apticron report [Wed, 04 Apr 2018 23:38:06 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: apache2 2.4.25-3+deb9u4 apache2-bin 2.4.25-3+deb9u4 apache2-data 2.4.25-3+deb9u4 apache2-utils 2.4.25-3+deb9u4 libdatetime-timezone-perl 1:2.09-1+2018d libpam-systemd 232-25+deb9u3 libssl1.0.2 1.0.2l-2+deb9u3 libssl1.1 1.1.0f-3+deb9u2 libssl-dev 1.1.0f-3+deb9u2 libsystemd0 232-25+deb9u3 libudev1 232-25+deb9u3 openssl 1.1.0f-3+deb9u2 systemd 232-25+deb9u3 systemd-sysv 232-25+deb9u3 tzdata 2018d-0+deb9u1 udev 232-25+deb9u3 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour openssl (libssl1.1 libssl-dev openssl) --- openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) * CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC) * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) * Add patches to pass the testsuite: - Fix-a-Proxy-race-condition.patch - Fix-race-condition-in-TLSProxy.patch -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Thu, 29 Mar 2018 12:51:02 +0200 --- Modifications pour openssl1.0 (libssl1.0.2) --- openssl1.0 (1.0.2l-2+deb9u3) stretch-security; urgency=high * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Thu, 29 Mar 2018 13:10:14 +0200 --- Modifications pour apache2 (apache2 apache2-bin apache2-data apache2-utils) --- apache2 (2.4.25-3+deb9u4) stretch-security; urgency=medium * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation -- Stefan Fritsch &lt;sf(a)debian.org&gt; Sat, 31 Mar 2018 10:47:16 +0200 --- Modifications pour libdatetime-timezone-perl --- libdatetime-timezone-perl (1:2.09-1+2018d) stretch; urgency=medium * Update to Olson database version 2018d. This update contains contemporary changes for Palestine and Casey Station. -- gregor herrmann &lt;gregoa(a)debian.org&gt; Fri, 30 Mar 2018 14:41:11 +0200 --- Modifications pour systemd (libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev) --- systemd (232-25+deb9u3) stretch; urgency=medium [ Cyril Brulebois ] * networkd-ndisc: Handle missing mtu gracefully. The previous upload made networkd respect the MTU field in IPv6 RA but unfortunately broke setups where there's no such field. (Closes: #892794) -- Michael Biebl &lt;biebl(a)debian.org&gt; Fri, 23 Mar 2018 13:55:43 +0100 --- Modifications pour tzdata --- tzdata (2018d-0+deb9u1) stretch; urgency=medium * New upstream version. -- Clint Adams &lt;clint(a)debian.org&gt; Mon, 26 Mar 2018 18:43:38 -0400 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron