Debian 10260 Published by

The following updates has been released for Debian GNU/Linux:

[DLA 269-1] linux-ftpd-ssl security update
[DSA 3303-1] cups-filters security update
[DSA 3304-1] bind9 security update



[DLA 269-1] linux-ftpd-ssl security update

Package : linux-ftpd-ssl
Version : 0.17.32+0.3-1+deb6u1
Debian Bug : 788331

The issue is due to a case of missing brackets in the
patch '500-ssl.diff', which causes the execution of
'fclose(NULL)' and thus displays as a segmentation fault.
The error appears while transmogrifying 'linux-ftpd' into
'linux-ftpd-ssl'.

There is no CVE assigned to this issue.

The patch was created by Mats Erik Andersson.

[DSA 3303-1] cups-filters security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3303-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
July 07, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cups-filters
CVE ID : CVE-2015-3258 CVE-2015-3279

It was discovered that the texttopdf utility, part of cups-filters, was
susceptible to multiple heap-based buffer overflows due to improper
handling of print jobs with a specially crafted line size. This could
allow remote attackers to crash texttopdf or possibly execute arbitrary
code.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.18-2.1+deb7u2.

For the stable distribution (jessie), these problems have been fixed in
version 1.0.61-5+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.71-1.

We recommend that you upgrade your cups-filters packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3304-1] bind9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3304-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 07, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2015-4620

Breno Silveira Soares of Servico Federal de Processamento de Dados
(SERPRO) discovered that the BIND DNS server is prone to a denial of
service vulnerability. A remote attacker who can cause a validating
resolver to query a zone containing specifically constructed contents
can cause the resolver to terminate with an assertion failure, resulting
in a denial of service to clients relying on the resolver.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/