apticron report [Wed, 10 Apr 2019 19:46:18 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libpam-systemd 232-25+deb9u11 libsystemd0 232-25+deb9u11 libudev1 232-25+deb9u11 systemd 232-25+deb9u11 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour systemd (libpam-systemd libsystemd0 libudev1 systemd) --- systemd (232-25+deb9u11) stretch-security; urgency=high * pam-systemd: use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) -- Michael Biebl <biebl(a)debian.org> Mon, 08 Apr 2019 12:51:41 +0200 systemd (232-25+deb9u10) stretch; urgency=medium * journald: fix assertion failure on journal_file_link_data (Closes: #916880) * tmpfiles: fix "e" to support shell style globs (Closes: #918400) * mount-util: accept that name_to_handle_at() might fail with EPERM. Container managers frequently block name_to_handle_at(), returning EACCES or EPERM when this is issued. Accept that, and simply fall back to fdinfo-based checks. (Closes: #917122) * automount: ack automount requests even when already mounted. Fixes a race condition in systemd which could result in automount requests not being serviced and processes using them to hang, causing denial of service. (CVE-2018-1049) * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) Fixes improper serialization on upgrade which can influence systemd execution environment and lead to root privilege escalation. (CVE-2018-15686, Closes: #912005) -- Michael Biebl <biebl(a)debian.org> Sun, 10 Mar 2019 15:52:46 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron