Debian 10225 Published by

3 updates for Debian 6 LTS and one for Debian 7 has been released:

[DLA 120-1] xorg-server security update
[DLA 121-1] jasper security update
[DLA 122-1] eglibc security update
[DSA 3111-1] cpio security update



[DLA 120-1] xorg-server security update

Package : xorg-server
Version : 2:1.7.7-18+deb6u1
CVE ID : CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094
CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098
CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102

Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2:1.7.7-18+deb6u1.

We recommend that you upgrade your xorg-server packages.

[DLA 121-1] jasper security update

Package : jasper
Version : 1.900.1-7+squeeze3
CVE ID : CVE-2014-8137 CVE-2014-8138

Jose Duart of the Google Security Team discovered a double free flaw
(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)
in JasPer, a library for manipulating JPEG-2000 files. A specially
crafted file could cause an application using JasPer to crash or,
possibly, execute arbitrary code.

[DLA 122-1] eglibc security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package : eglibc
Version : 2.11.3-4+deb6u3
CVE ID : CVE-2014-9402

Avoid infinite loop in nss_dns getnetbyname [BZ #17630]

[DSA 3111-1] cpio security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3111-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
December 22, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cpio
CVE ID : CVE-2014-9112
Debian Bug : 772793

Michal Zalewski discovered an out of bounds write issue in cpio, a tool
for creating and extracting cpio archive files. In the process of
fixing that issue, the cpio developers found and fixed additional
range checking and null pointer dereference issues.

For the stable distribution (wheezy), this problem has been fixed in
version 2.11+dfsg-0.1+deb7u1.

For the upcoming stable distribution (jessie), this problem will be
fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.11+dfsg-4.

We recommend that you upgrade your cpio packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/