Security Updates (DSA 3761-1 &DSA 3762-1 &DSA 3764-1… &DSA 3840-1)

Security Updates (DSA 3761-1 &DSA 3762-1 &DSA 3764-1… &DSA 3840-1)

The security updates of rabbitmq-server, tiff, pdns, mapserver, libphp-swiftmailer, libxpm, openssl, lcms2, tcpdump, libgd2, wordpress, ntfs-3g, svgsalamander, viewvc, libevent, spice, libreoffice, munin, bind9, apache2, mupdf, libquicktime, ruby-zip, zabbix, texlive-base, icoutils, chromium-browser, wireshark, ioquake3, r-base, audiofile, wordpress, jbig2dec, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, gstreamer1.0, eject, jhead, tryton-server, libreoffice, mysql-connector-java. Vulnerability Information DSA-3761-1 rabbitmq-server —Security Updates Security database details: It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn’t correctly validate MQTT (MQ Telemetry Transport) connection authentication. This allowed anyone to login to an existing user account without having to provide a password.   DSA-3762-1 tiff —Security Updates Security database details: Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code.   DSA-3764-1 pdns —Security Updates Security …Read more

Samba Security Updates (DSA 3860-1)

Samba Security Updates (DSA 3860-1)

Vulnerability Overview DSA-3860-1 samba — security update Security database information: CVE-2017-7494:steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.   Fixing Status The problems of samba have been fixed in version 2:4.5.8+dfsg-2. Please update to the latest version of deepin to get these patches.

Security Updates(DSA-3717-1 &DSA-3718-1 &DSA-3719-1 &DSA-3723-1 &DSA-3725-1 &DSA-3727-1 &DSA-3731-1 &DSA-3733-1 &DSA-3735-1 &DSA 3736-1 &DSA 3738-1 &DSA 3741-1 &DSA 3742-1 &DSA 3743-1 &DSA 3745-1 &DSA 3746-1 &DSA 3748-1 &DSA 3749-1 &DSA 3750-1 &DSA 3751-1 &DSA 3752-1 &DSA 3753-1 &DSA 3755-1)

The security updates of gst-plugins-bad1.0, drupal7, wireshark, gst-plugins-good1.0, icu, hdf5, chromium-browser, apt, game-music-emu, libupnp, tor, flightgear, python-bottle, squid3, graphicsmagick, libcrypto++, dcmtk, libphp-phpmailer, libgd2, pcsc-lite, libvncserver and tomcat8. Vulnerability Information DSA-3717-1 gst-plugins-bad1.0, gst-plugins-bad0.10 —Security Updates Security database details: Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code.   DSA-3718-1 drupal7 — Security Updates Security database details: Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005   DSA-3719-1 wireshark — Security Updates Security database details: It was discovered that wireshark, a …Read more

Security Updates (DSA-3608-1, DSA-3609-1, DSA-3611-1, DSA-3613-1, DSA-3614-1, DSA-3615-1, DSA-3617-1, DSA-3619-1, DSA-3620-1, DSA-3625-1, DSA-3626-1, DSA-3627-1, DSA-3629-1, DSA-3630-1, DSA-3631-1, DSA-3632-1, DSA-3636-1)

The security updates of libreoffice, tomcat8, libcommons-fileupload-java, libvirt, tomcat7, wireshark, horizon, libgd2, pidgin, squid3, openssh, phpmyadmin, ntp, libgd2, php5, mariadb-10.0 and collctd.   Vulnerability Information DSA-3608-1 libreoffice — Security Updates Security database details: Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.   DSA-3609-1 tomcat8 — Security Updates Security database details: Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. …Read more

Security Updates (DSA-3585-1 &DSA-3586-1 &DSA-3587-1 &DSA-3588-1)

Security Updates (DSA-3585-1 &DSA-3586-1 &DSA-3587-1 &DSA-3588-1)

The security updates of wireshark, atheme-services, libgd2 and symfony.   Vulnerability Information DSA-3585-1 wireshark — security update Security database details: Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.   DSA-3586-1 atheme-services — security update Security database details: It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.   DSA-3587-1 libgd2 — security update Security database details: Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker …Read more

Security Updates (DSA-3559-1, DSA-3568-1, DSA-3570-1, DSA-3571-1, DSA-3577-1, DSA-3578-1, DSA-3579-1 and DSA-3580-1)

Security Updates (DSA-3559-1, DSA-3568-1, DSA-3570-1, DSA-3571-1, DSA-3577-1, DSA-3578-1, DSA-3579-1 and DSA-3580-1)

The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick.   Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.   DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause …Read more

Security Updates (DSA-3566-1 &DSA-3567-1)

Security Updates (DSA-3566-1 &DSA-3567-1)

The security updates of openssl and libpam-sshauth.   Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an …Read more

Security Updates(DSA-3555-1 &DSA-3556-1)

Security Updates(DSA-3555-1 &DSA-3556-1)

The security updates of imlib2 and libgd2.   Vulnerability Information DSA-3555-1 imlib2 –Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2×1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in …Read more