Debian 10206 Published by

The following updates has been released for Debian 6 LTS:

[DLA 356-1] libsndfile security update
[DLA 357-1] libphp-snoopy security update



[DLA 356-1] libsndfile security update

Package : libsndfile
Version : 1.0.21-3+squeeze2
CVE ID : CVE-2014-9496 CVE-2014-9756 CVE-2015-7805
Debian Bug : 774162 804445 804447

CVE-2014-9496

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows
attackers to have unspecified impact via vectors related to a (1) map
offset or (2) rsrc marker, which triggers an out-of-bounds read.

CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to
cause a denial of service (divide-by-zero error and application crash)
via unspecified vectors related to the headindex variable.

CVE-2015-7805

Heap-based buffer overflow in libsndfile 1.0.25 allows remote
attackers to have unspecified impact via the headindex value in the
header in an AIFF file.

[DLA 357-1] libphp-snoopy security update

Package : libphp-snoopy
Version : 2.0.0-1~deb6u1
CVE ID : CVE-2008-7313 CVE-2014-5008
Debian Bug : 778634

It was discovered that missing input sanitizing in Snoopy, a PHP class that
simulates a web browser may result in the execution of arbitrary
commands.

For the oldoldstable distribution (squeeze-lts), this problem has been fixed
in version 2.0.0-1~deb6u1.

We recommend that you upgrade your libphp-snoopy packages.