The following updates has been released for Debian 6 LTS:
[DLA 388-1] dwarfutils security update
[DLA 389-1] giflib security update
[DLA 390-1] dbconfig-common security update
[DLA 388-1] dwarfutils security update
[DLA 389-1] giflib security update
[DLA 390-1] dbconfig-common security update
[DLA 388-1] dwarfutils security update
Package : dwarfutils
Version : 20100214-1+deb6u1
CVE ID : CVE-2015-8750
It was discovered that there was a NULL deference in dwarfutils, a tool
to dump DWARF debug information from ELF objects.
For Debian 6 Squeeze, this issue has been fixed in dwarfutils version
20100214-1+deb6u1.
[DLA 389-1] giflib security update
Package : giflib
Version : 4.1.6-9+deb6u1
CVE ID : CVE-2015-7555
Debian Bug : 808704
It was discovered that a maliciously crafted GIF can crash the giffix
utility which is part of giflib-tools.
We recommend that you upgrade your giflib-tools package to version
4.1.6-9+deb6u1 (Debian squeeze LTS).
[DLA 390-1] dbconfig-common security update
Package : dbconfig-common
Version : 1.8.46+squeeze.1
CVE ID : NA
Debian Bug : 805638
It was discovered that dbconfig-common could, depending on the local
umask, make PostgreSQL database backups that were readable by other
users than the database owner. The issue is fixed in version
1.8.46+squeeze.1. Access rights to existing database backups (not only
for PostgreSQL) will be limited to the owner of the backup during the
upgrade of dbconfig-common to this version. Future upgrades will not
change access rights in case the local administrator has specific
requirements.
dbconfig-common is a Debian helper package that is used by a number of
packages to manage the corresponding database.
