Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

[DSA 3095-1] xorg-server security update
[DSA 3097-1] unbound security update



[DSA 3095-1] xorg-server security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3095-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xorg-server
CVE ID : CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094
CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098
CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102

Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.12.4-6+deb7u5.

For the upcoming stable distribution (jessie), these problems will be
fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.16.2.901-1.

We recommend that you upgrade your xorg-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3097-1] unbound security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3097-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
December 10, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : unbound
CVE ID : CVE-2014-8602
Debian Bug : 772622

Florian Maury from ANSSI discovered that unbound, a validating,
recursive, and caching DNS resolver, was prone to a denial of service
vulnerability. An attacker crafting a malicious zone and able to emit
(or make emit) queries to the server can trick the resolver into
following an endless series of delegations, leading to ressource
exhaustion and huge network usage.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.17-3+deb7u2.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 1.4.22-3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.22-3.

We recommend that you upgrade your unbound packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/