apticron report [Sat, 05 Mar 2016 09:48:22 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: clamav 0.99+dfsg-0+deb8u2 clamav-base 0.99+dfsg-0+deb8u2 clamav-daemon 0.99+dfsg-0+deb8u2 clamav-freshclam 0.99+dfsg-0+deb8u2 clamdscan 0.99+dfsg-0+deb8u2 libclamav7 0.99+dfsg-0+deb8u2 linux-image-3.16.0-4-amd64 3.16.7-ckt20-1+deb8u4 linux-libc-dev 3.16.7-ckt20-1+deb8u4 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour linux (linux-image-3.16.0-4-amd64 linux-libc-dev) --- linux (3.16.7-ckt20-1+deb8u4) jessie-security; urgency=high * fuse: break infinite loop in fuse_fill_write_pages() (CVE-2015-8785) * aufs: Fix regression due to "mm: make sendfile(2) killable" (Closes: #812207) - tiny, extract a new func xino_fwrite_wkq() - XINO handles EINTR from the dying process * [x86] mm: Add barriers and document switch_mm()-vs-flush synchronization (CVE-2016-2069) * [x86] mm: Improve switch_mm() barrier comments * pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312) * iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812) * af_unix: Guard against other == sk in unix_dgram_sendmsg (regression in 3.16.7-ckt20-1+deb8u1) * Revert "workqueue: make sure delayed work run in local cpu" (regression in 3.16.7-ckt20) * ALSA: usb-audio: avoid freeing umidi object twice (CVE-2016-2384) * unix: correctly track in-flight fds in sending process user_struct (regression in 3.16.7-ckt20-1+deb8u3) (CVE-2016-2550) * USB: fix invalid memory access in hub_activate() (CVE-2015-8816) * ALSA: seq: Fix missing NULL check at remove_events ioctl (CVE-2016-2543) * ALSA: seq: Fix race at timer setup and close (CVE-2016-2544) * ALSA: timer: Fix double unlink of active_list (CVE-2016-2545) * ALSA: timer: Fix race among timer ioctls (CVE-2016-2546) * ALSA: timer: Harden slave timer list handling (CVE-2016-2547, CVE-2016-2548) * ALSA: hrtimer: Fix stall by hrtimer_cancel() (CVE-2016-2549) * AIO: properly check iovec sizes -- Ben Hutchings &lt;ben(a)decadent.org.uk&gt; Mon, 29 Feb 2016 00:45:11 +0000 --- Modifications pour clamav (clamav clamav-base clamav-daemon clamav-freshclam clamdscan) --- clamav (0.99+dfsg-0+deb8u2) stable; urgency=medium * Add libclamav-yara-avoid-unaliged-access-to-64bit-variab.patch to get the testsuite passed on sparc. It also seem avoid invalid loads on ARMv5 cpus. -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Mon, 22 Feb 2016 21:12:51 +0100 clamav (0.99+dfsg-0+deb8u1) stable; urgency=medium [ Andreas Cadhalpun ] * Import final release of 0.99 * Drop patches included upstream: - Avoid-emitting-incremental-progress-messages.patch - bb-10731-Allow-to-specificy-a-group-for-the-socket.patch - clamav-milter-add-additinal-SMFIF_-flags.patch - remove-unnecessary-harmful-flags-from-libclamav.pc.patch - hardcode-LLVM-linker-flag.patch * Print all new options in one build attempt. * Preserve new OnAccessMountPath, OnAccessDisableDDD and OnAccessPrevention options in clamd.conf. * Rename libclamav6 to libclamav7 and update symbols file. * Add -Wl,--as-needed to LDFLAGS to avoid useless dependencies. * Remove unused lintian overrides. * Update debian/copyright. * Drop patch numbers, because they cause too much diff noise. * Add patch to support LLVM 3.6. * debian/clamav-milter.postinst.in: Update to reflect the change from examples/clamav-milter.conf to examples/clamav-milter.conf.sample. Thanks to Christian Schrötter. (Closes: #795190) * Use 'grep -a' instead of grep in maintainer scripts. (Closes: #799808) * Restore the SE Linux context when creating /var/lib/ucf/cache. Thanks to Russell Coker for the patch. (Closes: #802311) * Adapt debian/watch to new download location www.clamav.net/download.html. * Prevent the logrotate scripts from aborting if reloading/restarting fails. Thanks to John Zaitseff. (Closes: #788652) * Increase MaxRecursion to the upstream default of 16. (Closes: #787249) * Bump the version for the PidFile removal check in the clamav-daemon and clamav-freshclam postinst scripts (Closes: #767353) * Add database existence check also to clamav-daemon.socket. This works around systemd bug #775458. (Closes: #775112) [ Sebastian Andrzej Siewior ] * suggest libclamunrar7 instead of libclamunrar6 * use T=<timeout> so we can drop unit_tests-increment-test-timeout-from-40secs-to-5mi from the patch queue. * depend on libpcre3-dev, required for YARA support * add new PCRE related options postinst script for clamd * record new symbols in libclamav6.symbols * also remove debian/clamav-freshclam.prerm clean * Remove Fix-compiling-on-Hurd.patch included upstream. * Add patch to allow M suffix for PCREMaxFileSize as the config file suggests that this should be possible. * Cherry pick tfm-fix-compile-errors.patch from tfm upstream. * add a LFS safe fts() implementation from glibc -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Mon, 14 Dec 2015 21:42:04 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron