The security updates of gst-plugins-bad1.0, drupal7, wireshark, gst-plugins-good1.0, icu, hdf5, chromium-browser, apt, game-music-emu, libupnp, tor, flightgear, python-bottle, squid3, graphicsmagick, libcrypto++, dcmtk, libphp-phpmailer, libgd2, pcsc-lite, libvncserver and tomcat8.
Vulnerability Information
DSA-3717-1 gst-plugins-bad1.0, gst-plugins-bad0.10 —Security Updates
Security database details:
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code.
DSA-3718-1 drupal7 — Security Updates
Security database details:
Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005
DSA-3719-1 wireshark — Security Updates
Security database details:
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.
DSA-3723-1 gst-plugins-good1.0 — Security Updates
Security database details:
Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html
DSA-3725-1 icu —Security Updates
Security database details:
Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.
- CVE-2014-9911: Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted text.
- CVE-2015-2632: An integer overflow vulnerability might lead into a denial of service or disclosure of portion of application memory if an attacker has control on the input file.
- CVE-2015-4844: Buffer overflow vulnerabilities might allow an attacker with control on the font file to perform a denial of service or, possibly, execute arbitrary code.
- CVE-2016-0494: Integer signedness issues were introduced as part of the CVE-2015-4844 fix.
- CVE-2016-6293: A buffer overflow might allow an attacker to perform a denial of service or disclosure of portion of application memory.
- CVE-2016-7415: A stack-based buffer overflow might allow an attacker with control on the locale string to perform a denial of service and, possibly, execute arbitrary code.
DSA-3727-1 hdf5 —Security Updates
Security database details:
Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data.
DSA-3731-1 chromium-browser — Security Updates
Security database details:
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2016-5181: A cross-site scripting issue was discovered.
- CVE-2016-5182: Giwan Go discovered a heap overflow issue.
- CVE-2016-5183: A use-after-free issue was discovered in the pdfium library.
- CVE-2016-5184: Another use-after-free issue was discovered in the pdfium library.
- CVE-2016-5185: cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
- CVE-2016-5186: Abdulrahman Alqabandi discovered an out-of-bounds read issue in the developer tools.
- CVE-2016-5187: Luan Herrera discovered a URL spoofing issue.
- CVE-2016-5188: Luan Herrera discovered that some drop down menus can be used to hide parts of the user interface.
- CVE-2016-5189: xisigr discovered a URL spoofing issue.
- CVE-2016-5190: Atte Kettunen discovered a use-after-free issue.
- CVE-2016-5191: Gareth Hughes discovered a cross-site scripting issue.
- CVE-2016-5192: haojunhou@gmail.com discovered a same-origin bypass.
- CVE-2016-5193: Yuyang Zhou discovered a way to pop open a new window.
- CVE-2016-5194: The chrome development team found and fixed various issues during internal auditing.
- CVE-2016-5198: Tencent Keen Security Lab discovered an out-of-bounds memory access issue in the v8 javascript library.
- CVE-2016-5199: A heap corruption issue was discovered in the ffmpeg library.
- CVE-2016-5200: Choongwoo Han discovered an out-of-bounds memory access issue in the v8 javascript library.
- CVE-2016-5201: Rob Wu discovered an information leak.
- CVE-2016-5202: The chrome development team found and fixed various issues during internal auditing.
- CVE-2016-5203: A use-after-free issue was discovered in the pdfium library.
- CVE-2016-5204: Mariusz Mlynski discovered a cross-site scripting issue in SVG image handling.
- CVE-2016-5205: A cross-site scripting issue was discovered.
- CVE-2016-5206: Rob Wu discovered a same-origin bypass in the pdfium library.
- CVE-2016-5207: Mariusz Mlynski discovered a cross-site scripting issue.
- CVE-2016-5208: Mariusz Mlynski discovered another cross-site scripting issue.
- CVE-2016-5209: Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.
- CVE-2016-5210: Ke Liu discovered an out-of-bounds write in the pdfium library.
- CVE-2016-5211: A use-after-free issue was discovered in the pdfium library.
- CVE-2016-5212: Khalil Zhani discovered an information disclosure issue in the developer tools.
- CVE-2016-5213: Khalil Zhani discovered a use-after-free issue in the v8 javascript library.
- CVE-2016-5214: Jonathan Birch discovered a file download protection bypass.
- CVE-2016-5215: Looben Yang discovered a use-after-free issue.
- CVE-2016-5216: A use-after-free issue was discovered in the pdfium library.
- CVE-2016-5217: Rob Wu discovered a condition where data was not validated by the pdfium library.
- CVE-2016-5218: Abdulrahman Alqabandi discovered a URL spoofing issue.
- CVE-2016-5219: Rob Wu discovered a use-after-free issue in the v8 javascript library.
- CVE-2016-5220: Rob Wu discovered a way to access files on the local system.
- CVE-2016-5221: Tim Becker discovered an integer overflow issue in the angle library.
- CVE-2016-5222: xisigr discovered a URL spoofing issue.
- CVE-2016-5223: Hwiwon Lee discovered an integer overflow issue in the pdfium library.
- CVE-2016-5224: Roeland Krak discovered a same-origin bypass in SVG image handling.
- CVE-2016-5225: Scott Helme discovered a Content Security Protection bypass.
- CVE-2016-5226: Jun Kokatsu discovered a cross-scripting issue.
- CVE-2016-9650: Jakub Żoczek discovered a Content Security Protection information disclosure.
- CVE-2016-9651: Guang Gong discovered a way to access private data in the v8 javascript library.
- CVE-2016-9652: The chrome development team found and fixed various issues during internal auditing.
DSA-3733-1 apt — Security Updates
Security database details:
Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files (clearsigned Release files), can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.
DSA-3735-1 game-music-emu — Security Updates
Security database details:
Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened. Further information can be found at http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
DSA-3736-1 libupnp — Security Updates
Security database details:
Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices.
- CVE-2016-6255: Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application.CVE-2016-8863: Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution.
DSA-3741-1 tor — Security Updates
Security database details:
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.
DSA-3742-1 flightgear — Security Updates
Security database details:
It was discovered that the Flight Gear flight simulator performs insufficient sanitising of Nasal scripts which allows a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear.
DSA-3743-1 python-bottle — Security Updates
Security database details:
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.
DSA-3745-1 squid3 — Security Updates
Security database details:
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can take advantage of this flaw to discover private and sensitive information about another clients browsing session.
DSA-3746-1 graphicsmagick — Security Updates
Security database details:
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution.
This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based shell exploits for fixing the CVE-2016-3714 vulnerability.
The undocumented TMP magick prefix no longer removes the argument file after it has been read for fixing the CVE-2016-3715 vulnerability. Since the TMP feature was originally implemented, GraphicsMagick added a temporary file management subsystem which assures that temporary files are removed so this feature is not needed.
Remove support for reading input from a shell command, or writing output to a shell command, by prefixing the specified filename (containing the command) with a '|' for fixing the CVE-2016-5118 vulnerability.
DSA-3748-1 libcrypto++— Security Updates
Security database details:
Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a C++ cryptographic library, contained a bug in several ASN.1 parsing routines. This would allow an attacker to remotely cause a denial of service.
DSA-3749-1 dcmtk— Security Updates
Security database details:
Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection of libraries implementing the DICOM standard, did not properly handle the size of data received from the network. This could lead to denial-of-service (via application crash) or arbitrary code execution.
DSA-3750-1 libphp-phpmailer— Security Updates
Security database details:
Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.
DSA-3751-1 libgd2— Security Updates
Security database details:
A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.
DSA-3752-1 pcsc-lite— Security Updates
Security database details:
Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation.
DSA-3753-1 libvncserver— Security Updates
Security database details:
It was discovered that libvncserver, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially execute arbitrary code on the client side.
DSA-3755-1 tomcat8— Security Updates
Security database details:
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure.
Fixing Status
gst-plugins-bad1.0 security vulnerabilities have been fixed in version 1.10.1-1; drupal7 security vulnerabilities have been fixed in version 7.52-1;wireshark security vulnerabilities have been fixed in version 2.2.2+g9c5aae3-1,gst-plugins-good1.0 security vulnerabilities have been fixed in version 1.10.1-2,icu security vulnerabilities have been fixed in version 57.1-5,hdf5 security vulnerabilities have been fixed in version 1.10.0-patch1+docs-1,chromium-browser security vulnerabilities have been fixed in version 55.0.2883.75-1,apt security vulnerabilities have been fixed in version 1.4~beta2,game-music-emu security vulnerabilities have been fixed in version 0.6.0-4,libupnp security vulnerabilities have been fixed in version 1:1.6.19+git20160116-1.2,tor security vulnerabilities have been fixed in version 0.2.9.8-2,flightgear security vulnerabilities have been fixed in version 1:2016.4.3+dfsg-1,python-bottle security vulnerabilities have been fixed in version 0.12.11-1,squid3 security vulnerabilities have been fixed in version 3.5.23-1,graphicsmagick security vulnerabilities have been fixed in version 1.3.25-6,libcrypto++ security vulnerabilities have been fixed in version 5.6.4-5,dcmtk security vulnerabilities have been fixed in version 3.6.1~20160216-2,libphp-phpmailer security vulnerabilities have been fixed in version 5.2.14+dfsg-2.1,libgd2 security vulnerabilities have been fixed in version 2.2.2-29-g3c2b605-1,pcsc-lite security vulnerabilities have been fixed in version 1.8.20-1,libvncserver security vulnerabilities have been fixed in version 0.9.11+dfsg-1,tomcat8 security vulnerabilities have been fixed in version 8.5.9-1.
We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.
建议完善系统版本号,系统上能看到详细版本号,官网提供对应的版本信息能够和系统完全对应,方便用户详细了解自己部署的版本。