![\"en\"](\"https:\/\/www.deepin.org\/wp-content\/uploads\/2017\/06\/en-3.jpg\")
<\/p>\nThe security updates of vim, imagemagick, imagemagick, icu, firefox-esr, weechat, ghostscript, libxstream-java, tomcat7, tomcat8, tiff, libtirpc, libytnef, xen, git, kde4libs, rtmpdump, bitlbee,\u00a0bind9, jbig2dec,<\/p>\n
deluge, mysql-connector-java, puppet, imagemagick, fop, mosquitto, strongswan, sudo, openldap, tnef, wordpress, perl, ettercap, libmwaw, otrs2, tor, zziplib, libosip2, libgcrypt20, firefox-esr, request-tracker4, gnutls28, irssi.<\/p>\n
DSA-3786-1 vim<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.<\/p>\n <\/p>\n DSA-3799-1 imagemagick\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.<\/p>\n <\/p>\n DSA-3808-1 imagemagick<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.<\/p>\n This update also fixes visual artefacts when running -sharpen on CMYK images (no security impact, but piggybacked on top of the security update with approval of the Debian stable release managers since it's a regression in jessie compared to wheezy).<\/p>\n <\/p>\n DSA-3830-1 icu <\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.<\/p>\n <\/p>\n DSA-3831-1 firefox-esr<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.<\/p>\n <\/p>\n DSA-3836-1 weechat<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.<\/p>\n <\/p>\n DSA-3838-1 ghostscript\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several vulnerabilities were discovered in Ghostscript, the GPL PostScript\/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.<\/p>\n <\/p>\n DSA-3841-1 libxstream-java<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling.<\/p>\n <\/p>\n DSA-3842-1 tomcat7<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine.<\/p>\n <\/p>\n DSA-3843-1 tomcat8<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine.<\/p>\n <\/p>\n DSA-3844-1 tiff<\/a> \u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code.<\/p>\n <\/p>\n DSA-3845-1 libtirpc<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).<\/p>\n <\/p>\n DSA-3846-1 libytnef<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several issues were discovered in libytnef, a library used to decode application\/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file.<\/p>\n <\/p>\n DSA-3847-1 xen<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.<\/p>\n <\/p>\n DSA-3848-1 git<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn \"git upload-pack --help\".<\/p>\n <\/p>\n DSA-3849-1 kde4libs<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:<\/p>\n DSA-3850-1 rtmpdump<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper\/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped.<\/p>\n <\/p>\n DSA-3853-1 bitlbee<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.<\/p>\n <\/p>\n DSA-3854-1 bind9\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems:<\/p>\n DSA-3855-1 jbig2dec<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.<\/p>\n <\/p>\n DSA-3856-1 deluge<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).<\/p>\n <\/p>\n DSA-3857-1 mysql-connector-java<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Two vulnerabilities have been found in the MySQL Connector\/J JDBC driver.<\/p>\n <\/p>\n DSA-3862-1 puppet\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.<\/p>\n <\/p>\n DSA-3863-1 imagemagick\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.<\/p>\n <\/p>\n DSA-3864-1 fop<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure.<\/p>\n <\/p>\n DSA-3865-1 mosquitto<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.<\/p>\n <\/p>\n DSA-3866-1 strongswan<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Two denial of service vulnerabilities were identified in strongSwan, an IKE\/IPsec suite, using Google's OSS-Fuzz fuzzing project.<\/p>\n DSA-3867-1 sudo<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse \"\/proc\/[pid]\/stat\" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.<\/p>\n <\/p>\n DSA-3868-1 openldap<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend.<\/p>\n <\/p>\n DSA-3869-1 tnef<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that tnef, a tool used to unpack MIME attachments of type \"application\/ms-tnef\", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash.<\/p>\n <\/p>\n DSA-3870-1 wordpress<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.<\/p>\n <\/p>\n DSA-3873-1 perl <\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.<\/p>\n <\/p>\n DSA-3874-1 ettercap<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash.<\/p>\n <\/p>\n DSA-3875-1 libmwaw<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened.<\/p>\n <\/p>\n DSA-3876-1 otrs2<\/a> \u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.<\/p>\n <\/p>\n DSA-3877-1 tor<\/a> \u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).<\/p>\n <\/p>\n DSA-3878-1 zziplib \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed.<\/p>\n <\/p>\n DSA-3879-1 libosip2<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages.<\/p>\n <\/p>\n DSA-3880-1 libgcrypt20<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.<\/p>\n <\/p>\n DSA-3881-1 firefox-esr<\/a>\u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.<\/p>\n <\/p>\n DSA-3882-1 request-tracker4<\/a> \u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:<\/p>\n <\/p>\n DSA-3884-1 gnutls28<\/a> \u00a0\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service).<\/p>\n <\/p>\n DSA-3885-1 irssi\u00a0<\/a>\u2014Security Updates<\/strong><\/p>\n Security database details:<\/p>\n Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems:<\/p>\n vim\u00a0security vulnerabilities have been fixed in version 2:8.0.0197-2; imagemagick security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-1; imagemagick\u00a0security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-2; icu\u00a0security vulnerabilities have been fixed in version 57.1-6; firefox-esr\u00a0security vulnerabilities have been fixed in version 45.9.0esr-1;\u00a0weechat security vulnerabilities have been fixed in version 1.7-3;\u00a0ghostscript security vulnerabilities have been fixed in version 9.20~dfsg-3.1; libxstream-java\u00a0security vulnerabilities have been fixed in version 1.4.9-2; tomcat7 security vulnerabilities have been fixed in version 7.0.72-3;\u00a0tomcat8 security vulnerabilities have been fixed in version 8.5.11-2;\u00a0tiff security vulnerabilities have been fixed in version 4.0.7-6;\u00a0libtirpc\u00a0security vulnerabilities have been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind;\u00a0libytnef security vulnerabilities have been fixed in version 1.9.2-1;\u00a0xen security vulnerabilities have been fixed in version 4.8.1-1+deb9u1;\u00a0git security vulnerabilities have been fixed in version 1:2.11.0-3;\u00a0kde4libs security vulnerabilities have been fixed in version 4:4.14.26-2;\u00a0rtmpdump security vulnerabilities have been fixed in version 2.4+20151223.gitfa8646d.1-1;\u00a0bitlbee security vulnerabilities have been fixed in version 3.5-1; bind9 security vulnerabilities have been fixed in version 1:9.10.3.dfsg.P4-12.3;\u00a0jbig2dec security vulnerabilities have been fixed in version 0.13-4.1;\u00a0deluge security vulnerabilities have been fixed in version 1.3.13+git20161130.48cedf63-3;\u00a0mysql-connector-java security vulnerabilities have been fixed in version 5.1.42-1;\u00a0puppet\u00a0security vulnerabilities have been fixed in version 4.8.2-5;\u00a0imagemagick security vulnerabilities have been fixed in version 8:6.9.7.4+dfsg-8;\u00a0fop\u00a0security vulnerabilities have been fixed in version 1:2.1-6;\u00a0mosquitto security vulnerabilities have been fixed in version 1.4.10-3;\u00a0strongswan\u00a0security vulnerabilities have been fixed in version 5.5.1-4;\u00a0sudo security vulnerabilities have been fixed in version 1.8.20p1-1;\u00a0openldap security vulnerabilities have been fixed in version 2.4.44+dfsg-5;\u00a0tnef\u00a0security vulnerabilities have been fixed in version 1.4.12-1.2; wordpress security vulnerabilities have been fixed in version 4.7.5+dfsg-1;\u00a0perl security vulnerabilities have been fixed in version 5.24.1-3;\u00a0ettercap\u00a0security vulnerabilities have been fixed in version 1:0.8.2-4;\u00a0libmwaw\u00a0security vulnerabilities have been fixed in version 0.3.9-2; otrs2\u00a0security vulnerabilities have been fixed in version 5.0.20-1;\u00a0tor\u00a0security vulnerabilities have been fixed in version 0.2.9.11-1; zziplib security vulnerabilities have been fixed in version 0.13.62-3.1;\u00a0libosip2 security vulnerabilities have been fixed in version 4.1.0-2.1;\u00a0libgcrypt20 security vulnerabilities have been fixed in version 1.7.6-2;\u00a0firefox-esr security vulnerabilities have been fixed in version 52.2.0esr-1; request-tracker4 security vulnerabilities have been fixed in version 4.4.1-4; gnutls28 security vulnerabilities have been fixed in version 3.5.8-6; irssi security vulnerabilities have been fixed in version 1.0.3-1.<\/p>\n We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.","protected":false},"excerpt":{"rendered":" The security updates of vim, imagemagick, imagemagick, icu, firefox-esr, weechat, ghostscript, libxstream-java, tomcat7, tomcat8, tiff, libtirpc, libytnef, xen, git, kde4libs, rtmpdump, bitlbee,\u00a0bind9, jbig2dec, deluge, mysql-connector-java, puppet, imagemagick, fop, mosquitto, strongswan, sudo, openldap, tnef, wordpress, perl, ettercap, libmwaw, otrs2, tor, zziplib, libosip2, libgcrypt20, firefox-esr, request-tracker4, gnutls28, irssi. Vulnerability Information DSA-3786-1 vim\u00a0\u2014Security Updates Security database details: Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. DSA-3799-1 imagemagick\u00a0\u2014Security Updates Security database details: This ...Read more<\/a><\/p>\n","protected":false},"author":141,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/23935"}],"collection":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/users\/141"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/comments?post=23935"}],"version-history":[{"count":92,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/23935\/revisions"}],"predecessor-version":[{"id":28419,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/23935\/revisions\/28419"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/media?parent=23935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/categories?post=23935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/tags?post=23935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n
\n
\n
Fixing Status<\/h2>\n<\/li>\n<\/ul>\n