deepin ships new batch of security updates

The deepin team has announced availability of new batch of security updates for deepin linux, a beautiful GNU/Linux distribution from China. These security updates includes critical fixes in iceweasel web browser, libtasn1-6, mercurial, ikiwiki, jansson, libidn, xerces-c and image magick.


New batch of security updates fixes following vulnerabilities/bugs discovered in deepin packages.
  • Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.
  •  Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.
  • Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.
  • Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki’s use of imagemagick in the img plugin.
See more vulnerabilities and fix details in an announcement made in deepin blog.

Share this