apticron report [Tue, 02 Oct 2018 22:38:19 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libarchive-zip-perl 1.59-1+deb9u1 libpython2.7 2.7.13-2+deb9u3 libpython2.7-dev 2.7.13-2+deb9u3 libpython2.7-minimal 2.7.13-2+deb9u3 libpython2.7-stdlib 2.7.13-2+deb9u3 libpython3.5 3.5.3-1+deb9u1 libpython3.5-minimal 3.5.3-1+deb9u1 libpython3.5-stdlib 3.5.3-1+deb9u1 linux-image-4.9.0-8-amd64 4.9.110-3+deb9u5 linux-libc-dev 4.9.110-3+deb9u5 python2.7 2.7.13-2+deb9u3 python2.7-dev 2.7.13-2+deb9u3 python2.7-minimal 2.7.13-2+deb9u3 python3.5 3.5.3-1+deb9u1 python3.5-minimal 3.5.3-1+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libarchive-zip-perl --- libarchive-zip-perl (1.59-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Prevent from traversing symlinks and parent directories when extracting (CVE-2018-10860) (Closes: #902882) * Extract test files needed for t/25_traversal.t test. Add zip files to debian/t/data directory and add them to debian/sorce/include-binaries to include those in the debian tarball. Add an override for dh_auto_test to copy debian/t/data/*.zip testfiles to test directory prior to running the testsuite. Clean test files needed for t/25_traversal.t in dh_clean -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 21 Sep 2018 17:17:23 +0200 --- Modifications pour linux (linux-image-4.9.0-8-amd64 linux-libc-dev) --- linux (4.9.110-3+deb9u5) stretch-security; urgency=high [ Salvatore Bonaccorso ] * irda: Fix memory leak caused by repeated binds of irda socket (CVE-2018-6554) * irda: Only insert new objects into the global database via setsockopt (CVE-2018-6555) * mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) * floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (CVE-2018-7755) * Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) * ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) * scsi: target: iscsi: Use hex2bin instead of a re-implementation (CVE-2018-14633) * [x86] entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678) * infiniband: fix a possible use-after-free bug (CVE-2018-14734) * [x86] speculation: Protect against userspace-userspace spectreRSB (CVE-2018-15572) * [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) [ Ben Hutchings ] * mm: Avoid ABI change for CVE-2018-17182 fix * HID: debug: check length before copy_to_user() (CVE-2018-9516) * Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) * f2fs: fix to do sanity check with reserved blkaddr of inline inode (CVE-2018-13099) * btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (CVE-2018-14609) * hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617) * USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) * cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658) -- Ben Hutchings <ben(a)decadent.org.uk> Sun, 30 Sep 2018 17:37:51 +0100 --- Modifications pour python2.7 (libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib python2.7 python2.7-dev python2.7-minimal) --- python2.7 (2.7.13-2+deb9u3) stretch-security; urgency=medium * CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647 -- Moritz Mühlenhoff <jmm(a)debian.org> Wed, 26 Sep 2018 20:42:22 +0200 --- Modifications pour python3.5 (libpython3.5 libpython3.5-minimal libpython3.5-stdlib python3.5 python3.5-minimal) --- python3.5 (3.5.3-1+deb9u1) stretch-security; urgency=medium * CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 -- Moritz Mühlenhoff <jmm(a)debian.org> Thu, 27 Sep 2018 19:25:39 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron