Debian 9858 Published by

Three new updates are available for Debian GNU/Linux:

[DLA 52-1] ia32-libs security update
[DSA 3023-1] bind9 security update
[DSA 3024-1] gnupg security update



[DLA 52-1] ia32-libs security update

Package : ia32-libs, ia32-libs-gtk
Version : 20140911

The ia32-libs and ia32-libs-gtk packages contain 32 bit versions of various
libraries for use on 64 bit systems. This update rolls in all security
fixes made to these libraries since the start of Squeeze LTS.

[DSA 3023-1] bind9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3023-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
September 11, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2014-0591
Debian Bug : 735190

Jared Mauch reported a denial of service flaw in the way BIND, a DNS
server, handled queries for NSEC3-signed zones. A remote attacker could
use this flaw against an authoritative name server that served
NCES3-signed zones by sending a specially crafted query, which, when
processed, would cause named to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu2+deb7u2.

For the testing distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 1:9.9.5.dfsg-2.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3024-1] gnupg security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3024-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 11, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2014-5270
Debian Bug : 725411

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal
encryption subkeys (CVE-2014-5270).

In addition, this update hardens GnuPG's behaviour when treating
keyserver responses; GnuPG now filters keyserver responses to only
accepts those keyid's actually requested by the user.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.12-7+deb7u6.

For the testing (jessie) and unstable distribution (sid), this
problem has been fixed in version 1.4.18-4.

We recommend that you upgrade your gnupg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/