The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick. Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause ...Read more
Update Record Of Applications In Deepin Store (2016-05)
Update Details of May 26 Application Added: Haguichi, Xnp2, Mendeley, Indivisible, Soundnode App, Flail Rider, XnConvert, SmartSynchronize, SmartCVS Scrolling Pictures Updated:: Transmission, DraftSight, Flail Rider, Stunt Rally, Beyond Compare Popular Recommendation Updated: Shutter, Bitfighter, Vivaldi, Nexuiz, Gaupol, Soundnode App Update Details of May 17 Application Added: Bitfighter, Stunt Rally, Snes9x, RetroArch, LightZone, Midori, PdfMod, RedNotebook, Scilab Cover Updated: AisleRiot, Code::Blocks, gedit, Gnote, GParted, Hedgewars, LyX, Terminator, GNU TeXmacs, Texmaker, Xchat, Font Viewer Hot Topic Updated: Let us brainstorm: Web MindMup, Web mindmaps, XMind, Android Easy Mind Map, VYM, Web Gliffy Diagrams Update Details of May ...Read more
Security Updates (DSA-3566-1 &DSA-3567-1)
The security updates of openssl and libpam-sshauth. Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an ...Read more
Security Updates(DSA-3555-1 &DSA-3556-1)
The security updates of imlib2 and libgd2. Vulnerability Information DSA-3555-1 imlib2 --Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in ...Read more
Security Updates(DSA-3548-1 &DSA-3549-1 &DSA-3550-1)
The security updates of samba, chromium-browser and openssh. Vulnerability Information DSA-3548-1 samba— Security Update Security database details: CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same ...Read more
Update Record Of Applications In Deepin Store (2016-04)
Update Details of April 25 Application Added: Four in a Row,AssaultCube,Quadrapassel,PhotoQt,MEGA,CPU-G,LuckyBackup,CopyQ,Beyond Compare,FF Multi Converter,I-Nex,Conky,Gambas Update Details of April 18 Application Added: Komodo IDE, Open Broadcaster Software, Room Arrange, Natron, Desura, Synergy, CrossFTP, Draftsight, Minetest, Vokoscreen, Speed Dreams, Google Earth, Vk Audio Saver, Pithons, Lightworks Update Details of April 12 Scrolling Pictures Updated: UGet, OpenShot, Hedgewars, f.lux, Visual Studio Code Application Added: Vivaldi, Sweet Home 3D, FlareGet, Messenger for Desktop, Corebird, Viber, ICQ, iptux, IntelliJ IDEA Community, Android issuu, Android Break Bricks Update Details of April 4 Application Added: Android Angry birds, Foobnix, f.lux, VMware Workstation, xMEdit Application Updated: Mozilla Firefox, Blender,Transmission Hot Topic Updated: Find everything in book: Foxit Reader, Calibre, Okular, Comix, Master PDE Editor, Evince ...Read more
Security Updates(DSA-3541-1 &DSA-3542-1 &DSA-3543-1)
The security updates of roundcube, mercurial and oar. Vulnerability Information DSA-3541-1 roundcube— Security Update Security database details: CVE-2015-8770: High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code. DSA-3542-1 mercurial— Security Update Security database details: Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary ...Read more
Security Updates (DSA-3533-1 & DSA-3540-1)
The security updates of openvswitch and lhasa. Vulnerability Overview DSA-3533-1 openvswitch— Security Update Security database information: CVE-2016-2074: A remotely triggerable buffer overflow vulnerability was discovered in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code. DSA-3540-1 lhasa— Security Update Security database information: CVE-2016-2347: An integer underflow was discovered in Lhasa, a lzh archive decompressor, which might result in the execution ...Read more
Security Updates (DSA-3531-1 and DSA-3318-1)
The security vulnerability updates include chromium-browser and expat security updates. Vulnerability Overview DSA-3531-1 chromium-browser -- security update Security database information: CVE-2016-1646 : An out-of-bounds read issue was discovered in the v8 library. CVE-2016-1647: A use-after-free issue was discovered. CVE-2016-1648: A use-after-free issue was discovered in the handling of extensions. CVE-2016-1649: lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library. CVE-2016-1650: The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33. DSA-3318-1 expat -- security update Security database information: CVE-2015-1283: Multiple integer overflows have been discovered in ...Read more