Florian Maury from ANSSI discovered a flaw in pdns-recursor, a
recursive DNS server : a remote attacker controlling
maliciously-constructed zones or a rogue server could affect the
performance of pdns-recursor, thus leading to resource exhaustion and
a potential denial-of-service.

Simon McVittie discovered that the fix for
CVE-2014-3636 was incorrect, as it did not fully address the underlying
denial-of-service vector. This update starts the D-Bus daemon as root
initially, so that it can properly raise its file descriptor count.

Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service.

Florian Maury from ANSSI discovered that unbound, a validating,
recursive, and caching DNS resolver, was prone to a denial of service
vulnerability. An attacker crafting a malicious zone and able to emit
(or make emit) queries to the server can trick the resolver into
following an endless series of delegations, leading to ressource
exhaustion and huge network usage.

It was discovered that BIND, a DNS server, is prone to a denial of
service vulnerability.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation:

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors, buffer overflows, use-after-frees and other implementation errors
may lead to the execution of arbitrary code, the bypass of security
restrictions or denial of service.

Several vulnerabilities have been discovered in getmail4, a mail
retriever with support for POP3, IMAP4 and SDPS, that could allow
man-in-the-middle attacks.

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.

Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.