Debian: New iceape packages fix arbitrary code execution

    Date28 Apr 2008
    CategoryDebian
    2745
    Posted ByLinuxSecurity Advisories
    It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1562-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    April 28, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : iceape
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1380
    
    It was discovered that crashes in the Javascript engine of Iceape,
    an unbranded version of the Seamonkey internet suite could
    potentially lead to the execution of arbitrary code.
    
    For the stable distribution (etch), this problem has been fixed in
    version 1.0.13~pre080323b-0etch3.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.1.9-2.
    
    We recommend that you upgrade your iceape packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.diff.gz
        Size/MD5 checksum:   272290 65a6cc900463ab3324a42250ce39c10b
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz
        Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.dsc
        Size/MD5 checksum:     1439 7e71d648dcc53a64aa9e8675c09021f8
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27638 9ea252e567314297df273d1d0565c081
      http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27636 19e71b334df21b23b2f511830972a0d4
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27682 7bfcf10a1034eefac22ae8657dee9bd2
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27772 36a3464a2d8fd4fc3847039b82dd1f5f
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    29034 a9f31dc27b4b17c63b783f07c3f8fd2c
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27650 6894ea2d406646086f60a29c1aba9cbe
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:  3928844 9a28456f31b2b5a06c6e69b175183ab9
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    28606 6e89267d545052a9b053c0b17b02d265
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27676 fed0fa97fb88ec0c975c432003dffaea
      http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:   282388 f6e5876a2562123eb182f44a9d28c0f5
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27644 97fd6c82d0386ed6f1ed8c2b45391634
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch3_all.deb
        Size/MD5 checksum:    27658 67afa911887af3df5a081d9bcaeb9e7b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum:  2281694 6688ce20712749da04e7bc0e1f63b531
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum:    55052 d14150e730a8357b0e2ef81542eb604b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum: 60657374 ebc2656e676b129223a0d7b060205d32
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum: 12886440 aa35edb178dc8812275a005cb0449e7b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum:   627600 a7801c7ba516484aa2028c91646c2504
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_alpha.deb
        Size/MD5 checksum:   199118 44501f7751ab5a2b0e7cab912a132200
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum:   195524 d36d3e4cf9f7442bb550f5e8675b3036
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum:   614288 f1396dbd501a98b181cca52d5ba8e2a8
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum: 59660176 f90d321b0a4599135fe16f53338b362f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum:  2100064 c626d518a1becbf76a23aa064a3ee2eb
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum: 11692364 6b191980ebc9d493f703b5fedc65081b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_amd64.deb
        Size/MD5 checksum:    53836 8695a98820343b899364083a40b03c1a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum: 58799260 c243477696e8ea19c4263d2656d97c0c
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum:   586712 0c8a041b5a1d7d41263fa2c27575d607
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum:  1917016 7ceb3becd5be4a158bcd28151bd7ab51
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum:    47860 e65b19737b893676a310b8256e4b3b38
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum: 10426174 2d5f6458ed8aca7ee0f8c5ec643c9964
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_arm.deb
        Size/MD5 checksum:   187162 a08b63a8fb7f448664b01e52f8de9ffb
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum: 12992154 d00f8b54c176ce496f4728c7198d004a
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum:  2349904 356528663fc19599701944ee30afe6ff
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum:    55244 3edf68481a15575131f426a569a171d4
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum:   198650 b7f9775322181a1fd944dd8b3b90681d
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum: 60520216 cf8581572da5dedbbd3696ebbb793ba3
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_hppa.deb
        Size/MD5 checksum:   619710 ef8266cbebfdfdcf659999c8e67ecbaf
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum:   190234 f3f876cbc5cf3efec5ceb50a2c23d8dd
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum: 58741446 e2afabfab01c0a75295864916a20f0ca
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum: 10481106 9f7420c8033d5783cbfdd40ec9dc91ff
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum:    48872 226a49cb7be9ba105ed34ec974dd59c4
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum:   589458 3de29c0ae9e2a230ffbfcd5126822f4a
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_i386.deb
        Size/MD5 checksum:  1892130 05cccfec539b244127470556c51984e5
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum:   662418 ae517af1ffb77c7b51235872f7d80312
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum: 15794624 93cc77d14a609e82d121e56cc2c27bfc
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum:  2817276 41d813a7f813ac4f4b0f41a456cc02f7
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum:    62370 b097cd29fa93c5529673cb6b51dc9fad
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum: 59920168 46992c61685020d55a2d3f5954f4c1dd
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_ia64.deb
        Size/MD5 checksum:   205156 235d6ba67f58d4796d75375ee0c9d488
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum:    50344 34df46c921c10427bd2be8f81a588b67
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum:  1959720 6d82bdd9b96c072b4f693fe578c9366f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum:   599894 deea3ff0702f70c48628d34dc63c373b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum: 61515672 e493c5a6ac2fca145163c27dddfbeb44
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum:   191488 63738c541fadb3092eead2f3e5f1cd26
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mips.deb
        Size/MD5 checksum: 11157416 e39b38cad58bfca703d7d3a332a63d1b
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum:   191704 36ee86fdbd01a7d250ecb028bca5ad5b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum: 59864044 65cb18ae21e9231db157d41b5d91f12c
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum:  1942838 94c7f270fd6fdc8142d41b202df8eefd
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum:    50204 3243edf82c2bcbd7784393cda8a2c1e6
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum: 10911166 7d75c7d1918658e1a6f6435780e0885d
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mipsel.deb
        Size/MD5 checksum:   596506 62a92a8f8a703393df92d595250c5669
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum: 61652008 2891f06dc14d01571cd67c63391aabc2
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum:   596662 5a7f977f5e1ebb9e27d3f1faf969a573
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum:  2006874 aa7cf8f2b5bd5091b889185f55460a40
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum:    49666 0a376f9b57ed80972ba170533623fb7f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum:   192472 494082cc73ee91c15d8c102015e27357
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_powerpc.deb
        Size/MD5 checksum: 11310932 7995d14bb7fb8ccc76c7b70e9ce93204
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum:    54436 685ac8c473a6d6f2f33d31c74a334238
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum:  2186280 5db2c2e519c5f8e76061ce6c48d851a3
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum: 60408272 b141b0de2b3e3e9cd2bef50b0a956050
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum: 12288534 1b3cd06388c789d7a977fe9b284b19ab
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum:   197338 8981bee198dad3399e7e5bc293785537
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_s390.deb
        Size/MD5 checksum:   612218 be67de61abb2e447a34c0eaf706498df
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum:  1896522 7212773ff30ee7f0c9c268738f022e46
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum:   190132 8731cfeb8d89d4006f5b53836f25f02b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum:    48478 d131f30545b3aa2ca2008e983ad4ef9f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum:   585808 352c0eb180728a70c5b805839b5a7e67
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum: 58543536 92de9dc46e407a7c23f95023ad3a4a91
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_sparc.deb
        Size/MD5 checksum: 10660224 c21e2625875cf929b9a01767c203c9cd
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.