Back
    Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2406-1: icedove security update

    Date 09 Feb 2012
    Category Debian Linux Distribution - Security Advisories
    94
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. CVE-2011-3670 
    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2406-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                            Florian Weimer
February 09, 2012                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

Several vulnerabilities have been discovered in Icedove, Debian's
variant of the Mozilla Thunderbird code base.

CVE-2011-3670
	Icedove does not not properly enforce the IPv6 literal address
	syntax, which allows remote attackers to obtain sensitive
	information by making XMLHttpRequest calls through a proxy and
	reading the error messages.

CVE-2012-0442
	Memory corruption bugs could cause Icedove to crash or
  	possibly execute arbitrary code.

CVE-2012-0444
	Icedove does not properly initialize nsChildView data
	structures, which allows remote attackers to cause a denial of
	service (memory corruption and application crash) or possibly
	execute arbitrary code via a crafted Ogg Vorbis file.

CVE-2012-0449
	Icedove allows remote attackers to cause a denial of service
	(memory corruption and application crash) or possibly execute
	arbitrary code via a malformed XSLT stylesheet that is
	embedded in a document

For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze7.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    Why You Should Trust Open Source Software Security
    Why You Should Trust Open Source Software Security
    Stars and Stripes: NASA and Linux
    Stars and Stripes: NASA and Linux
    Linus Torvalds wants Apple’s new M1-powered Macs to run Linux
    Linus Torvalds wants Apple’s new M1-powered Macs to run Linux
    Kali Linux 2020.4 switches the default shell from Bash to ZSH
    Kali Linux 2020.4 switches the default shell from Bash to ZSH

    Advisories

    SUSE: 2020:3503-1 important: the Linux Kernel
    Date 24 Nov 2020 @ 08:22
    SUSE: 2020:3501-1 important: the Linux Kernel
    Date 24 Nov 2020 @ 08:18
    SUSE: 2020:3500-1 moderate: mariadb
    Date 24 Nov 2020 @ 08:16
    SciLinux: SLSA-2020-5129-1 Important: net-snmp on SL6.x i386/x86_64
    Date 24 Nov 2020 @ 05:37

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"11","type":"x","order":"1","pct":10.68,"resources":[]},{"id":"159","title":"False","votes":"92","type":"x","order":"2","pct":89.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200
    Phishing Is The #1 Cybersecurity Threat Businesses Face

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy