Debian 9859 Published by

The following updates has been released for Debian 6 LTS:

[DLA 315-1] nss security update
[DLA 316-1] eglibc security update



[DLA 315-1] nss security update

Package : nss
Version : 3.12.8-1+squeeze12
CVE ID : CVE-2015-2721 CVE-2015-2730

Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2015-2721

Karthikeyan Bhargavan discovered that NSS incorrectly handles state
transitions for the TLS state machine. A man-in-the-middle attacker
could exploit this flaw to skip the ServerKeyExchange message and
remove the forward-secrecy property.

CVE-2015-2730

Watson Ladd discovered that NSS does not properly perform Elliptical
Curve Cryptography (ECC) multiplication, allowing a remote attacker
to potentially spoof ECDSA signatures.

For the oldoldstable distribution (squeeze), these problems have been fixed
in version 3.12.8-1+squeeze12.

We recommend that you upgrade your nss packages.


[DLA 316-1] eglibc security update

Package : eglibc
Version : 2.11.3-4+deb6u7
CVE ID : CVE-2014-8121
Bug-Reference : 779587

Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.

Glibc pointer guarding weakness

A weakness in the dynamic loader prior has been found. The issue is
that the LD_POINTER_GUARD in the environment is not sanitized
allowing local attackers easily to bypass the pointer guarding
protection on set-user-ID and set-group-ID programs.

Potential application crash due to overread in fnmatch

When processing certain malformed patterns, fnmatch can skip over the
NUL byte terminating the pattern. This can potentially result in an
application crash if fnmatch hits an unmapped page before
encountering a NUL byte.

_IO_wstr_overflow integer overflow

A miscalculation in _IO_wstr_overflow could potentially be exploited
to overflow a buffer.

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS)
in GNU C Library (aka glibc or libc6) 2.21 and earlier does not
properly check if a file is open, which allows remote attackers to
cause a denial of service (infinite loop) by performing a look-up
while the database is iterated over the database, which triggers the
file pointer to be reset.


For the oldoldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u7.

We recommend that you update your packages.