{"id":13301,"date":"2016-10-14T16:44:18","date_gmt":"2016-10-14T08:44:18","guid":{"rendered":"https:\/\/www.deepin.org\/?p=13301"},"modified":"2017-11-27T11:43:28","modified_gmt":"2017-11-27T03:43:28","slug":"security-updates%ef%bc%88dsa-3608-1-dsa-3609-1-dsa-3611-1-dsa-3613-1-dsa-3614-1-dsa-3615-1-dsa-3617-1-dsa-3619-1-dsa-3620-1-dsa-3625-1-dsa-3626-1-dsa-3627-1-dsa-3629-1-dsa-3630-1-dsa-36","status":"publish","type":"post","link":"https:\/\/www.deepin.org\/en\/security-updates%ef%bc%88dsa-3608-1-dsa-3609-1-dsa-3611-1-dsa-3613-1-dsa-3614-1-dsa-3615-1-dsa-3617-1-dsa-3619-1-dsa-3620-1-dsa-3625-1-dsa-3626-1-dsa-3627-1-dsa-3629-1-dsa-3630-1-dsa-36\/","title":{"rendered":"Security Updates (DSA-3608-1, DSA-3609-1, DSA-3611-1, DSA-3613-1, DSA-3614-1, DSA-3615-1, DSA-3617-1, DSA-3619-1, DSA-3620-1, DSA-3625-1, DSA-3626-1, DSA-3627-1, DSA-3629-1, DSA-3630-1, DSA-3631-1, DSA-3632-1, DSA-3636-1)"},"content":{"rendered":"The security updates of\u00a0libreoffice, tomcat8, libcommons-fileupload-java, libvirt, tomcat7, wireshark, horizon, libgd2, pidgin, squid3, openssh, phpmyadmin, ntp, libgd2, php5, mariadb-10.0 and collctd.<\/p>\n<p>&nbsp;<\/p>\n<h2>Vulnerability Information<\/h2>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3608.en.html\" target=\"_blank\">DSA-3608-1 libreoffice<\/a> \u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3609.en.html\" target=\"_blank\">DSA-3609-1 tomcat8<\/a> \u2014 Security Updates<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li>Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3611.en.html\" target=\"_blank\">DSA-3611-1 libcommons-fileupload-java<\/a>\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3613.en.html\" target=\"_blank\">DSA-3613-1 libvirt<\/a>\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to now.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3614.en.html\" target=\"_blank\">DSA-3614-1 tomcat7<\/a>\u2014 Security Updates<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li>Multiple vulnerabilities were discovered in the dissectors\/parsers for PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, NetScreen, WBXML which could result in denial of service or potentially the execution of arbitrary code.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3615.en.html\" target=\"_blank\">DSA-3615-1 wireshark<\/a>\u00a0\u2014 Security Updates<\/strong><\/p>\n<p>Security database details:<br \/>\nMultiple vulnerabilities were discovered in the dissectors\/parsers for PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, NetScreen, WBXML which could result in denial of service or potentially the execution of arbitrary code.<\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3617.en.html\" target=\"_blank\">DSA-3617-1 horizon<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3619.en.html\" target=\"_blank\">DSA-3619-1 libgd2<\/a>\u2002\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3620.en.html\" target=\"_blank\">DSA-3620-1 pidgin<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3625.en.html\" target=\"_blank\">DSA-3625-1 squid3<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<br \/>\nSeveral security issues have been discovered in the Squid caching proxy.<\/p>\n<ul>\n<li>CVE-2016-4051:\u00a0CESG and Yuriy M. Kaminskiy discovered that Squid cachemgr.cgi was vulnerable to a buffer overflow when processing remotely supplied inputs relayed through Squid.<\/li>\n<li>CVE-2016-4052:\u00a0CESG discovered that a buffer overflow made Squid vulnerable to a Denial of Service (DoS) attack when processing ESI responses.<\/li>\n<li>CVE-2016-4053:\u00a0CESG found that Squid was vulnerable to public information disclosure of the server stack layout when processing ESI responses.<\/li>\n<li>CVE-2016-4054:\u00a0CESG discovered that Squid was vulnerable to remote code execution when processing ESI responses.<\/li>\n<li>CVE-2016-4554:\u00a0Jianjun Chen found that Squid was vulnerable to a header smuggling attack that could lead to cache poisoning and to bypass of same-origin security policy in Squid and some client browsers.<\/li>\n<li>CVE-2016-4555, CVE-2016-4556:\u00a0\u201cbfek-18\u2033 and \u201c@vftable\u201d found that Squid was vulnerable to a Denial of Service (DoS) attack when processing ESI responses, due to incorrect pointer handling and reference counting.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3626.en.html\" target=\"_blank\">DSA-3626-1 openssh<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<br \/>\nEddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users passwords are hashed using SHA256\/SHA512, then a remote attacker can take advantage of this flaw by sending large passwords, receiving shorter response times from the server for non-existing users.<\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3627.en.html\" target=\"_blank\">DSA-3627-1 phpmyadmin<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:\u00a0everal vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface.<\/p>\n<ul>\n<li>CVE-2016-1927:\u00a0The suggestPassword function relied on a non-secure random number generator which makes it easier for remote attackers to guess generated passwords via a brute-force approach.<\/li>\n<li>CVE-2016-2039:\u00a0CSRF token values were generated by a non-secure random number generator, which allows remote attackers to bypass intended access restrictions by predicting value.<\/li>\n<li>CVE-2016-2040:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-2041:\u00a0phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.<\/li>\n<li>CVE-2016-2560:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-2561:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-5099:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-5701:\u00a0For installations running on plain HTTP, phpMyAdmin allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.<\/li>\n<li>CVE-2016-5705:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-5706:\u00a0phpMyAdmin allows remote attackers to cause a denial of service (resource consumption) via a large array in the scripts parameter.<\/li>\n<li>CVE-2016-5731:\u00a0A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-5733:\u00a0Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML.<\/li>\n<li>CVE-2016-5739:\u00a0A specially crafted Transformation could leak information which a remote attacker could use to perform cross site request forgeries.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3629.en.html\" target=\"_blank\">DSA-3629-1 ntp<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:\u00a0Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.<\/p>\n<ul>\n<li>CVE-2015-7974:\u00a0Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers.<\/li>\n<li>CVE-2015-7977 \/CVE-2015-7978:\u00a0Stephen Gray discovered that a NULL pointer dereference and a buffer overflow in the handling of ntpdc reslist commands may result in denial of service.<\/li>\n<li>CVE-2015-7979:\u00a0Aanchal Malhotra discovered that if NTP is configured for broadcast mode, an attacker can send malformed authentication packets which break associations with the server for other broadcast clients.<\/li>\n<li>CVE-2015-8138:\u00a0Matthew van Gundy and Jonathan Gardner discovered that missing validation of origin timestamps in ntpd clients may result in denial of service.<\/li>\n<li>CVE-2015-8158:\u00a0Jonathan Gardner discovered that missing input sanitising in ntpq may result in denial of service.<\/li>\n<li>CVE-2016-1547:\u00a0Stephen Gray and Matthew van Gundy discovered that incorrect handling of crypto NAK packets may result in denial of service.<\/li>\n<li>CVE-2016-1548:\u00a0Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients could be forced to change from basic client\/server mode to interleaved symmetric mode, preventing time synchronisation.<\/li>\n<li>CVE-2016-1550:\u00a0Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered that timing leaks in the packet authentication code could result in recovery of a message digest.<\/li>\n<li>CVE-2016-2516:\u00a0Yihan Lian discovered that duplicate IPs on unconfig directives will trigger an assert.<\/li>\n<li>CVE-2016-2518:\u00a0Yihan Lian discovered that an OOB memory access could potentially crash ntpd.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3630.en.html\" target=\"_blank\">DSA-3630-1 libgd2<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc() function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3631.en.html\" target=\"_blank\">DSA-3631-1 php5<\/a>\u00a0\u2014 Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information: https:\/\/php.net\/ChangeLog-5.php#5.6.24<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3632.en.html\" target=\"_blank\">DSA-3632-1 mariadb-10.0<\/a>\u00a0\u2014\u00a0Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details:<br \/>\nhttps:\/\/mariadb.com\/kb\/en\/mariadb\/mariadb-10026-release-notes\/<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3636.en.html\" target=\"_blank\">DSA-3636-1 collectd<\/a>\u00a0\u2014\u00a0Security Updates<\/strong><br \/>\nSecurity database details:<\/p>\n<ul>\n<li>Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Fixing Status<\/h2>\n<p>libreoffice security vulnerabilities have been fixed in version 1:5.1.4~rc1-1; tomcat8 security vulnerabilities have been fixed in version 8.0.36-1; libcommons- fileupload-java security vulnerabilities have been fixed in version 1.3.2-1; libvirt security vulnerabilities have been fixed in version 2.0.0-1; tomcat7 security vulnerabilities have been fixed in version 7.0.70-1; wireshark security vulnerabilities have been fixed in version 2.0.4+gdd7746e-1; horizon security vulnerabilities have been fixed in version3:9.0.1-2; libgd2 security vulnerabilities have been fixed in version 2.2.2-29-g3c2b605-1; pidginsecurity vulnerabilities have been fixed in version 2.11.0-1; squid3 security vulnerabilities have been fixed in version 3.5.19-1; openssh security vulnerabilities have been fixed in version 1:7.2p2-8; phpmyadmin security vulnerabilities have been fixed in version 4:4.6.3-1; ntp security vulnerabilities have been fixed in version 1:4.2.8p7+dfsg-1; libgd2 security vulnerabilities have been fixed in version 2.2.2-43-g22cba39-1; php5 security vulnerabilities have been fixed in version 7.0.9-1; mariadb-10.0 security vulnerabilities have been fixed in version 10.0.26-2; collctd security vulnerabilities have been fixed in version 5.5.2-1.<br \/>\nWe recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.","protected":false},"excerpt":{"rendered":"<p>The security updates of\u00a0libreoffice, tomcat8, libcommons-fileupload-java, libvirt, tomcat7, wireshark, horizon, libgd2, pidgin, squid3, openssh, phpmyadmin, ntp, libgd2, php5, mariadb-10.0 and collctd. &nbsp; Vulnerability Information DSA-3608-1 libreoffice \u2014 Security Updates Security database details: Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. &nbsp; DSA-3609-1 tomcat8 \u2014 Security Updates Security database details: Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. ...<a href=https:\/\/www.deepin.org\/en\/security-updates%ef%bc%88dsa-3608-1-dsa-3609-1-dsa-3611-1-dsa-3613-1-dsa-3614-1-dsa-3615-1-dsa-3617-1-dsa-3619-1-dsa-3620-1-dsa-3625-1-dsa-3626-1-dsa-3627-1-dsa-3629-1-dsa-3630-1-dsa-36\/>Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":13322,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/13301"}],"collection":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/comments?post=13301"}],"version-history":[{"count":12,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/13301\/revisions"}],"predecessor-version":[{"id":26352,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/posts\/13301\/revisions\/26352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/media?parent=13301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/categories?post=13301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org\/en\/wp-json\/wp\/v2\/tags?post=13301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}