Debian 10260 Published by

The following two updates are available for Debian 6 LTS:

[DLA 153-1] e2fsprogs security update
[DLA 154-1] nss security update



[DLA 153-1] e2fsprogs security update

Package : e2fsprogs
Version : 1.41.12-4+deb6u1
CVE ID : CVE-2015-0247

A broken (or maliciously crafted) file system could trigger a buffer
overflow in e2fsprogs.

This update has been prepared by Nguyen Cong.

[DLA 154-1] nss security update

Package : nss
Version : 3.12.8-1+squeeze11
CVE ID : CVE-2011-3389 CVE-2014-1569
Debian Bug : 773625

nss 3.12.8-1+squeeze11 fixes two security issues:

CVE-2011-3389

SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen
plaintext attacks which allowed man-in-the middle attackers to obtain
plaintext HTTP headers on an HTTPS session. This issue is known as
the "BEAST" attack.

CVE-2014-1569

Possible information leak with too-permissive ASN.1 DER decoding of
length.