The following two updates has been released for Debian 6 LTS:
[DLA 242-1] imagemagick security update
[DLA 244-1] strongswan security update
[DLA 242-1] imagemagick security update
[DLA 244-1] strongswan security update
[DLA 242-1] imagemagick security update
Package : imagemagick
Version : 8:6.6.0.4-3+squeeze6
CVE ID : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562
Debian Bug : #773834 #767240 #683285 #692367
This update fixes a large number of potential security problems due to
insufficient data validation when parsing different input
formats. Most of those potential security problems do not have a CVE
number assigned.
While the security implications of all of these problems are not all
fully known, it is highly recommended to update.
The update fixes the following identified vulnerabilities:
CVE-2012-3437
Incorrect validation of PNG buffer size, leading to DoS using
specially crafted PNG files.
CVE-2014-8354
Out of bounds memory access in resize
CVE-2014-8355
Buffer overflow in PCX reader
CVE-2014-8562
Buffer overflow in DCM readers
[DLA 244-1] strongswan security update
Package : strongswan
Version : 4.4.1-5.7
CVE ID : CVE-2015-4171
Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec
suite used to establish IPsec protected links.
When a client authenticate the server with certificates and the client
authenticates using pre-shared key or EAP, the constraints on the server
certificate are only enforced by the client after all authentication
steps are completed successfully. A rogue server which can authenticate
using a valid certificate issued by any CA trusted by the client could
trick the user into continuing the authentication, revealing the
username and password digest (for EAP) or even the cleartext password
(if EAP-GTC is accepted).