Debian 10225 Published by

The following updates for Debian has been released:

[DLA 304-1] openslp-dfsg security update
[DSA 3347-1] pdns security update
[DSA 3348-1] qemu security update
[DSA 3349-1] qemu-kvm security update
[DSA 3350-1] bind9 security update



[DLA 304-1] openslp-dfsg security update

Package : openslp-dfsg
Version : 1.2.1-7.8+deb6u1
CVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177
Debian Bug : 623551 687597 795429

Several issues have been found and solved in OpenSLP, that implements the
Internet Engineering Task Force (IETF) Service Location Protocol standards
protocol.

CVE-2010-3609

Remote attackers could cause a Denial of Service in the Service Location
Protocol daemon (SLPD) via a crafted packet with a "next extension offset".

CVE-2012-4428

Georgi Geshev discovered that an out-of-bounds read error in the
SLPIntersectStringList() function could be used to cause a DoS.

CVE-2015-5177

A double free in the SLPDProcessMessage() function could be used to cause
openslp to crash.

For Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg
version 1.2.1-7.8+deb6u1.

We recommend that you upgrade your openslp-dfsg packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/


[DSA 3347-1] pdns security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3347-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
September 02, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2015-5230

Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns,
an authoritative DNS server, was incorrectly processing some DNS
packets; this would enable a remote attacker to trigger a DoS by
sending specially crafted packets causing the server to crash.

For the stable distribution (jessie), this problem has been fixed in
version 3.4.1-4+deb8u3.

For the testing distribution (stretch) and unstable distribution
(sid), this problem has been fixed in version 3.4.6-1.

We recommend that you upgrade your pdns packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3348-1] qemu security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3348-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 02, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225
CVE-2015-5745
Debian Bug : 793811 794610 795087 795461 796465

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2015-3214

Matt Tait of Google's Project Zero security team discovered a flaw
in the QEMU i8254 PIT emulation. A privileged guest user in a guest
with QEMU PIT emulation enabled could potentially use this flaw to
execute arbitrary code on the host with the privileges of the
hosting QEMU process.

CVE-2015-5154

Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
IDE subsystem in QEMU while processing certain ATAPI commands. A
privileged guest user in a guest with the CDROM drive enabled could
potentially use this flaw to execute arbitrary code on the host with
the privileges of the hosting QEMU process.

CVE-2015-5165

Donghai Zhu discovered that the QEMU model of the RTL8139 network
card did not sufficiently validate inputs in the C+ mode offload
emulation, allowing a malicious guest to read uninitialized memory
from the QEMU process's heap.

CVE-2015-5225

Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc
discovered a buffer overflow flaw in the VNC display driver leading
to heap memory corruption. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash), or
potentially to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2015-5745

A buffer overflow vulnerability was discovered in the way QEMU
handles the virtio-serial device. A malicious guest could use this
flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only
affected by CVE-2015-5165 and CVE-2015-5745.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 1:2.4+dfsg-1a.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3349-1] qemu-kvm security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3349-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 02, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : qemu-kvm
CVE ID : CVE-2015-5165 CVE-2015-5745

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2015-5165

Donghai Zhu discovered that the QEMU model of the RTL8139 network
card did not sufficiently validate inputs in the C+ mode offload
emulation, allowing a malicious guest to read uninitialized memory
from the QEMU process's heap.

CVE-2015-5745

A buffer overflow vulnerability was discovered in the way QEMU
handles the virtio-serial device. A malicious guest could use this
flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u9.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3350-1] bind9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3350-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 02, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2015-5722

Hanno Boeck discovered that incorrect validation of DNSSEC-signed records
in the Bind DNS server could result in denial of service.

Updates for the oldstable distribution (wheezy) will be released shortly.

For the stable distribution (jessie), this problem has been fixed in
version 9.9.5.dfsg-9+deb8u3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/