apticron report [Sat, 13 Apr 2019 18:49:17 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libssh2-1 1.7.0-1+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libssh2 (libssh2-1) --- libssh2 (1.7.0-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Possible integer overflow in transport read allows out-of-bounds write (CVE-2019-3855) (Closes: #924965) * Possible integer overflow in keyboard interactive handling allows out-of-bounds write (CVE-2019-3856) (Closes: #924965) * Possible integer overflow leading to zero-byte allocation and out-of-bounds write (CVE-2019-3857) (Closes: #924965) * Possible zero-byte allocation leading to an out-of-bounds read (CVE-2019-3858) (Closes: #924965) * Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859) (Closes: #924965) * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860) (Closes: #924965) * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) (Closes: #924965) * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965) * Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) (Closes: #924965) * Fixed misapplied patch for user auth. * moved MAX size declarations -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 04 Apr 2019 23:32:50 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron