[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1300-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
June 7th, 2007                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1362

    Nicolas Derouet discovered that Iceape performs insufficient 
    validation of cookies, which could lead to denial of service.

CVE-2007-1558

    Gatan Leurent discovered a cryptographical weakness in APOP
    authentication, which reduces the required efforts for an MITM attack
    to intercept a password. The update enforces stricter validation, which
    prevents this attack.

CVE-2007-2867
 
    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn
    Wargers and Olli Pettay discovered crashes in the layout engine, which
    might allow the execution of arbitrary code.

CVE-2007-2868

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant
    discovered crashes in the javascript engine, which might allow the execution of
    arbitrary code.

CVE-2007-2870

    "moz_bug_r_a4" discovered that adding an event listener through the
     addEventListener() function allows cross-site scripting.

CVE-2007-2871

    Chris Thomas discovered that XUL popups can can be abused for spoofing or
    phishing attacks.

Fixes for the oldstable distribution (sarge) are not available. While there
will be another round of security updates for Mozilla products, Debian doesn't
have the ressources to backport further security fixes to the old Mozilla
products. You're strongly encouraged to upgrade to stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
1.0.9-0etch1. A build for the arm architecture is not yet available, it will
be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your iceape packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.dsc
      Size/MD5 checksum:     1403 fac51ae60382306a1f5937d393cad9b8
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.diff.gz
      Size/MD5 checksum:   265235 f0632d0ab1011723516b42ddc3fbf077
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9.orig.tar.gz
      Size/MD5 checksum: 42936008 f3f2409c45e5e48124159f71c3f305db

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.9-0etch1_all.deb
      Size/MD5 checksum:   278514 abeb91d6d747fbd2a2dc4c53a0c1b730
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.9-0etch1_all.deb
      Size/MD5 checksum:  3655228 aeaa72117bdef3db570d175294003567
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1_all.deb
      Size/MD5 checksum:    27642 2c103331d2f75caab26dc5c5c5b53db5
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    27172 6461173091e780104247676063370dd4
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26244 3a26fad0fccac9cb3f0a3826eaba0398
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26258 6c114441ed304d22a68626e641714a32
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26380 36e2977fd80cdf0e5132d3e5d3d7566f
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26280 4f803f93ba3146cf3568a8255d7ff1ce
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26276 fc04a5e05749f469061437aebce7e25c
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26266 b14a9f36ebf0b29133dd6d136d74b1d4
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26248 ffa152a5ad9a647f7b6c7b509542b6c4
    http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.9-0etch1_all.deb
      Size/MD5 checksum:    26240 ef0a008c5d7c4d832dde3bb10fa06ef1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum: 12865430 8418f1985dc4615ef0507f14c06ab65a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum:   625182 0a1b310be2bd861d5686b03b9ac1ad4a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum: 60530626 66a769a586e4bce6abfcae5f31abd779
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum:   196750 364d4c0c512880760c200dcc796100cc
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum:    52960 1c12d82410100d48a17ec75c4fc0c0d4
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_alpha.deb
      Size/MD5 checksum:  2281764 4955a49cf9ef25f24ffd37768864564d

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum: 11647006 a84a6860787ef130576e7fb11f8eabec
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum:   608506 1bf656a5edc44eb320997a42a1fad33c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum: 59537150 2ed3859e18f3bab0b6b48e6d91e653c3
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum:   193924 7b741afe2710da66e2306f681a8323a5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum:    52456 c762266f74dd5db459d4b40763c70d10
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_amd64.deb
      Size/MD5 checksum:  2090278 1fff0ff3907d8990df3874a295ab795b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum: 12941432 53b838fbda55ae87993a2be1bb8787f6
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum:   614398 15b391e088060d1065354384af4dd688
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum: 60391748 e26a56439db9415ae0226c4fa28c2e79
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum:   196962 cb87bee865d7f77a525d3e75707c50a0
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum:    53538 93a72fdb9dacbf0f690a6c20222842a5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_hppa.deb
      Size/MD5 checksum:  2338650 4e68071e6271350ad331f6f387328450

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_i386.deb
      Size/MD5 checksum: 10454294 da901720379e4b1bad94459ba8053687
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_i386.deb
      Size/MD5 checksum:   587850 ec7ad19e450d2490ff3ebd1b50bf4096
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_i386.deb
      Size/MD5 checksum: 58613040 7ffa59d625d92dd2975c8df5ffe773c7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_i386.deb
      Size/MD5 checksum:   188602 970dba31c02d4fecf9418f4d2e783dff
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_i386.deb
      Size/MD5 checksum:    47562 a8435ff7e0e9256fd18dba5563a52f61
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_i386.deb
      Size/MD5 checksum:  1889432 af7c62e7b76245ca48a8253beb9d450d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum: 15756760 95de0b7bb5cd9b7f4f9f30b6eb0880cd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum:   660486 7903f3f9c0dc33d2a603d67ec1796d4f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum: 59810372 007d904791cfd676855b88dcb837f8ee
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum:   203602 e6ec5ad7093347c8bae4a4bf5232ba98
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum:    61072 976efb7973f37f1dea1304d65aeaac3f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_ia64.deb
      Size/MD5 checksum:  2815398 1e2078b5d7adab616fa3f5dc16bee183

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mips.deb
      Size/MD5 checksum: 11102688 a2332134ba7eca56ea9d2fd2300d38fd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mips.deb
      Size/MD5 checksum:   598284 8db74e82ba6915c61ad634cd2997c34e
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mips.deb
      Size/MD5 checksum: 61397714 de6b3f48f35ad453900025ec3de34baf
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mips.deb
      Size/MD5 checksum:   190580 089d2bfc82e5bbccd28e2d39d63ff3e5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mips.deb
      Size/MD5 checksum:    49058 fba4238a8887be242521fc1b13329a68
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mips.deb
      Size/MD5 checksum:  1955378 a5e472ed92e8be52cee996d111210732

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum: 10890126 da61a2407cb332806ef54f30c6683055
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum:   594906 6da11b3f0e5da40aac23e8fcea295405
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum: 59749198 d336210141b28e1e54c351d7da403e76
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum:   190102 a5619388f97802a39a7ebd8e72930581
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum:    48856 85ccbe07938b1b0bd7c2bb6f5116b1e5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mipsel.deb
      Size/MD5 checksum:  1940148 1f5dd8c10e94e3362ef3ce6abca7665c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum: 11286956 52990bdec220bab9968d859c79e8cbe8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum:   595182 6f9393fc2c13eea7e281a57b6955cd05
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum: 61536458 981f8b40052ab8a3d78fbd7a90acedf7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum:   190982 d7e50ff547bf3a4f7633ab5dd56c8e9e
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum:    48376 9409001d405fdbf55a9825ee3f60cf85
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_powerpc.deb
      Size/MD5 checksum:  2005444 0b699049484cc571b7516efc43afd6ad

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_s390.deb
      Size/MD5 checksum: 12266856 9014128ea5980d3ee1c6203883ec3d42
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_s390.deb
      Size/MD5 checksum:   610568 1f7d3b6e02bca35cac33df9083ec5809
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_s390.deb
      Size/MD5 checksum: 60291956 fb54cc2a913940344cd70799511ac524
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_s390.deb
      Size/MD5 checksum:   195766 9a53913dc7c84a73b32aa438f51e5c36
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_s390.deb
      Size/MD5 checksum:    53044 2b8eeeeacfdc9fbbf891103af7b97e08
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_s390.deb
      Size/MD5 checksum:  2184358 c233670f97859a3e1e18ae168cd4a1c6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum: 10634168 95edbd8c95e760fef36e0ca194fc1c23
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum:   584234 50ca6c5a2b8031467cf7e77aba71f9d8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum: 58430974 883810feeb6d0e95df3cbe98899e3103
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum:   188526 4b3615b67bda657d68b2922a6a1dffe8
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum:    47082 4089406c7cefccf3692c8d4dba2119a7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_sparc.deb
      Size/MD5 checksum:  1894500 9a1ce67eca6cfbc42c2394783ed10234


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGaGd1Xm3vHE4uyloRAtH7AKClPnM3e436w+E2fVRpU94CkPdcNgCgw1ZZ
RkET7viqTwTrf9/ZMcjI5to=
=AO3n
-----END PGP SIGNATURE-----



Reply to: