deepin Security Updates (DSA 3904-2 &DSA 3909-1 &DSA 3911-1& …&DSA 3919-1)

deepin Security Updates (DSA 3904-2 &DSA 3909-1 &DSA 3911-1& …&DSA 3919-1)

The security updates of bind9, samba, evince, heimdal, apache2, catdoc and openjdk-8. Vulnerability Information DSA-3904-1 bind9 —Security Updates Security database details: Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection …Read more

Deepin Security Update——Urgently Fixed Bad Taste Security vulnerability CVE-2017-11421 in GNOME Files

Deepin Security Update——Urgently Fixed Bad Taste Security vulnerability CVE-2017-11421 in GNOME Files

The security updates of Bad Taste (gnome-exe-thumbnailer).   Vulnerability Information CVE-2017-11421 —Security Updates Security database details: gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the “Bad Taste” issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.   Fixing Status gnome-exe-thumbnailer security vulnerabilities have been fixed in deepin 15.4.1 updates(20170727). We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.

deepin Security Updates (DSA 3900-1 &DSA 3903-1 &DSA 3906-1& CVE-2017-1000370, CVE-2017-1000371)

deepin Security Updates (DSA 3900-1 &DSA 3903-1 &DSA 3906-1& CVE-2017-1000370, CVE-2017-1000371)

The security updates of openvpn、tiff、undertow and Linux Kernel. Vulnerability Information DSA-3900-1 openvpn —Security Updates Security database details: Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479: It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-7508: Guido Vranken discovered that openvpn did not properly handle specific malformed IPv6 packets. This would allow a remote attacker to cause a denial-of-service via application crash. CVE-2017-7520: Guido Vranken discovered that openvpn did not properly handle clients connecting to an HTTP proxy …Read more

deepin Security Updates (CVE-2017-8890 &CVE-2017-9445)

deepin Security Updates (CVE-2017-8890 &CVE-2017-9445)

The security updates of systemd and linux kernal. Vulnerability Information CVE-2017-9445 —Security Updates Security database details: In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that’s too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it.   CVE-2017-8890 —Security Updates Security database details: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) …Read more

Security Updates (DSA 3890-1 &DSA 3891-1 &DSA 3893-1 &DSA 3895-1&DSA 3896-1 &DSA 3898-1)

Security Updates (DSA 3890-1 &DSA 3891-1 &DSA 3893-1 &DSA 3895-1&DSA 3896-1 &DSA 3898-1)

The security updates of spip, tomcat8, jython, flatpak, apache2 and expat. Vulnerability Information DSA-3890-1 spip — Security Updates Security database details: Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.   DSA-3891-1 tomcat8 — Security Updates Security database details: Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request’s HTTP method to serve content, instead of systematically using the GET method. This could under certain …Read more

Security Updates(DSA 3786-1 &DSA 3799-1 &DSA 3808-1… &DSA 3885-1)

Security Updates(DSA 3786-1 &DSA 3799-1 &DSA 3808-1… &DSA 3885-1)

The security updates of vim, imagemagick, imagemagick, icu, firefox-esr, weechat, ghostscript, libxstream-java, tomcat7, tomcat8, tiff, libtirpc, libytnef, xen, git, kde4libs, rtmpdump, bitlbee, bind9, jbig2dec, deluge, mysql-connector-java, puppet, imagemagick, fop, mosquitto, strongswan, sudo, openldap, tnef, wordpress, perl, ettercap, libmwaw, otrs2, tor, zziplib, libosip2, libgcrypt20, firefox-esr, request-tracker4, gnutls28, irssi. Vulnerability Information DSA-3786-1 vim —Security Updates Security database details: Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.   DSA-3799-1 imagemagick —Security Updates Security database details: This …Read more

Security Updates (DSA 3761-1 &DSA 3762-1 &DSA 3764-1… &DSA 3840-1)

Security Updates (DSA 3761-1 &DSA 3762-1 &DSA 3764-1… &DSA 3840-1)

The security updates of rabbitmq-server, tiff, pdns, mapserver, libphp-swiftmailer, libxpm, openssl, lcms2, tcpdump, libgd2, wordpress, ntfs-3g, svgsalamander, viewvc, libevent, spice, libreoffice, munin, bind9, apache2, mupdf, libquicktime, ruby-zip, zabbix, texlive-base, icoutils, chromium-browser, wireshark, ioquake3, r-base, audiofile, wordpress, jbig2dec, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, gstreamer1.0, eject, jhead, tryton-server, libreoffice, mysql-connector-java. Vulnerability Information DSA-3761-1 rabbitmq-server —Security Updates Security database details: It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn’t correctly validate MQTT (MQ Telemetry Transport) connection authentication. This allowed anyone to login to an existing user account without having to provide a password.   DSA-3762-1 tiff —Security Updates Security database details: Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code.   DSA-3764-1 pdns —Security Updates Security …Read more

Samba Security Updates (DSA 3860-1)

Samba Security Updates (DSA 3860-1)

Vulnerability Overview DSA-3860-1 samba — security update Security database information: CVE-2017-7494:steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.   Fixing Status The problems of samba have been fixed in version 2:4.5.8+dfsg-2. Please update to the latest version of deepin to get these patches.