Rkhunter reports file properties have changed

From the timestamps it looks like you updated several programs built Dec-19th about 7:30.
Modification timestamps should be the build timestamps. It depends on how they get moved into place. Some programs are linked to through /etc/alternatives, and the symbolic links will have the timestamp of the install.This could be an automatic security update.

Check Check your /var/log/apt/history.log file from then. It is likely compressed and rotated, but can be read with zless. If you use aptitude to do your updates, check its log/var/log/aptitude.log`. Many packages have md5sums that can be used to verify that the files they contain haven't been modified. It is safest to run statically linked tools from a read-only media which contains the comparison checksums. However, if you don't think the md5 toolchain is compromised you can use the local files.

Programs like rkhunter usually require a switch to enable updating their database of checksums. You may want to run the program before running updates, and then again after the updates with the switch to capture the changed hash codes.