Debian 10250 Published by

The following updates has been released for Debian 6 LTS:

[DLA 204-1] file security update
[DLA 205-1] ppp security update



[DLA 204-1] file security update

Package : file
Version : 5.04-5+squeeze10
CVE ID : CVE-2014-9653
Debian Bug : 777585

This update fixes the following issue in the file package:

CVE-2014-9653

readelf.c does not consider that pread calls sometimes read only
a subset of the available data, which allows remote attackers to
cause a denial of service (uninitialized memory access) or
possibly have unspecified other impact via a crafted ELF file.



[DLA 205-1] ppp security update

Package : ppp
Version : 2.4.5-4+deb6u2
CVE ID : CVE-2015-3310
Debian Bug : 782450

Emanuele Rocca discovered that ppp, a daemon implementing the
Point-to-Point Protocol, was subject to a buffer overflow when
communicating with a RADIUS server. This would allow unauthenticated
users to cause a denial-of-service by crashing the daemon.