apticron report [Mon, 26 Jun 2017 01:38:16 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: apache2 2.4.25-3+deb9u1 apache2-bin 2.4.25-3+deb9u1 apache2-data 2.4.25-3+deb9u1 apache2-utils 2.4.25-3+deb9u1 libexpat1 2.2.0-2+deb9u1 libexpat1-dev 2.2.0-2+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour apache2 (apache2 apache2-bin apache2-data apache2-utils) --- apache2 (2.4.25-3+deb9u1) stretch-security; urgency=high * Backport security fixes from 2.4.26: * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw() * CVE-2017-3169: mod_ssl NULL pointer dereference * CVE-2017-7668: Buffer overrun in ap_find_token() * CVE-2017-7679: mod_mime buffer overread * CVE-2017-7659: mod_http2 NULL pointer dereference -- Stefan Fritsch <sf(a)debian.org> Tue, 20 Jun 2017 21:29:11 +0200 --- Modifications pour expat (libexpat1 libexpat1-dev) --- expat (2.2.0-2+deb9u1) stretch-security; urgency=high * Replace the Mozilla CVE-2016-9063 fix with the more complete, upstream one. * Fix CVE-2017-9233: external entity infinite loop DoS. -- Laszlo Boszormenyi (GCS) <gcs(a)debian.org> Sat, 17 Jun 2017 21:31:56 +0000 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron