16 matches found
Debian DLA-478-1 : squid3 security update
Several security issues have been discovered in the Squid caching proxy. CVE-2016-4051 CESG and Yuriy M. Kaminskiy discovered that Squid cachemgr.cgi was vulnerable to a buffer overflow when processing remotely supplied inputs relayed through Squid. CVE-2016-4052 CESG discovered that a buffer...
[SECURITY] [DLA 434-1] gtk+2.0 security update
Package : gtk+2.0 Version : 2.20.1-2+deb6u2 CVE ID : CVE-2015-4491 CVE-2015-7673 CVE-2015-7674 Gustavo Grieco discovered different security issues in Gtk+2.0s gdk-pixbuf. CVE-2015-4491 Heap overflow when processing BMP images which may allow to execute of arbitrary code via malformed images...
[SECURITY] [DLA 415-1] cpio security update
Package : cpio Version : 2.11-4+deb6u2 CVE ID : CVE-2016-2037 Debian Bug : 812401 An out-of-bounds write was discovered in the parsing of cpio files. For Debian 6 "Squeeze", this issue has been fixed in cpio version 2.11-4+deb6u2. We recommend you to upgrade your cpio package. Learn more about th...
[SECURITY] [DLA 411-1] eglibc security update
Package : eglibc Version : eglibc2.11.3-4+deb6u9 CVE ID : CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc: CVE-2014-9761 The maths nan function wrongly handled payload strings, yielding to an unbounded stack...
[SECURITY] [DLA 409-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.47-0+deb6u1 CVE ID : CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 Debian Bug : 811428 Several issues have been found in the MySQL database server. These issues have bee...
[SECURITY] [DLA 405-1] tiff security update
Package : tiff Version : 3.9.4-5+squeeze14 CVE ID : CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 Debian Bug : Several security flaws have been found and solved in libtiff, a library that provides support for handling Tag Image File Format TIFF. These flaws concern out of bounds reads a...
[SECURITY] [DLA 402-1] tiff security update
Package : tiff Version : 3.9.4-5+squeeze13 CVE ID : CVE-2015-8665 CVE-2015-8683 Debian Bug : 809021 808968 Two security flaws have been found and solved in libtiff, library that provides support for handling Tag Image File Format TIFF. These flaws concern out of bounds reads in the TIFFRGBAImage...
Debian DLA-364-1 : gnutls26 security update
Hanno Bck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. For Debian 6 'Squeeze', this issue has been fixed in gnutls...
Debian DLA-346-1 : openjdk-6 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. These vulnerabilities relate to execution of arbitrary code, breakouts of the Java sandbox, information disclosure and denial of service. For Debian 6 'Squeeze', these problems have been fixed ...
[SECURITY] [DLA 346-1] openjdk-6 security update
Package : openjdk-6 Version : 6b37-1.13.9-1deb6u1 CVE ID : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 Several...
[SECURITY] [DLA 342-1] openafs security update
Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when...
Debian DLA-319-1 : freetype security update
Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial of Service when specially crafted font files were used. For Debian 6 'Squeeze', these issues have been fixed in freetype versio...
[SECURITY] [DLA 319-1] freetype security update
Package : freetype Version : 2.4.2-2.1+squeeze6 CVE ID : CVE-2014-9745 CVE-2014-9746 CVE-2014-9747 Debian Bug : 798619 798620 Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial o...
[SECURITY] [DLA 314-1] cups security update
Package : cups Version : 1.4.4-7+squeeze10 CVE ID : CVE-2015-3258 CVE-2015-3279 Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote...
Debian DLA-306-1 : libvdpau security update
Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges. For Debian 6 'Squeeze', these problems have been fixed in libvdpau version 0.4.1-2+deb6u1. See D...
[SECURITY] [DLA 308-1] bind9 security update
Package : bind9 Version : 1:9.7.3.dfsg-1squeeze17 CVE ID : CVE-2015-5722 Hanno Böck from the Fuzzing Project discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service. For Debian 6 “Squeeze”, this issue has been fixed in bind9 version...