apticron report [Thu, 19 Mar 2015 09:48:16 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: file 5.11-2+deb7u8 libapache2-mod-php5 5.4.38-0+deb7u1 libmagic1 5.11-2+deb7u8 php5-cli 5.4.38-0+deb7u1 php5-common 5.4.38-0+deb7u1 php5-gd 5.4.38-0+deb7u1 php5-ldap 5.4.38-0+deb7u1 php5-mysql 5.4.38-0+deb7u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour file (file libmagic1) --- file (5.11-2+deb7u8) wheezy-security; urgency=high * Fix partial reads in readelf.c [CVE-2014-9653]. Closes: #777585 -- Christoph Biedl <debian.axhn(a)manchmal.in-ulm.de> Sun, 15 Feb 2015 19:00:38 +0100 --- Modifications pour php5 (libapache2-mod-php5 php5-cli php5-common php5-gd php5-ldap php5-mysql) --- php5 (5.4.38-0+deb7u1) wheezy-security; urgency=high * New upstream version 5.4.38 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. . Added NULL byte protection to exec, system and passthru. . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support). . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). - SOAP: . Fixed bug #67427 (SoapServer cannot handle large messages) * Update patches for 5.4.38 release * Pull patch from DragonFly BSD Project to limit the pattern space to avoid a 32-bit overflow in Henry Spencer regular expressions (regex) library (Closes: #778389) * Drop PHP use system libs crypt patch, it has been broken and it's not strictly needed -- Ondřej Surý <ondrej(a)debian.org> Fri, 20 Feb 2015 11:41:40 +0100 php5 (5.4.37-0+deb7u1) wheezy-security; urgency=high * New upstream version 5.4.37 + Core: - Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()) (CVE-2015-0231). + CGI: - Fixed bug #68618 (out of bounds read crashes php-cgi) (CVE-2014-9427). + EXIF: - Fixed bug #68799 (Free called on unitialized pointer) (CVE-2015-0232). + Fileinfo: - Removed readelf.c and related code from libmagic sources. - Fixed bug #68735 (fileinfo out-of-bounds memory access). + OpenSSL: - Fixed bug #55618 (use case-insensitive cert name matching). * Remove bugfixes that got merged into 5.4.37 release -- Ondřej Surý <ondrej(a)debian.org> Mon, 26 Jan 2015 11:09:42 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron