The following 4 updates are available for Debian 6 LTS:
[DLA 360-1] linux-2.6 security update
[DLA 361-1] bouncycastle security update
[DLA 362-1] dhcpcd security update
[DLA 363-1] libphp-phpmailer security update
[DLA 360-1] linux-2.6 security update
[DLA 361-1] bouncycastle security update
[DLA 362-1] dhcpcd security update
[DLA 363-1] libphp-phpmailer security update
[DLA 360-1] linux-2.6 security update
Package : linux-2.6
Version : 2.6.32-48squeeze17
CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990
CVE-2015-8324
This update fixes the CVEs described below.
CVE-2013-7446
Dmitry Vyukov discovered that a particular sequence of valid
operations on local (AF_UNIX) sockets can result in a
use-after-free. This may be used to cause a denial of service
(crash) or possibly for privilege escalation.
CVE-2015-7799
郭永刚 discovered that a user granted access to /dev/ppp can cause
a denial of service (crash) by passing invalid parameters to the
PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.
CVE-2015-7833
Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
flaw in the processing of certain USB device descriptors in the
usbvision driver. An attacker with physical access to the system can
use this flaw to crash the system.
CVE-2015-7990
It was discovered that the fix for CVE-2015-6937 was incomplete. A
race condition when sending a message on unbound socket can still
cause a NULL pointer dereference. A remote attacker might be able to
cause a denial of service (crash) by sending a crafted packet.
CVE-2015-8324
"Valintinr" reported that an attempt to mount a corrupted ext4
filesystem may result in a kernel panic. A user permitted to
mount filesystems could use this flaw to crash the system.
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze17. We recommend that you upgrade your
linux-2.6 packages.
For the oldstable (wheezy) and stable (jessie) distributions,
CVE-2015-7833, CVE-2015-7990 and CVE-2015-8324 have been fixed and the
other issues will be fixed soon.
[DLA 361-1] bouncycastle security update
Package : bouncycastle
Version : 1.44+dfsg-2+deb6u1
CVE ID : CVE-2015-7940
Debian Bug : 802671
The Bouncy Castle Java library before 1.51 does not validate that a point
is within the elliptic curve, which makes it easier for remote attackers
to obtain private keys via a series of crafted elliptic curve Diffie
Hellman (ECDH) key exchanges, aka an "invalid curve attack."
For Debian 6 “Squeeze”, this issue has been fixed in version
1.44+dfsg-2+deb6u1 of bouncycastle.
Many thanks to upstream author Peter Dettmann who reviewed the backport
that we prepared.
[DLA 362-1] dhcpcd security update
Package : dhcpcd
Version : 1:3.2.3-5+squeeze2
CVE ID : CVE-2012-6698 CVE-2012-6699 CVE-2012-6700
Guido Vranken discovered several memory-related vulnerabilities
while fuzzing DHCP messages sent to dhcpcd.
For Debian 6 “Squeeze”, those issues have been fixed in version
1:3.2.3-5+squeeze2.
CVE-2012-6698
Out-of-bounds write with specially crafted DHCP messages.
CVE-2012-6699
Out-of-bounds read with specially crafted DHCP messages.
CVE-2012-6700
Use after free with specially crafted DHCP messages.
[DLA 363-1] libphp-phpmailer security update
Package : libphp-phpmailer
Version : 5.1-1+deb6u11
CVE ID : CVE-2015-8476
Debian Bug : 807265
It was discovered that there was a header injection vulnerability in
libphp-phpmailer, am email transfer library for PHP.
For Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer
version 5.1-1+deb6u11.
