[SECURITY] [DSA 3377-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3377-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 333-1] cakephp security update

Package : cakephp Version : 1.3.2-1.1+deb6u11 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF Server Side Request Forgery attacks. Remote attacker can utilize it for at least DoS Denial of Service attacks, if the target application accepts XML as an input. It is...

[SECURITY] [DLA 332-1] optipng security update

Package : optipng Version : 0.6.4-1+deb6u11 CVE ID : CVE-2015-7801 Gustavo Grieco discovered a use-after-free causing an invalid/double free in optipng 0.6.4. For Debian 6 Squeeze, this issue has been fixed in optipng version 0.6.4-1+deb6u11. Regards, - - -- ,. : : : Chris Lamb . [email protected]...

[SECURITY] [DLA 331-1] polarssl security update

Package : polarssl Version : 1.2.9-1deb6u5 CVE ID : CVE-2015-5291 A flaw was found in PolarSSl and mbed TLS: When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two...

[SECURITY] [DLA 330-1] unzip security update

Package : unzip Version : 6.0-4+deb6u3 CVE ID : CVE-2015-7696 CVE-2015-7697 Debian Bug : 802160 802162 Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives. For the Debian 6 squeeze,...

[SECURITY] [DSA 3376-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3376-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3375-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3374-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3374-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3374-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3374-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA-329-1] postgresql-8.4 update

Package : postgresql-8.4 Version : 8.4.22lts5-0+deb6u1 Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to the 9.0.22...

[SECURITY] [DLA 328-1] tzdata new upstream version

Package : tzdata Version : 2015g-0+deb6u1 Upstream published version 2015g, with changes to the following timezones compared to the current version in squeeze-lts: - Fiji - Fort Nelson, British Columbia - Morroco - Norfolk Island - North Korea - Turkey - Uruguay...

[SECURITY] [DLA 327-1] freeimage security update

Package : freeimage Version : 3.10.0-4+deb6u1 CVE ID : CVE-2015-0852 Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service heap memory corruption via vectors related to the height and width of a window...

[SECURITY] [DSA 3373-1] owncloud security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3373-1] owncloud security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 326-1] zendframework security update

Package : zendframework Version : 1.10.6-1squeeze6 CVE ID : CVE-2015-7695 The PDO adapters of Zend Framework 1 did not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte,...

[SECURITY] [DSA 3372-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3372-1 [email protected] https://www.debian.org/security/ Ben Hutchings October 13, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3372-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3372-1 [email protected] https://www.debian.org/security/ Ben Hutchings October 13, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 325-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze16 CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-7613 This update fixes the CVEs described below. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be...

[SECURITY] [DSA 3371-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3371-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 09, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3371-1] spice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3371-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 09, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3370-1] freetype security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3370-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3369-1] zendframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 324-1] binutils security update

Package : binutils Version : 2.20.1-16+deb6u2 CVE ID : CVE-2012-3509 Debian Bug : 688951 This update fixes several issues as described below. PR ld/12613 no CVE assigned Niranjan Hasabnis discovered that passing an malformed linker script to GNU ld, part of binutils, may result in a stack buffer...

[SECURITY] [DLA 323-1] fuseiso security update

Package : fuseiso Version : 20070708-2+deb6u1 Debian Bug : 779047 The following two issues have recently been fixed in Debian LTS squeeze for the fuseiso package. Issue 1 An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO...

[SECURITY] [DLA 322-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...

[SECURITY] [DLA 321-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb6u8 CVE ID : CVE-2015-5714 CVE-2015-5715 Debian Bug : 799140 Various security issue have been fixed in the Debian LTS squeeze version of the Wordpress content management system. CVE-2015-5714 A cross-site scripting vulnerability when processing shortco...

[SECURITY] [DLA 319-1] freetype security update

Package : freetype Version : 2.4.2-2.1+squeeze6 CVE ID : CVE-2014-9745 CVE-2014-9746 CVE-2014-9747 Debian Bug : 798619 798620 Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial o...

[SECURITY] [DLA 320-1] libemail-address-perl security update

Package : libemail-address-perl Version : 1.889-2+deb6u2 Pali Rohár discovered 1 a possible DoS attack in any software which uses the Email::Address Perl module for parsing string input to a list of email addresses. By default Email::Address module, version v1.907 and all before tries to understa...

[SECURITY] [DLA 288-2] openssh regression update

Package : openssh Version : 1:5.5p1-6+squeeze7 CVE ID : CVE-2015-5600 In Debian LTS squeeze, the fix for CVE-2015-56001 in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that. The patch fixing...

[SECURITY] [DLA 318-1] flightgear security update

Package : flightgear Version : 1.9.1-1.1 Debian Bug : 780712 It was discovered that flightgear, a Flight Gear Flight Simulator game, did not perform adequate filesystem validation checks in its fgValidatePath routine. Regards, - -- ,. : : : Chris Lamb . [email protected] / chris-lamb.co.uk -...

[SECURITY] [DLA 313-1] virtualbox-ose security update

Package : virtualbox-ose Version : 3.2.28-dfsg-1+squeeze1 CVE ID : CVE-2013-3792 CVE-2014-2486 CVE-2014-2488 CVE-2014-2489 CVE-2015-2594 Bugs : 715327 754939 792446 The latest maintenance release of the VirtualBox OSE 3.2.x series i.e., version 3.2.28 has been uploaded to Debian LTS squeeze. Than...

[SECURITY] [DLA 317-1] vorbis-tools security update

Package : vorbis-tools Version : 1.4.0-1+deb6u1 CVE ID : CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 Debian Bug : 771363 797461 776086 Various issues have been fixed in Debian LTS squeeze for package vorbis-tools. CVE-2014-9638 A crafted WAV file with number of channels set to 0 will...

[SECURITY] [DLA 316-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u7 CVE ID : CVE-2014-8121 Bug-Reference : 779587 Several vulnerabilities have been discovered in eglibc that may lead to a privilege escalation or denial of service. Glibc pointer guarding weakness A weakness in the dynamic loader prior has been found. The...

[SECURITY] [DLA 315-1] nss security update

Package : nss Version : 3.12.8-1+squeeze12 CVE ID : CVE-2015-2721 CVE-2015-2730 Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargava...

[SECURITY] [DSA 3368-1] cyrus-sasl2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3368-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3368-1] cyrus-sasl2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3368-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3367-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3367-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 24, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 314-1] cups security update

Package : cups Version : 1.4.4-7+squeeze10 CVE ID : CVE-2015-3258 CVE-2015-3279 Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote...

[SECURITY] [DSA 3366-1] rpcbind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3366-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3366-1] rpcbind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3366-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3365-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 310-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze14 CVE ID : CVE-2015-0272 CVE-2015-5156 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5707 CVE-2015-6937 This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values...

[SECURITY] [DSA 3364-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3364-1 [email protected] https://www.debian.org/security/ Ben Hutchings September 21, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3364-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3364-1 [email protected] https://www.debian.org/security/ Ben Hutchings September 21, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DLA 312-1] libtorrent-rasterbar security update

Package : libtorrent-rasterbar Version : 0.14.10-2+deb6u1 CVE ID : CVE-2015-5685 Debian Bug : 797046 The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." Note while this CV...

[SECURITY] [DLA 311-1] rpcbind security update

Package : rpcbind Version : 0.2.0-4.1+deb6u1 CVE ID : CVE-2015-7236 A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svcdodestroy when trying to free a corrupted xprt-xpnetid pointer, which contains a sockaddrin...

[SECURITY] [DSA 3363-1] owncloud-client security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3363-1 [email protected] https://www.debian.org/security/ Luciano Bello September 20, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3363-1] owncloud-client security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3363-1 [email protected] https://www.debian.org/security/ Luciano Bello September 20, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3362-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3362-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015 https://www.debian.org/security/faq -...