Debian Security Advisory

DSA-1830-1 icedove -- several vulnerabilities

Date Reported:
12 Jul 2009
Affected Packages:
icedove
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841.
More information:

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-0040

    The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10)

  • CVE-2009-0352

    It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01)

  • CVE-2009-0353

    It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01)

  • CVE-2009-0652

    Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15)

  • CVE-2009-0771

    Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07)

  • CVE-2009-0772

    The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07)

  • CVE-2009-0773

    The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07)

  • CVE-2009-0774

    The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07)

  • CVE-2009-0776

    Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09)

  • CVE-2009-1302

    The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14)

  • CVE-2009-1303

    The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14)

  • CVE-2009-1307

    Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17)

  • CVE-2009-1832

    The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24)

  • CVE-2009-1392

    Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24)

  • CVE-2009-1836

    Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27)

  • CVE-2009-1838

    moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29)

  • CVE-2009-1841

    moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32)

  • No CVE id yet

    Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33)

For the stable distribution (lenny), these problems have been fixed in version 2.0.0.22-0lenny1.

As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client.

For the testing (squeeze) distribution these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 2.0.0.22-1.

We recommend that you upgrade your icedove packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.dsc
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.diff.gz
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.