The following updates has been released for Debian 6 LTS:
[DLA 204-1] file security update
[DLA 205-1] ppp security update
[DLA 204-1] file security update
[DLA 205-1] ppp security update
[DLA 204-1] file security update
Package : file
Version : 5.04-5+squeeze10
CVE ID : CVE-2014-9653
Debian Bug : 777585
This update fixes the following issue in the file package:
CVE-2014-9653
readelf.c does not consider that pread calls sometimes read only
a subset of the available data, which allows remote attackers to
cause a denial of service (uninitialized memory access) or
possibly have unspecified other impact via a crafted ELF file.
[DLA 205-1] ppp security update
Package : ppp
Version : 2.4.5-4+deb6u2
CVE ID : CVE-2015-3310
Debian Bug : 782450
Emanuele Rocca discovered that ppp, a daemon implementing the
Point-to-Point Protocol, was subject to a buffer overflow when
communicating with a RADIUS server. This would allow unauthenticated
users to cause a denial-of-service by crashing the daemon.