Debian: DSA-2025-1: New icedove packages fix several vulnerabilities

    Date31 Mar 2010
    CategoryDebian
    46
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2025-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    March 31, 2010                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : icedove                                                                                                                                            
    Vulnerability  : several vulnerabilities                                                                                                                            
    Problem type   : remote                                                                                                                                             
    Debian-specific: no                                                                                                                                                 
    CVE IDs        : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463                                                                                                          
                     CVE-2009-3072 CVE-2009-3075 CVE-2010-0163
    
    Several remote vulnerabilities have been discovered in the Icedove
    mail client, an unbranded version of the Thunderbird mail client. The
    Common Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2009-2408
    
    Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
    properly handle a '\0' character in a domain name in the subject's
    Common Name (CN) field of an X.509 certificate (MFSA 2009-42).
    
    CVE-2009-2404
    
    Moxie Marlinspike reported a heap overflow vulnerability in the code
    that handles regular expressions in certificate names (MFSA 2009-43).
    
    CVE-2009-2463
    
    monarch2020 discovered an integer overflow n a base64 decoding function
    (MFSA 2010-07).
    
    CVE-2009-3072
    
    Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).
    
    CVE-2009-3075
    
    Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).
    
    CVE-2010-0163
    
    Ludovic Hirlimann reported a crash indexing some messages with
    attachments, which could lead to the execution of arbitrary code
    (MFSA 2010-07).
    
    
    For the stable distribution (lenny), these problems have been fixed in
    version 2.0.0.24-0lenny1.
    
    Due to a problem with the archive system it is not possible to release
    all architectures. The missing architectures will be installed into the
    archive once they become available.
    
    For the testing distribution squeeze and the unstable distribution (sid),
    these problems will be fixed soon.
    
    
    We recommend that you upgrade your icedove packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz
        Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc
        Size/MD5 checksum:     1668 111c1a93c1ce498715e231272123f841
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz
        Size/MD5 checksum:   103260 4661b0c8c170d58f844337699cb8ca1a
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb
        Size/MD5 checksum:  3723382 12c7fe63b0a5c59680ca36200a6f7d20
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb
        Size/MD5 checksum:    61132 c0f96569d4ea0f01cff3950572b3dda9
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb
        Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb
        Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb
        Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb
        Size/MD5 checksum:  3937168 de9dda16f94e696de897bec6c8d45f90
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb
        Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb
        Size/MD5 checksum:    59114 fae947071c0de6ebce316decbce61f9a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb
        Size/MD5 checksum:  3929902 5ab6f673b34770278270fb7862986b0b
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb
        Size/MD5 checksum:    53746 c9c53e8a42d85fe5f4fa8e2a85e55629
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb
        Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb
        Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb
        Size/MD5 checksum:  3944678 2a9dc50b61420b4fdf8f3a4d378bb484
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb
        Size/MD5 checksum:    60554 7dcd739363cff3cc4bda659b82856536
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb
        Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb
        Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb
        Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb
        Size/MD5 checksum:    54838 101de9e837bea9391461074481bf770f
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb
        Size/MD5 checksum:  3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb
        Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb
        Size/MD5 checksum:  3756914 615afd30bf893d2d32bbacedf1f7ff8e
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb
        Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb
        Size/MD5 checksum:    66302 f8800140b3797d4a4267a5dac0043995
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb
        Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb
        Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb
        Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c
      http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb
        Size/MD5 checksum:    56670 72e58731ac68f2c599704a3e7ca45d4c
      http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb
        Size/MD5 checksum:  3942470 e8454d41a095226a2d252f10da795d96
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.