An updated version of ia32-libs and ia32-libs-gtk (20150804) is available in squeeze-lts, which fixes a couple of security issues. From ia32-libs changelog: ====================================================================== [ cups (1.4.4-7+squeeze8) squeeze-lts; urgency=medium ] * Import 1.4 upstream fix for CERT VU#810572: Privilege escalation through dynamic linker and isolated vulnerabilities: STR: #4609, VU#810572 - CVE-2015-1158 - Improper Update of Reference Count - CVE-2015-1159 - Cross-Site Scripting [ curl (7.21.0-2.1+squeeze12) squeeze-lts; urgency=high ] * Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html [ expat (2.0.1-7+squeeze2) squeeze-lts; urgency=low ] * CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. [ libidn (1.15-2+deb6u1) squeeze-lts; urgency=high ] * stringprep_utf8_to_ucs4 now rejects invalid UTF-8 (CVE-2015-2059) [ libsdl1.2 (1.2.14-6.1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libx11 (2:1.3.3-4+squeeze2) squeeze-lts; urgency=high ] * CVE-2013-7439: buffer overflow in the MakeBigReq macro [ libxext (2:1.1.2-1+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxfixes (1:4.0.5-1+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxi (2:1.3-8+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxml2 (2.7.8.dfsg-2+squeeze12) squeeze-lts; urgency=medium ] * debian/patches: + Fix CVE-2015-1819: Enforce the reader to run in constant memory. (#782782). + Fix out-of-bounds memory access when parsing an unclosed HTML comment. (#782985). + Fix out-of-bound memory access during read operations. (#783010). [ libxp (1:1.0.0.xsf1-2+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxrandr (2:1.3.0-3+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxrender (1:0.9.6-1+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libxv (2:1.0.5-1+squeeze1+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ openldap (2.4.23-7.3+deb6u1) squeeze-lts; urgency=high ] * debian/slapd.init.ldif: Disallow modifying one's own entry by default, except specific attributes. (CVE-2014-9713) (#761406) * debian/slapd.{config,templates}: On upgrade, if an access rule begins with "to * by self write", show a debconf note warning that it should be changed. * debian/slapd.README.debian: Add information about how to remove "to * by self write" from existing ACLs. * debian/po/*: Add translations of debconf warning. * debian/patches/ITS7723-fix-reference-counting.patch: Import upstream patch to fix a crash in the rwm overlay when a search is immediately followed by an unbind. (ITS#7723) (CVE-2013-4449) (#729367) * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream patch to fix a crash when a search includes the Deref control with an empty attribute list. (ITS#8027) (CVE-2015-1545) (#776988) * debian/patches/ITS7143-fix-attr_dup2-when-attrsOnly.patch: Import upstream patch to fix a crash when doing an attrsOnly search of a database configured with both the rwm and translucent overlays. (ITS#7143) (CVE-2012-1164) (#663644) [ openssl (0.9.8o-4squeeze21) squeeze-lts; urgency=medium ] * Fix CVE-2015-1791 * Fix CVE-2015-1792 * Fix CVE-2015-1790 * Fix CVE-2015-1789 * Fix CVE-2014-8176 * CVE-2015-4000: Have minimum of 768 bit for DH [ tiff (3.9.4-5+squeeze12) squeeze-lts; urgency=high ] * Non-maintainer upload by the Squeeze LTS team * Fixes for most of CVE-2014-8127 (out-of-bounds reads; bugs #2484, #2485, #2486) * Fixes for CVE-2014-8128 (out-of-bounds writes; bugs #2489, #2492, #2493, #2495, #2499, #2501) * Fix for CVE-2014-8129 (out-of-bounds read and write in NeXT 2-bit Grey Scale Compression Algorithm decoder; bugs #2487, #2488) * Fix for CVE-2014-9330 (out-of-bounds read in bmp2tiff; bug #2494) (#773987) * Fix for CVE-2014-9655 (out-of-bounds reads in NeXT 2-bit Grey Scale Compression Algorithm decoder and YCbCr-RGB converters) ====================================================================== And from ia32-libs-gtk: ====================================================================== [ cairo (1.8.10-6+build1) squeeze-lts; urgency=medium ] * Rebuild against libx11-dev fixed for CVE-2013-7439. [ libwmf (0.2.8.4-6.2+deb6u2) squeeze-lts; urgency=medium ] * Add patch to fix CVE-2015-4695: meta_pen_create heap buffer overflow Thanks to Fernando Muñoz <fernando@null-life.com>. #784205 * Add patch to fix CVE-2015-4696: wmf2gd/wmf2eps use after free Thanks to Caolán McNamara <caolanm@redhat.com> for the patch. #784192 [ libwmf (0.2.8.4-6.2+deb6u1) squeeze-lts; urgency=medium ] * CVE-2015-4588: Add RLE Decoding check Fix taken from Redhat BZ https://bugzilla.redhat.com/show_bug.cgi?id=1227243 * CVE-2015-0848: Only DecodeImage if pixel is one byte Fix taken from Redhat BZ https://bugzilla.redhat.com/show_bug.cgi?id=1227243 #787644 [ qt4-x11 (4:4.6.3-4+squeeze3) squeeze-lts; urgency=high ] * Add CVE-2014-0254.patch prepared by Salvatore Bonaccorso. Squeeze LTS does not support kfreebsd so the side effect on those architectures can be safely ignored. * This update includes fixes for multiple security issues: - CVE-2013-0254: information leak through world-readable shared memory segments - CVE-2015-0295 and CVE-2015-1858: denial of service through crafted BMP file - CVE-2015-1859: denial of service through crafted ICO file - CVE-2015-1860: denial of service through crafted GIF file #779550, #783133 ======================================================================
I guess this affects firefox, univention-java and probably also acrobat reader.
An updated version of ia32-libs (20151231) is available in squeeze-lts, which fixes a couple of security issues. From ia32-libs changelog: ====================================================================== [ arts (1.5.9-3+deb6u1) squeeze-lts; urgency=medium ] . * Non-maintaine upload by the Debian LTS team. * Add debian/patches/99_CVE-2015-7543.diff to fix CVE-2015-7543: insecure use of mktemp() leading to possible hijack of IPC directory. . [ cups (1.4.4-7+squeeze10) squeeze-lts; urgency=medium ] . * Fix buffer overflow on size allocation of texttopdf. Updated debian/local/filters/pdf-filters/filter/texttopdf.c - CVE-2015-3258: Heap-based buffer overflow in the WriteProlog function. - CVE-2015-3279: Integer overflow. . [ freetype (2.4.2-2.1+squeeze6) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2014-9745: Fix Savannah bug #41590. Protect against invalid number in t1load.c parse_encoding(). * CVE-2014-9746, CVE-2014-9747: Fix Savannah bug #41309. Correct use of uninitialized data in t1load.c, cidload.c, t42parse.c and psobjs.c. . [ gnutls26 (2.8.6-1+squeeze6) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-8313: A tiny POODLE left. Gnutls didn't check the first padding byte in CBC modes. . [ krb5 (1.8.3+dfsg-4squeeze10) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-2697: Fix build_principal memory bug * Backport k5memdup0 from 1.13.2 for that * CVE-2015-2695: Fix SPNEGO context aliasing bugs * The upstream patch for CVE-2015-2695 introduced regressions preventing the use of gss_import_sec_context() with contexts established using SPNEGO; the fixes for those regressions are included here. . [ libidn (1.15-2+deb6u2) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS team * fix_utf8_error_handling. Issue introduced in fix for CVE-2015-2059 . [ libpng (1.2.44-1+squeeze6) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-8472 update incomplete patch for CVE-2015-8126 * CVE-2015-8540 underflow read in png_check_keyword in pngwutil.c * CVE-2012-3425 The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. In contrast to the next changelog entry, the vulnerable code is present. . [ libpng (1.2.44-1+squeeze5) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-7981 Added a safety check in png_set_tIME() (Bug report from Qixue Xiao). * CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. * CVE-2012-3425 vulnerable code is not present here . [ libsndfile (1.0.21-3+squeeze2) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * debian/patches : - Add 102_sd2_buffer_read_overflow.diff (CVE-2014-9496, #774162). - Add 103_file_io_divide_by_zero.diff (CVE-2014-9756, #804447). - Add 104_fix_aiff_heap_overflow.diff (CVE-2015-7805, #804445). . [ libxml2 (2.7.8.dfsg-2+squeeze16) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * Patches taken from Wheezy, thanks to Salvatore Bonaccorso * Add Avoid-processing-entities-after-encoding-conversion-.patch patch. CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl. * Add CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch. CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey. * Add CVE-2015-5312-Another-entity-expansion-issue.patch patch. CVE-2015-5312: CPU exhaustion when processing specially crafted XML input. * Add patches to address CVE-2015-7499. CVE-2015-7499: Heap-based buffer overflow in xmlGROW. Add a specific parser error (XML_ERR_USER_STOP), backported from e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream (commit to address CVE-2013-2877, the "Try to stop parsing as quickly as possible" was not backported). * Add CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch. CVE-2015-7500: Heap buffer overflow in xmlParseMisc. . [ libxml2 (2.7.8.dfsg-2+squeeze15) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * fix off by one error for previous patch for CVE-2015-7942 (thanks to Salvatore for spotting this) * Add patch for CVE-2015-8241 (#806384) Buffer overread with XML parser in xmlNextChar * Add patch for CVE-2015-8317_751631 issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the encoding declaration of the XMLDecl then it's safer to just abort there and not try to report further errors. * Add patch for CVE-2015-8317_51603 If the string is not properly terminated do not try to convert to the given encoding. . [ libxml2 (2.7.8.dfsg-2+squeeze14) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * rebuild for correct triggers file . [ libxml2 (2.7.8.dfsg-2+squeeze13) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS Team. * Add patch for CVE-2015-7942 (#802827) . [ nspr (4.8.6-1+squeeze3) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Squeeze LTS team. * Fix CVE-2015-7183, MFSA-2015-133: heap-buffer overflow in PL_ARENA_ALLOCATE . [ nss (3.12.8-1+squeeze13) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Debian LTS Team. * Add CVE-2015-7182.patch: CVE-2015-7182: Heap-based buffer overflow in the ASN.1 decoder * Add CVE-2015-7181.patch: * CVE-2015-7181: The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure * Add autopkgtest for certificate generation/signing and library linking * Add gbp.conf for LTS . [ nss (3.12.8-1+squeeze12) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Debian LTS Team. * Add CVE-2015-2730.patch: CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly. * Add CVE-2015-2721.patch: CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange. . [ openldap (2.4.23-7.3+deb6u2) squeeze-lts; urgency=high ] . * Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (ITS#8240) (CVE-2015-6908) (#798622) . [ openssl (0.9.8o-4squeeze22) squeeze-lts; urgency=medium ] . * Fix CVE-2015-3195 ======================================================================
An updated version of ia32-libs and ia32-libs-gtk (20160228) is available in squeeze-lts, which fixes a couple of security issues. From ia32-libs changelog: ====================================================================== [ krb5 (1.8.3+dfsg-4squeeze11) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Squeeze LTS Team. * patches taken from the Wheezy version (prepared by Salvatore Bonaccorso) * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (#813296) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (#813126) . [ libssh2 (1.2.6-1+deb6u2) squeeze-lts; urgency=high ] . * Non-maintainer upload by the Debian LTS team * diffie_hellman_sha256: convert bytes to bits (CVE-2016-0787) . [ nss (3.12.8-1+squeeze14) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Debian LTS Team. * Add CVE-2016-1938.patch: CVE-2016-1938: The s_mp_div function improperly divides numbers . [ openssl (0.9.8o-4squeeze23) squeeze-lts; urgency=medium ] . * Fix CVE-2015-3197 * Always generate new key for DHE. . [ tiff (3.9.4-5+squeeze14) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Squeeze LTS Team * Fix CVE-2015-8781, CVE-2015-8782 and CVE-2015-8783: out-of-band read/write when decoding invalid data * Fix CVE-2015-8784: potential out-of-bound write in NeXTDecode() . [ tiff (3.9.4-5+squeeze13) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2015-8665: Out-of-bounds read in TIFFRGBAImage interface. * Fix CVE-2015-8683: Out-of-bounds read in CIE Lab image format. ====================================================================== And from ia32-libs-gtk: ====================================================================== [ gtk+2.0 (2.20.1-2+deb6u2) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Squeeze LTS Team. * Fix CVE-2015-4491: Integer overflow in gdk-pixbuf's pixops/pixops.c allowed to execute arbitrary code or cause a DoS via crafted bitmaps of specific size. * Fix CVE-2015-7673: io-tga.c in gdk-pixbuf was susceptible to a heap overflow, allowing remote attackers to cause a DoS or execute arbitrary code via a crafted Truevision TGA (TARGA) file. * Fix CVE-2015-7674: Heap overflow in gdk-pixbuf when scaling a GIF file. * Thanks to Tor Perkins <torp@torp.com>. . [ gtk+2.0 (2.20.1-2+deb6u1) squeeze-lts; urgency=medium ] . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2013-7447: integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf. #799275. . [ pixman (0.16.4-1+deb6u2) squeeze-lts; urgency=high ] . * CVE-2014-9766: Fix buffer overflow when creating large images. ======================================================================
The upstream packages have been imported and built in errata3.2-8. Advisories: * ia32-libs.yaml * ia32-libs-gtk.yaml
Tests: OK Advisories: OK
<http://errata.software-univention.de/ucs/3.2/404.html> <http://errata.software-univention.de/ucs/3.2/405.html>