Debian 10260 Published by

The following two updates are available for Debian 6 LTS:

[DLA 444-1] php5 security update
[DLA 445-1] squid3 security update



[DLA 444-1] php5 security update

Package : php5
Version : 5.3.3.1-7+squeeze29
CVE ID : CVE-2015-2305 CVE-2015-2348

CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry
Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
32-bit platforms, as used in NetBSD through 6.1.5 and other
products, might allow context-dependent attackers to execute
arbitrary code via a large regular expression that leads to
a heap-based buffer overflow.
CVE-2015-2348
The move_uploaded_file implementation in
ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
encountering a \x00 character, which allows remote attackers to
bypass intended extension restrictions and create files with
unexpected names via a crafted second argument.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2006-7243.
CVE-2016-tmp, Bug #71039
exec functions ignore length but look for NULL termination
CVE-2016-tmp, Bug #71089
No check to duplicate zend_extension
CVE-2016-tmp, Bug #71201
round() segfault on 64-bit builds
CVE-2016-tmp, Bug #71459
Integer overflow in iptcembed()
CVE-2016-tmp, Bug #71354
Heap corruption in tar/zip/phar parser
CVE-2016-tmp, Bug #71391
NULL Pointer Dereference in phar_tar_setupmetadata()
CVE-2016-tmp, Bug #70979
Crash on bad SOAP request

[DLA 445-1] squid3 security update

Package : squid3
Version : 3.1.6-1.2+squeeze6
CVE ID : CVE-2016-2569 CVE-2016-2571
Debian Bug : 816011

Several security issues have been discovered in the Squid caching proxy.

CVE-2016-2569

Squid wrongly checked boundaries of String data, making it possible
for remote attackers to cause a Denial-of-Service by a crafted HTTP
Vary header. Issue found by Mathias Fischer from Open Systems AG.

CVE-2016-2571

Squid was susceptible to a Denial of Service caused by storing
certain kind of data after failing to parse a response. Issue
discovered by Alex Rousskov from The Measurement Factory

For Debian 6 "Squeeze", these issues have been fixed in squid3 version
3.1.6-1.2+squeeze6. We recommend you to upgrade your squid3 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/