{"id":12891,"date":"2016-06-20T16:01:09","date_gmt":"2016-06-20T08:01:09","guid":{"rendered":"https:\/\/www.deepin.org\/?p=12891"},"modified":"2017-08-31T10:44:05","modified_gmt":"2017-08-31T02:44:05","slug":"security-updates%ef%bc%88dsa-3585-1-dsa-3586-1-dsa-3587-1-dsa-3588-1%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.deepin.org.cn\/en\/security-updates%ef%bc%88dsa-3585-1-dsa-3586-1-dsa-3587-1-dsa-3588-1%ef%bc%89\/","title":{"rendered":"Security Updates (DSA-3585-1 &#038;DSA-3586-1 &#038;DSA-3587-1 &#038;DSA-3588-1)"},"content":{"rendered":"<a href=\"http:\/\/blog.deepin.org\/wp-content\/uploads\/en36.jpg\" target=\"_blank\"><img loading=\"lazy\" class=\" size-full wp-image-9885 aligncenter\" src=\"http:\/\/blog.deepin.org\/wp-content\/uploads\/en36.jpg\" alt=\"en\" width=\"749\" height=\"321\" \/><\/a><\/p>\n<p>The security updates of wireshark, atheme-services, libgd2 and symfony.<\/p>\n<p>&nbsp;<\/p>\n<h2>Vulnerability Information<\/h2>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3585.en.html\" target=\"_blank\">DSA-3585-1 wireshark <\/a>\u2014 security update<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li>Multiple vulnerabilities were discovered in the dissectors\/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3587.en.html\" target=\"_blank\">DSA-3586-1 atheme-services<\/a> \u2014 security update<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li>It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3587.en.html\" target=\"_blank\">DSA-3587-1 libgd2<\/a> \u2014 security update<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li>Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3588.en.html\" target=\"_blank\">DSA-3588-1 symfony<\/a> \u2014 security update<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-1902\">CVE-2016-1902<\/a>\u00a0:\u00a0Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes() or openssl_random_pseudo_bytes() are not available, the output of SecureRandom should not be consider secure.<\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-4423\">CVE-2016-4423<\/a>\u00a0:\u00a0Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Fixing Status<\/h2>\n<p>wireshark security vulnerabilities have been fixed in version 2:4.3.7+dfsg-1; atheme-services security vulnerabilities have been fixed in version 7.0.7-2;\u00a0libgd2 security vulnerabilities have been fixed in version 2.2.1-1; symfony security vulnerabilities have been fixed in version 2.8.6+dfsg-1.<\/p>\n<p>We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.","protected":false},"excerpt":{"rendered":"<p>The security updates of wireshark, atheme-services, libgd2 and symfony. &nbsp; Vulnerability Information DSA-3585-1 wireshark \u2014 security update Security database details: Multiple vulnerabilities were discovered in the dissectors\/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. &nbsp; DSA-3586-1 atheme-services \u2014 security update Security database details: It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service. &nbsp; DSA-3587-1 libgd2 \u2014 security update Security database details: Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker ...<a href=https:\/\/www.deepin.org.cn\/en\/security-updates%ef%bc%88dsa-3585-1-dsa-3586-1-dsa-3587-1-dsa-3588-1%ef%bc%89\/>Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":12897,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12891"}],"collection":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/comments?post=12891"}],"version-history":[{"count":13,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12891\/revisions"}],"predecessor-version":[{"id":25292,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12891\/revisions\/25292"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/media?parent=12891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/categories?post=12891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/tags?post=12891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}