Debian 10260 Published by

The following updates has been released for Debian 6 LTS:

[DLA 388-1] dwarfutils security update
[DLA 389-1] giflib security update
[DLA 390-1] dbconfig-common security update



[DLA 388-1] dwarfutils security update

Package : dwarfutils
Version : 20100214-1+deb6u1
CVE ID : CVE-2015-8750

It was discovered that there was a NULL deference in dwarfutils, a tool
to dump DWARF debug information from ELF objects.

For Debian 6 Squeeze, this issue has been fixed in dwarfutils version
20100214-1+deb6u1.

[DLA 389-1] giflib security update

Package : giflib
Version : 4.1.6-9+deb6u1
CVE ID : CVE-2015-7555
Debian Bug : 808704

It was discovered that a maliciously crafted GIF can crash the giffix
utility which is part of giflib-tools.

We recommend that you upgrade your giflib-tools package to version
4.1.6-9+deb6u1 (Debian squeeze LTS).

[DLA 390-1] dbconfig-common security update

Package : dbconfig-common
Version : 1.8.46+squeeze.1
CVE ID : NA
Debian Bug : 805638

It was discovered that dbconfig-common could, depending on the local
umask, make PostgreSQL database backups that were readable by other
users than the database owner. The issue is fixed in version
1.8.46+squeeze.1. Access rights to existing database backups (not only
for PostgreSQL) will be limited to the owner of the backup during the
upgrade of dbconfig-common to this version. Future upgrades will not
change access rights in case the local administrator has specific
requirements.

dbconfig-common is a Debian helper package that is used by a number of
packages to manage the corresponding database.