[SECURITY] [DLA 380-1] libvncserver security update
Package: libvncserver Version: 0.9.7-2+deb6u2 An issue had been discovered and resolved by the libvncserver upstream developer Karl Runge addressing thread-safety in libvncserver when libvncserver is used for handling multiple VNC connections [1]. Unfortunately, it is not trivially feasible (because of ABI breakage) to backport the related patch to libvncserver 0.9.7 as shipped in Debian squeeze(-lts). However, the thread-safety patch discussed resolved a related issue of memory corruption caused by freeing global variables without nullifying them when reusing them in another "thread", especially occurring when libvncserver is used for handling multiple VNC connections The described issue has been resolved with this version of libvncserver and users of VNC are recommended to upgrade to this version of the package. [1] https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6 -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net signature.asc Description: Digital signature
[SECURITY] [DLA 374-3] cacti regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: cacti Version: 0.8.7g-1+squeeze9+deb6u13 CVE ID : CVE-2015-8369 Debian Bug : 807599 It was discovered that there was a regression in the patch intended to fix CVE-2015-8369 in the recent upload of cacti 0.8.7g-1+squeeze9+deb6u12. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u13. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWil7aAAoJEB6VPifUMR5YYzoQAI7kJdJvfTDBc/RsQn66GxUi ohGZN3B22VFm+UebUyz6cu06ojnenG5+DESz2ldwJFijbsJ7WrvyElHiq1ymaRQy YmT4aQRyEO21Do+8m0wrFDr+ILrQLENL/TCrgMBSBE+3dxUUBjy9FA9ze+U5YZph 6nZhP4+ZGcmLqxQai8YOFj5Ey9ktNkyumdMTadDIX+x2xPrPXuSGzc2VNUCeScHH jN6vEsbJbAn8wsnvF8V+txNqx5da4GAUW6uZiXMFclK98049Nle0yVl+GsKNk/S6 /tT6udMRFbqIaPCD4iHEvUW4xb7VyfiI+uxo4iVynMCzTsGTGk0qxBMsHvHinz0U jBiDQG8+yi/bv6HE9xaEE/eQkV8EgrK2I6EuSUguif0w0JutbckyX5ms0nwiRvCI msF6J99VlPfkdAyOCYJXTkl07U3j/jWJZ6jvSPhhOiW+Wmg2mCAc3J8EE16ASLfV 4OtKqAXzyNpivb0dWR9Aw99xnt0OgcOgC7KG5X7GI3fi7Lkn6h0ZVyf4xkENFR+y z8nmqkz1PQ3jFio4zH1HTuI1FkDDDa+37cydF5a2zFsnAxf5RypYKzjfFxbnuxs7 PnAoYvyYZn+5VGgiyUptu5tvoe2sRdrZlCw8OeBfTV9O52yYv3DFhbmlY6Zt/HIO LCbjhpuj/p1VE7SewKp5 =sqT4 -END PGP SIGNATURE-