Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being …Read more
Updated PulseAudio to Version 10.0 Supported more hardware, now AirPlay hardware supported; Newly inserted USB sound card or connected Bluetooth device, the system will give priority to selecting them as the default without manual settings by users; Improved memory function for hot-swap device configuration; Supported GNU Hurd kernel; Supported 32-bit applications on 64-bit system in padsp. Fixed System and Application Bugs Deep Security Update Fix Bluetooth Protocol Critical Vulnerability BlueBorne (CVE-2017-1000250); Synaptics configuration file back to the previous version, to solve part of the specific model of touchpad can not be use; Update Firefox, Chrome, Opera corresponding Flash plug-in package …Read more
Updated flatpak to Version 0.9.7-1 Added a new API to the symbol file; Added the required libostree and bubblewrap versions; Security fixed to block some inappropriate file deployment permissions; Added libglib2.0-doc and libostree-doc to Build-Depends-Indep, so that libflatpak-doc can cross-reference these documents; Added a patch to do a more thorough isolation test for $ HOME. Fixed System and Application Bugs Fixed the issue that incorrect display of sogou input method icon caused by flatpak; Fixed the issue that network can not be connected caused by network-manager; Fixed the translation issue in Deepin Image Viewer; Fxied the issue that alibaba trademanager is expired and can not be updated.
System updates Synaptics configuration file updates, mainly to solve the touchpad Shiatsu and palm pressure problems, improve the touchpad experience. Network-manager update from 1.2.4 update to 1.8.2, the specific change log please refer to https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.8.2. Wechat fix the bug with black blocks on the desktop. Deepin Terminal is updated to version 2.6, see https://www.deepin.org/2017/09/08/deepin-terminal-v2-6-0-is-released/.
The security updates of bind9, samba, evince, heimdal, apache2, catdoc and openjdk-8. Vulnerability Information DSA-3904-1 bind9 —Security Updates Security database details: Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection …Read more
The security updates of Bad Taste (gnome-exe-thumbnailer). Vulnerability Information CVE-2017-11421 —Security Updates Security database details: gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the “Bad Taste” issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. Fixing Status gnome-exe-thumbnailer security vulnerabilities have been fixed in deepin 15.4.1 updates（20170727）. We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.
The security updates of openvpn、tiff、undertow and Linux Kernel. Vulnerability Information DSA-3900-1 openvpn —Security Updates Security database details: Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479: It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-7508: Guido Vranken discovered that openvpn did not properly handle specific malformed IPv6 packets. This would allow a remote attacker to cause a denial-of-service via application crash. CVE-2017-7520: Guido Vranken discovered that openvpn did not properly handle clients connecting to an HTTP proxy …Read more
The security updates of systemd and linux kernal. Vulnerability Information CVE-2017-9445 —Security Updates Security database details: In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that’s too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it. CVE-2017-8890 —Security Updates Security database details: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) …Read more