apticron report [Thu, 25 May 2017 00:38:21 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libjbig2dec0 0.13-4~deb8u2 libtasn1-6 4.2-3+deb8u3 login 1:4.2-3+deb8u4 passwd 1:4.2-3+deb8u4 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour jbig2dec (libjbig2dec0) --- jbig2dec (0.13-4~deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Prevent integer overflow vulnerability (CVE-2017-7885) (Closes: #860460) * Prevent SEGV due to integer overflow (CVE-2017-7975) (Closes: #860788) * Bounds check before reading from image source data (CVE-2017-7976) (Closes: #860787) -- Salvatore Bonaccorso <carnil(a)debian.org> Tue, 16 May 2017 22:35:00 +0200 --- Modifications pour libtasn1-6 --- libtasn1-6 (4.2-3+deb8u3) jessie-security; urgency=high * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-6891 (Closes: #863186) two errors in the "asn1_find_node()" function (lib/parser_aux.c) can be exploited to cause a stacked-based buffer overflow. -- Thorsten Alteholz <debian(a)alteholz.de> Tue, 23 May 2017 19:01:02 +0200 --- Modifications pour shadow (login passwd) --- shadow (1:4.2-3+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Reset pid_child only if waitpid was successful. This is a regression fix for CVE-2017-2616. If su receives a signal like SIGTERM, it is not propagated to the child. (Closes: #862806) -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 17 May 2017 12:58:54 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron