The security updates of iceweasel, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and imagemagick.   Vulnerability Information DSA-3559-1 iceweasel — Security Updates Security database details: Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.   DSA-3568-1 libtasn1-6 — Security Updates Security database details: CVE-2016-4008: Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause ...Read more

The security updates of openssl and libpam-sshauth.   Vulnerability Information DSA-3566-1 openssl–Security Updates Security database details: CVE-2016-2105: Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106: Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107: Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an ...Read more

The security updates of imlib2 and libgd2.   Vulnerability Information DSA-3555-1 imlib2 --Security Updates Security database details: CVE-2011-5326 : Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771: It was discovered that an integer overflow could lead to invalid memory reads and unreasonably large memory allocations. CVE-2016-3993: Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. CVE-2016-3994: Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in ...Read more

The security updates of samba, chromium-browser and openssh.   Vulnerability Information DSA-3548-1 samba— Security Update Security database details: CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same ...Read more

The security updates of roundcube, mercurial and oar.   Vulnerability Information DSA-3541-1 roundcube— Security Update Security database details: CVE-2015-8770: High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.   DSA-3542-1 mercurial— Security Update Security database details: Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary ...Read more

The security updates of openvswitch and lhasa.   Vulnerability Overview DSA-3533-1 openvswitch— Security Update Security database information: CVE-2016-2074: A remotely triggerable buffer overflow vulnerability was discovered in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.   DSA-3540-1 lhasa— Security Update Security database information: CVE-2016-2347: An integer underflow was discovered in Lhasa, a lzh archive decompressor, which might result in the execution ...Read more

Sorry, this entry is only available in 中文.

The security vulnerability updates include chromium-browser and expat security updates.   Vulnerability Overview DSA-3531-1 chromium-browser -- security update Security database information: CVE-2016-1646 : An out-of-bounds read issue was discovered in the v8 library. CVE-2016-1647: A use-after-free issue was discovered. CVE-2016-1648: A use-after-free issue was discovered in the handling of extensions. CVE-2016-1649: lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library. CVE-2016-1650: The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33.   DSA-3318-1 expat -- security update Security database information: CVE-2015-1283: Multiple integer overflows have been discovered in ...Read more