report when enabled
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Check boottime cmdline params
- x86/kaiser: Move feature detection up
- x86/kaiser: Reenable PARAVIRT
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/paravirt: Dont patch flush_tlb_single
* Bump ABI to 5.
-- Yves-Alexis Perez <corsac(a)debian.org> Thu, 04 Jan 2018 12:12:40 +0100
linux (4.9.65-3+deb9u1) stretch-security; urgency=high
* dccp: CVE-2017-8824: use-after-free in DCCP code
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* bpf/verifier: Fix multiple security issues:
- adjust insn_aux_data when patching insns
- fix branch pruning logic
- reject out-of-bounds stack pointer calculation
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- Fix states_equal() comparison of pointer and UNKNOWN
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
* KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
* [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
-- Ben Hutchings <ben(a)decadent.org.uk> Sat, 23 Dec 2017 00:39:51 +0000
--- Modifications pour linux-latest (linux-image-amd64) ---
linux-latest (80+deb9u3) stretch-security; urgency=high
* Update to 4.9.0-5
-- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 04 Jan 2018 12:57:17 +0100
--- Modifications pour openssl1.0 (libssl1.0.2) ---
openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high
* CVE-2017-3737 (Read/write after SSL object in error state)
* Add a testcase for CVE-2017-3737
* CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
-- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Wed, 13 Dec 2017 23:09:47
+0100
--- Modifications pour rsync ---
rsync (3.1.2-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Enforce trailing \0 when receiving xattr name values (CVE-2017-16548)
(Closes: #880954)
* Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667)
* Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665)
* Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434)
(Closes: #883665)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 10 Dec 2017 13:57:17 +0100
--- Modifications pour sensible-utils ---
sensible-utils (0.0.9+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Argument injection in sensible-browser (CVE-2017-17512)
Thanks to Gabriel Corona (Closes: #881767)
-- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 20 Dec 2017 14:39:04 +0100
--- Modifications pour imagemagick (imagemagick imagemagick-6-common imagemagick-6.q16
libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3) ---
imagemagick (8:6.9.7.4+dfsg-11+deb9u4) stretch-security; urgency=medium
* CVE-2017-12877 (Closes: #872373)
* CVE-2017-16546 (Closes: #881392)
* CVE-2017-17499
* CVE-2017-17504
* CVE-2017-17879 (Closes: #885125)
-- Moritz Muehlenhoff <jmm(a)debian.org> Tue, 26 Dec 2017 12:24:39 +0000
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on quigon.federez.net
--
apticron
Afficher les réponses par date
2775
jours sans activité
2775
depuis la dernière activité
0 commentaires
1 participants
participants (1)
-
root@quigon.federez.net