[SECURITY] [DSA 3415-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3415-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 09, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3414-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3414-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 365-1] foomatic-filters security update

Package : foomatic-filters Version : 4.0.5-6+squeeze2+deb6u11 CVE ID : CVE-2015-8327 Debian Bug : 806886 It was discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printers native format. For Debia...

[SECURITY] [DLA 364-1] gnutls26 security update

Package : gnutls26 Version : 2.8.6-1+squeeze6 CVE ID : CVE-2015-8313 Hanno Böck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding orac...

[SECURITY] [DLA 363-1] libphp-phpmailer security update

Package : libphp-phpmailer Version : 5.1-1+deb6u11 CVE ID : CVE-2015-8476 Debian Bug : 807265 It was discovered that there was a header injection vulnerability in libphp-phpmailer, am email transfer library for PHP. For Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer version...

[SECURITY] [DLA 362-1] dhcpcd security update

Package : dhcpcd Version : 1:3.2.3-5+squeeze2 CVE ID : CVE-2012-6698 CVE-2012-6699 CVE-2012-6700 Guido Vranken discovered several memory-related vulnerabilities while fuzzing DHCP messages sent to dhcpcd. For Debian 6 “Squeeze”, those issues have been fixed in version 1:3.2.3-5+squeeze2...

[SECURITY] [DLA 360-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze17 CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324 This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid...

[SECURITY] [DLA 361-1] bouncycastle security update

Package : bouncycastle Version : 1.44+dfsg-2+deb6u1 CVE ID : CVE-2015-7940 Debian Bug : 802671 The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic...

[SECURITY] [DSA 3413-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 04, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3413-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3413-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 04, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 358-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze22 CVE ID : CVE-2015-3195 When presented with a malformed X509ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TLS ...

[SECURITY] [DSA 3412-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3412-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 03, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3412-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3412-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 03, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3411-1] cups-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3411-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 02, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3410-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3410-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3409-1] putty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3409-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3409-1] putty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3409-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3408-1] gnutls26 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3408-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3408-1] gnutls26 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3408-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 357-1] libphp-snoopy security update

Package : libphp-snoopy Version : 2.0.0-1deb6u1 CVE ID : CVE-2008-7313 CVE-2014-5008 Debian Bug : 778634 It was discovered that missing input sanitizing in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands. For the oldoldstable distribution...

[SECURITY] [DLA 356-1] libsndfile security update

Package : libsndfile Version : 1.0.21-3+squeeze2 CVE ID : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 Debian Bug : 774162 804445 804447 CVE-2014-9496 The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc...

[SECURITY] [DLA 355-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze15 CVE ID : CVE-2015-8241 CVE-2015-8317 Debian Bug : 806384 CVE-2015-8241 Buffer overread with XML parser in xmlNextChar CVE-2015-8317 - issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the...

[SECURITY] [DLA 354-1] nss security update

Package : nss Version : 3.12.8-1+squeeze13 CVE ID : CVE-2015-7181 CVE-2015-7182 Debian Bug : Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7181 The...

[SECURITY] [DLA 353-1] imagemagick security update

Package : imagemagick Version : 8:6.6.0.4-3+squeeze7 Debian Bug : 806441 Submitting specially crafted icons .ico or .pict images to ImageMagick can trigger integer overflows that can lead to buffer overflows and memory allocations issues. Depending on the case, this can lead to a denial of servic...

[SECURITY] [DLA 348-1] smokeping security update

...

[SECURITY] [DLA 352-1] libcommons-collections3-java security update

Package : libcommons-collections3-java Version : 3.2.1-4+deb6u1 The Apache commons collection suffered from security issues, making applications to accept serialized objects from untrusted sources. Remote attackers might take advantage of these issues to execute arbitrary Java functions and even...

[SECURITY] [DSA 3407-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3407-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 26, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3407-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3407-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 26, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 350-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u8 CVE ID : not assigned yet Debian Bug : 803927 The strxfrm function is vulnerable to integer overflows when computing memory allocation sizes similar to CVE-2012-4412. Furthermore since it fallbacks to use alloca when malloc fails, it is vulnerable to...

[SECURITY] [DLA 351-1] redmine security update

Package : redmine Version : 1.0.1-2+deb6u11 CVE ID : CVE-2015-8346 It was discovered that there was a data disclosure vulnerability in Redmine, a web-based bug and project management tool. The time logging form could disclose subjects of issues that are not visible/public. Patch by Holger Just. F...

[SECURITY] [DSA 3406-1] nspr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3406-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 349-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze15 CVE ID : CVE-2015-8213 It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to...

[SECURITY] [DSA 3405-1] smokeping security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3404-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3404-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3404-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3404-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 347-1] putty security update

Package : putty Version : 0.60+2010-02-20-1+squeeze4 CVE ID : CVE-2015-5309 It was discovered that PuTTYs terminal emulator did not properly validate the parameter to the ECH erase characters control sequence, allowing a denial of service and possibly remote code execution...

[SECURITY] [DSA 3403-1] libcommons-collections3-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 24, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3402-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3402-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3402-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3402-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 346-1] openjdk-6 security update

Package : openjdk-6 Version : 6b37-1.13.9-1deb6u1 CVE ID : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 Several...

[SECURITY] [DSA 3401-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3401-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 22, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 344-1] nspr security update

Package : nspr Version : 4.8.6-1+squeeze3 CVE ID : CVE-2015-7183 Google security engineer Ryan Sleevi found a vulnerability in the NetScape Portable Runtime Library NSPR. NSPR allocated memory without specific checks, making it possible for remote attackers to cause a Denial of Service or execute...

[SECURITY] [DSA 3400-1] lxc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3400-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3400-1] lxc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3400-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 345-1] strongswan security update

Package : strongswan Version : 4.4.1-5.8 CVE ID : CVE-2015-8023 Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be...

[SECURITY] [DSA 3399-1] libpng security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3399-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3399-1] libpng security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3399-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 342-1] openafs security update

Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when...

[SECURITY] [DLA 343-1] libpng security update

Package : libpng Version : 1.2.44-1+squeeze5 CVE ID : CVE-2012-3425 CVE-2015-7981 CVE-2015-8126 CVE-2015-7981 Added a safety check in pngsettIME Bug report from Qixue Xiao. CVE-2015-8126 Multiple buffer overflows in the 1 pngsetPLTE and 2 pnggetPLTE functions in libpng before 1.0.64, 1.1.x and...

[SECURITY] [DSA 3398-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3398-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 16, 2015 https://www.debian.org/security/faq -...