Debian 9858 Published by

The following updates has been released for Debian 6 LTS:

[DLA 111-1] cpio security update
[DLA 112-1] bind9 security update



[DLA 111-1] cpio security update

Package : cpio
Version : 2.11-4+deb6u1
CVE ID : CVE-2014-9112
Debian Bug : 772793

Multiple issues have been identified in cpio, including a buffer overflow
and multiple NULL pointer dereference, resulting at least in a denial of
service and possibly also in an unwanted code execution.

This has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by
applying the upstream patches.

[DLA 112-1] bind9 security update

Package : bind9
Version : 9.7.3.dfsg-1~squeeze13
CVE ID : CVE-2014-8500
Debian Bug : 772610

This update fixes a denial of service vulnerability in BIND, a DNS server.

By making use of maliciously-constructed zones or a rogue server, an attacker
could exploit an oversight in the code BIND 9 used to follow delegations in
the Domain Name Service, causing BIND to issue unlimited queries in an attempt
to follow the delegation.

This can lead to resource exhaustion and denial of service (up to and
including termination of the named server process).