Security Updates (DSA-3559-1, DSA-3568-1, DSA-3570-1, DSA-3571-1, DSA-3577-1, DSA-3578-1, DSA-3579-1 and DSA-3580-1)

Security Updates (DSA-3559-1, DSA-3568-1, DSA-3570-1, DSA-3571-1, DSA-3577-1, DSA-3578-1, DSA-3579-1 and DSA-3580-1)

The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick.   Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.   DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause ...Read more

Update Record Of Applications In Deepin Store (2016-05)

Update Record Of Applications In Deepin Store (2016-05)

Update Details of May 26 Application Added: Haguichi, Xnp2, Mendeley, Indivisible, Soundnode App, Flail Rider, XnConvert, SmartSynchronize, SmartCVS   Scrolling Pictures Updated:: Transmission, DraftSight, Flail Rider, Stunt Rally, Beyond Compare   Popular Recommendation Updated: Shutter, Bitfighter, Vivaldi, Nexuiz, Gaupol, Soundnode App   Update Details of May 17 Application Added: Bitfighter, Stunt Rally, Snes9x, RetroArch, LightZone, Midori, PdfMod, RedNotebook, Scilab   Cover Updated: AisleRiot, Code::Blocks, gedit, Gnote, GParted, Hedgewars, LyX, Terminator, GNU TeXmacs, Texmaker, Xchat, Font Viewer   Hot Topic Updated: Let us brainstorm: Web MindMup, Web mindmaps, XMind, Android Easy Mind Map, VYM, Web Gliffy Diagrams   Update Details of May ...Read more

Security Updates (DSA-3566-1 &DSA-3567-1)

Security Updates (DSA-3566-1 &DSA-3567-1)

The security updates of openssl and libpam-sshauth.   Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an ...Read more

Security Updates(DSA-3555-1 &DSA-3556-1)

Security Updates(DSA-3555-1 &DSA-3556-1)

The security updates of imlib2 and libgd2.   Vulnerability Information DSA-3555-1 imlib2 --Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in ...Read more

Security Updates(DSA-3548-1 &DSA-3549-1 &DSA-3550-1)

The security updates of samba, chromium-browser and openssh.   Vulnerability Information DSA-3548-1 samba— Security Update Security database details: CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same ...Read more

Security Updates (DSA-3533-1 & DSA-3540-1)

The security updates of openvswitch and lhasa.   Vulnerability Overview DSA-3533-1 openvswitch— Security Update Security database information: CVE-2016-2074: A remotely triggerable buffer overflow vulnerability was discovered in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.   DSA-3540-1 lhasa— Security Update Security database information: CVE-2016-2347: An integer underflow was discovered in Lhasa, a lzh archive decompressor, which might result in the execution ...Read more

Security Updates (DSA-3531-1 and DSA-3318-1)

Security Updates (DSA-3531-1 and DSA-3318-1)

The security vulnerability updates include chromium-browser and expat security updates.   Vulnerability Overview DSA-3531-1 chromium-browser -- security update Security database information: CVE-2016-1646 : An out-of-bounds read issue was discovered in the v8 library. CVE-2016-1647: A use-after-free issue was discovered. CVE-2016-1648: A use-after-free issue was discovered in the handling of extensions. CVE-2016-1649: lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library. CVE-2016-1650: The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33.   DSA-3318-1 expat -- security update Security database information: CVE-2015-1283: Multiple integer overflows have been discovered in ...Read more

Update Record Of Applications In Deepin Store (2016-03)

Update Record Of Applications In Deepin Store (2016-03)

Update Details of March 25 Application Added: FrostWire、Kodi、Android Cookpad、Android A Soft Murmur、Android Instagram   Update Details of March 18 Application Added: Foxit Reader, Cinelerra, Shotcut, SmartGit, Web KCals, Web Rune Raiders, Web BrowserQuest, Web Gravit, Web Outlook, Web Minefield, Android Plants.Vs.Zombie   Update Details of March 11 Application Added: Urban Terror, Magarena, Unvanquished, Zero Ballistics, KeePassX, Web AirDroid, Web mindmaps, Web Wunderlist   Application Removed: Web rainfor.me   Update Details of March 4 Scrolling Pictures Updated: Spotify, SuperTuxKart, Teeworlds, XnView MP, MineCraft   Application Added: Visual Studio Code,Telegram, OpenRA, TagSpaces, Web The West, Web Kingdom Rush Frontiers, Web Hextris, Web Soldiers Inc, Web Shadow Kings, ...Read more

Security Update (CVE-2015-7547)

Security Update (CVE-2015-7547)

The security personnel found that there is a serious security vulnerability in GNU C Library (glibc) , which can lead Linux software to be hijacked by an attacker, and then execute arbitrary code on the Linux platform to get the password, monitor users and even control the computer (CVE number is CVE-2015 -7547).   Effect glibc is the libc library released by GNU, namely c runtime library. It is the lowest level API in Linux system, nearly other runtime libraries will depend on glibc. And glibc is used in many Linux distributions, so these vulnerabilities affect widely.   Vulnerability Overview ...Read more