deepin ships new batch of security updates

The deepin team has announced availability of new batch of security updates for deepin linux, a beautiful GNU/Linux distribution from China. These security updates includes critical fixes in iceweasel web browser, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and image magick.

New batch of security updates fixes following vulnerabilities/bugs discovered in deepin packages.
  • Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
  •  Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.
  • Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.
  • Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki’s use of imagemagick in the img plugin.
See more vulnerabilities and fix details in an announcement made in deepin blog.

Share this

Related Posts