apticron report [Sat, 27 Jan 2018 22:38:06 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: curl 7.52.1-5+deb9u4 libcurl3 7.52.1-5+deb9u4 libcurl3-gnutls 7.52.1-5+deb9u4 libtiff5 4.0.8-2+deb9u2 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour curl (curl libcurl3 libcurl3-gnutls) --- curl (7.52.1-5+deb9u4) stretch-security; urgency=high * Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005 https://curl.haxx.se/docs/adv_2018-824a.html * Fix HTTP authentication leak in redirects as per CVE-2018-1000007 https://curl.haxx.se/docs/adv_2018-b3bf.html -- Alessandro Ghedini <ghedo(a)debian.org> Tue, 23 Jan 2018 21:56:56 +0000 --- Modifications pour tiff (libtiff5) --- tiff (4.0.8-2+deb9u2) stretch-security; urgency=high * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf (closes: #868513). * Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray() (closes: #872607). * Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec() (closes: #873880). * Fix CVE-2017-13727: reachable assertion abort in TIFFWriteDirectoryTagSubifd() (closes: #873879). * Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory() (closes: #885985). * Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf() function (closes: #866109). -- Laszlo Boszormenyi (GCS) <gcs(a)debian.org> Sat, 30 Dec 2017 20:13:06 +0000 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron