The security updates of rabbitmq-server, tiff, pdns, mapserver, libphp-swiftmailer, libxpm, openssl, lcms2, tcpdump, libgd2, wordpress, ntfs-3g, svgsalamander, viewvc, libevent, spice, libreoffice, munin, bind9, apache2, mupdf, libquicktime, ruby-zip, zabbix, texlive-base, icoutils, chromium-browser, wireshark, ioquake3, r-base, audiofile, wordpress, jbig2dec, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, gstreamer1.0, eject, jhead, tryton-server, libreoffice, mysql-connector-java. Vulnerability Information DSA-3761-1 rabbitmq-server —Security Updates Security database details: It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn't correctly validate MQTT (MQ Telemetry Transport) connection authentication. This allowed anyone to login to an existing user account without having to provide a password. DSA-3762-1 tiff —Security Updates Security database details: Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. DSA-3764-1 pdns —Security Updates Security ...Read more
Samba Security Updates (DSA 3860-1)
Vulnerability Overview DSA-3860-1 samba -- security update Security database information: CVE-2017-7494:steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. Fixing Status The problems of samba have been fixed in version 2:4.5.8+dfsg-2. Please update to the latest version of deepin to get these patches.
Security Updates(DSA-3717-1 &DSA-3718-1 &DSA-3719-1 &DSA-3723-1 &DSA-3725-1 &DSA-3727-1 &DSA-3731-1 &DSA-3733-1 &DSA-3735-1 &DSA 3736-1 &DSA 3738-1 &DSA 3741-1 &DSA 3742-1 &DSA 3743-1 &DSA 3745-1 &DSA 3746-1 &DSA 3748-1 &DSA 3749-1 &DSA 3750-1 &DSA 3751-1 &DSA 3752-1 &DSA 3753-1 &DSA 3755-1)
The security updates of gst-plugins-bad1.0, drupal7, wireshark, gst-plugins-good1.0, icu, hdf5, chromium-browser, apt, game-music-emu, libupnp, tor, flightgear, python-bottle, squid3, graphicsmagick, libcrypto++, dcmtk, libphp-phpmailer, libgd2, pcsc-lite, libvncserver and tomcat8. Vulnerability Information DSA-3717-1 gst-plugins-bad1.0, gst-plugins-bad0.10 —Security Updates Security database details: Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. DSA-3718-1 drupal7 — Security Updates Security database details: Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005 DSA-3719-1 wireshark — Security Updates Security database details: It was discovered that wireshark, a ...Read more
Security Updates (DSA-3608-1, DSA-3609-1, DSA-3611-1, DSA-3613-1, DSA-3614-1, DSA-3615-1, DSA-3617-1, DSA-3619-1, DSA-3620-1, DSA-3625-1, DSA-3626-1, DSA-3627-1, DSA-3629-1, DSA-3630-1, DSA-3631-1, DSA-3632-1, DSA-3636-1)
The security updates of libreoffice, tomcat8, libcommons-fileupload-java, libvirt, tomcat7, wireshark, horizon, libgd2, pidgin, squid3, openssh, phpmyadmin, ntp, libgd2, php5, mariadb-10.0 and collctd. Vulnerability Information DSA-3608-1 libreoffice — Security Updates Security database details: Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. DSA-3609-1 tomcat8 — Security Updates Security database details: Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. ...Read more
(中文) 安全更新(DSA-3591-1 &DSA-3592-1 &DSA-3594-1 &DSA-3595-1 &DSA-3597-1 &DSA-3598-1 &DSA-3599-1 &DSA-3600-1 &DSA-3601-1 &DSA-3604-1 &DSA-3606-1)
Sorry, this entry is only available in 中文.
Security Updates (DSA-3585-1 &DSA-3586-1 &DSA-3587-1 &DSA-3588-1)
The security updates of wireshark, atheme-services, libgd2 and symfony. Vulnerability Information DSA-3585-1 wireshark — security update Security database details: Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. DSA-3586-1 atheme-services — security update Security database details: It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service. DSA-3587-1 libgd2 — security update Security database details: Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker ...Read more
Security Updates (DSA-3559-1, DSA-3568-1, DSA-3570-1, DSA-3571-1, DSA-3577-1, DSA-3578-1, DSA-3579-1 and DSA-3580-1)
The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick. Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause ...Read more
Security Updates (DSA-3566-1 &DSA-3567-1)
The security updates of openssl and libpam-sshauth. Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an ...Read more
Security Updates(DSA-3555-1 &DSA-3556-1)
The security updates of imlib2 and libgd2. Vulnerability Information DSA-3555-1 imlib2 --Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in ...Read more
Security Updates(DSA-3548-1 &DSA-3549-1 &DSA-3550-1)
The security updates of samba, chromium-browser and openssh. Vulnerability Information DSA-3548-1 samba— Security Update Security database details: CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same ...Read more