Debian 9858 Published by

The following 4 updates are available for Debian 6 LTS:

[DLA 360-1] linux-2.6 security update
[DLA 361-1] bouncycastle security update
[DLA 362-1] dhcpcd security update
[DLA 363-1] libphp-phpmailer security update



[DLA 360-1] linux-2.6 security update

Package        : linux-2.6
Version        : 2.6.32-48squeeze17
CVE ID         : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990
                 CVE-2015-8324

This update fixes the CVEs described below.

CVE-2013-7446

    Dmitry Vyukov discovered that a particular sequence of valid
    operations on local (AF_UNIX) sockets can result in a
    use-after-free.  This may be used to cause a denial of service
    (crash) or possibly for privilege escalation.

CVE-2015-7799

    郭永刚 discovered that a user granted access to /dev/ppp can cause
    a denial of service (crash) by passing invalid parameters to the
    PPPIOCSMAXCID ioctl.  This also applies to ISDN PPP device nodes.

CVE-2015-7833

    Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
    flaw in the processing of certain USB device descriptors in the
    usbvision driver. An attacker with physical access to the system can
    use this flaw to crash the system.

CVE-2015-7990

    It was discovered that the fix for CVE-2015-6937 was incomplete. A
    race condition when sending a message on unbound socket can still
    cause a NULL pointer dereference. A remote attacker might be able to
    cause a denial of service (crash) by sending a crafted packet.

CVE-2015-8324

    "Valintinr" reported that an attempt to mount a corrupted ext4
    filesystem may result in a kernel panic.  A user permitted to
    mount filesystems could use this flaw to crash the system.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze17.  We recommend that you upgrade your
linux-2.6 packages.

For the oldstable (wheezy) and stable (jessie) distributions,
CVE-2015-7833, CVE-2015-7990 and CVE-2015-8324 have been fixed and the
other issues will be fixed soon.

[DLA 361-1] bouncycastle security update

Package : bouncycastle
Version : 1.44+dfsg-2+deb6u1
CVE ID : CVE-2015-7940
Debian Bug : 802671

The Bouncy Castle Java library before 1.51 does not validate that a point
is within the elliptic curve, which makes it easier for remote attackers
to obtain private keys via a series of crafted elliptic curve Diffie
Hellman (ECDH) key exchanges, aka an "invalid curve attack."

For Debian 6 “Squeeze”, this issue has been fixed in version
1.44+dfsg-2+deb6u1 of bouncycastle.

Many thanks to upstream author Peter Dettmann who reviewed the backport
that we prepared.

[DLA 362-1] dhcpcd security update

Package : dhcpcd
Version : 1:3.2.3-5+squeeze2
CVE ID : CVE-2012-6698 CVE-2012-6699 CVE-2012-6700

Guido Vranken discovered several memory-related vulnerabilities
while fuzzing DHCP messages sent to dhcpcd.

For Debian 6 “Squeeze”, those issues have been fixed in version
1:3.2.3-5+squeeze2.

CVE-2012-6698

Out-of-bounds write with specially crafted DHCP messages.

CVE-2012-6699

Out-of-bounds read with specially crafted DHCP messages.

CVE-2012-6700

Use after free with specially crafted DHCP messages.

[DLA 363-1] libphp-phpmailer security update

Package : libphp-phpmailer
Version : 5.1-1+deb6u11
CVE ID : CVE-2015-8476
Debian Bug : 807265

It was discovered that there was a header injection vulnerability in
libphp-phpmailer, am email transfer library for PHP.

For Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer
version 5.1-1+deb6u11.