Florian Maury from ANSSI discovered a flaw in pdns-recursor, a
recursive DNS server : a remote attacker controlling
maliciously-constructed zones or a rogue server could affect the
performance of pdns-recursor, thus leading to resource exhaustion and
a potential denial-of-service.
Category Archives: Debian
Debian Security Advisories
DSA-3099 dbus – security update
Simon McVittie discovered that the fix for
CVE-2014-3636 was incorrect, as it did not fully address the underlying
denial-of-service vector. This update starts the D-Bus daemon as root
initially, so that it can properly raise its file descriptor count.
DSA-3095 xorg-server – security update
Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service.
DSA-3097 unbound – security update
Florian Maury from ANSSI discovered that unbound, a validating,
recursive, and caching DNS resolver, was prone to a denial of service
vulnerability. An attacker crafting a malicious zone and able to emit
(or make emit) queries to the server can trick the resolver into
following an endless series of delegations, leading to ressource
exhaustion and huge network usage.
DSA-3094 bind9 – security update
It was discovered that BIND, a DNS server, is prone to a denial of
service vulnerability.
DSA-3093 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation:
DSA-3092 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors, buffer overflows, use-after-frees and other implementation errors
may lead to the execution of arbitrary code, the bypass of security
restrictions or denial of service.
DSA-3091 getmail4 – security update
Several vulnerabilities have been discovered in getmail4, a mail
retriever with support for POP3, IMAP4 and SDPS, that could allow
man-in-the-middle attacks.
DSA-3090 iceweasel – security update
Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
the execution of arbitrary code, the bypass of security restrictions or
denial of service.
DSA-3088 qemu-kvm – security update
Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu-kvm, a full
virtualization solution on x86 hardware. A privileged guest user could
use this flaw to write into qemu address space on the host, potentially
escalating their privileges to those of the qemu host process.