Debian 9844 Published by

The following security updates has been released for Debian 6 LTS:

[DLA 411-2] eglibc regression update
[DLA 414-1] chrony security update



[DLA 411-2] eglibc regression update

Package : eglibc
Version : 2.11.3-4+deb6u10
CVE ID : CVE-2014-9761
Debian Bug : 814078

The fix for CVE-2014-9761 in Squeeze wrongly backported the upstream
patch. New symbols were not declared as private and the ABI changed.
This made some programs and services crash after the upgrade, and needed
to be restarted.


[DLA 414-1] chrony security update

Package : chrony
Version : 1.24-3+squeeze3
CVE ID : CVE-2016-1567
Debian Bug : 812923

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer
associations of symmetric keys when authenticating packets, which might
allow remote attackers to conduct impersonation attacks via an arbitrary
trusted key, aka a "skeleton key."