Debian: New iceape packages fix regression

    Date19 Mar 2008
    CategoryDebian
    2848
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1506-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    March 20, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : iceape
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415
                     CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591
                     CVE-2008-0592 CVE-2008-0593 CVE-2008-0594
    
    A regression has been fixed in iceape's frame handling code. For
    reference you can find the original update below:
    
    Several remote vulnerabilities have been discovered in the Iceape internet
    suite, an unbranded version of the Seamonkey Internet Suite. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2008-0412
    
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
        Nickerson discovered crashes in the layout engine, which might allow
        the execution of arbitrary code.
    
    CVE-2008-0413
    
        Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
        Philip Taylor and "tgirmann" discovered crashes in the Javascript
        engine, which might allow the execution of arbitrary code.
    
    CVE-2008-0414
    
        "hong" and Gregory Fleisher discovered that file input focus
        vulnerabilities in the file upload control could allow information
        disclosure of local files.
    
    CVE-2008-0415
    
        "moz_bug_r_a4" and Boris Zbarsky discovered discovered several
        vulnerabilities in Javascript handling, which could allow
        privilege escalation.
    
    CVE-2008-0417
    
        Justin Dolske discovered that the password storage machanism could
        be abused by malicious web sites to corrupt existing saved passwords.
    
    CVE-2008-0418
    
        Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory
        traversal vulnerability in chrome: URI handling could lead to
        information disclosure.
    
    CVE-2008-0419
    
        David Bloom discovered a race condition in the image handling of
        designMode elements, which can lead to information disclosure or
        potentially the execution of arbitrary code.
    
    CVE-2008-0591
    
        Michal Zalewski discovered that timers protecting security-sensitive
        dialogs (which disable dialog elements until a timeout is reached)
        could be bypassed by window focus changes through Javascript.
    
    CVE-2008-0592
    
        It was discovered that malformed content declarations of saved
        attachments could prevent a user in the opening local files
        with a ".txt" file name, resulting in minor denial of service.
    
    CVE-2008-0593
    
        Martin Straka discovered that insecure stylesheet handling during
        redirects could lead to information disclosure.
    
    CVE-2008-0594
    
        Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing
        protections could be bypassed with 
    elements. For the stable distribution (etch), these problems have been fixed in version 1.0.12~pre080131b-0etch2. The Mozilla releases from the old stable distribution (sarge) are no longer supported with security updates. We recommend that you upgrade your iceape packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.diff.gz Size/MD5 checksum: 270995 2a621606e7f50a736f0d071ade4fd52f http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz Size/MD5 checksum: 43535826 39071cd311888d73254336b782109776 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2.dsc Size/MD5 checksum: 1439 9763d1c74ce4301f14acbefbd9f5f49b Architecture independent packages: http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 3927430 ecd67a579a7de22c58812f101a3f8798 http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27352 cebcf83eac35b663e96d742a8ce0e22d http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27380 f7e68700518fe223b0a7847250065c8a http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27392 852ff0430f7dda87f29ebf6115142c00 http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 28318 c365320890c3a5ed1d9b8229092b3261 http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27482 48d6bd50aabed44772e41da31e2659e7 http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27344 27da10e92c699333d85a40f9b8b82677 http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27370 d4385a93519282c9c23df59a2d96961f http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27350 4ad38b881319986efeb536575e113294 http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 282046 df765c828f73a254837fe2ac4a26990c http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 27364 6e76df8b5fc4f1a26da126f67b991c32 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch2_all.deb Size/MD5 checksum: 28756 f008166db261ee31e99c280268c0c97f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 626242 119f2bb9ea10019aaf93a6da91af9f6f http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 60612096 57fec5b1481c06363aab65970f501e39 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 2282966 722ade6b1062b8f1282a7bad0be58f5c http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 54116 25799cb038e973b0adef00131aa1dd6d http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 12885116 fd8028f357f5c12623854ca10df81f43 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_alpha.deb Size/MD5 checksum: 197954 5fd16ec58f64705c38b4cf8a908d11e5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 195202 08c6a3b849b7181400bf3638079f3442 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 59609120 56bffd191157a8f8e4b0bbd3d143d571 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 11687018 8a1f2af506bfeaad0b10fe66dd7dfd33 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 613980 5f0bf1273ca35408b524463a20235592 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 2099746 544fda8f60b6914b81be215008b87da7 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_amd64.deb Size/MD5 checksum: 53516 5f9e6648023ee92e9a4de1c4b75be2e2 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 186994 2e6fe57a3b3651304afd19e7824d3f5c http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 10421172 40ff90ee1fbaa2fc4d1fbab6072485b4 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 58769568 b5f93f47e50fcd0fcdef16ceae742d13 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 1916830 39c250546337814cafb6b99376688fca http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 586310 b67e34b1919b7effb4c307ccbeab942e http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_arm.deb Size/MD5 checksum: 47628 ebed30f79a3601c7daef49660661ad82 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 54578 1f3439b60f505b153b13c297747419eb http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 2340648 3ab9d1562c560c7b9df184a38f9a6a11 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 615328 f023c06e4cff0f8d76b41d0096469d3a http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 198252 a3a83f5be255320f2020d80df098dca9 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 12958594 f88a9c7c2f21c7d8ab6c01419f0cea7f http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_hppa.deb Size/MD5 checksum: 60479784 4c74b76cbf9032ffccb5294a93c17641 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 48572 cb473d812b961898fef36d16bab876ff http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 589088 5d671f8a6419358536a20b8d88c38ddf http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 10470634 83a3b24130b0300c6c05ebc9dbb3844c http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 189910 6f6659128de512017cf29ca9c30a166a http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 58697514 16d427016239a37293ed07e6ac26cc50 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_i386.deb Size/MD5 checksum: 1891518 875b689733c2d8fe806ba836e29eb324 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 2817188 76070b2545ca8cab7d49bfa31375c587 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 15784184 cfba69a4ce574d82ecf5f3242d1f58dc http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 661962 446e3cb79b36ca09e887a9e0ceb3a855 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 62036 f619b963fbf6647837e31f7b1b4adbc4 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 204852 8ce30a3bcdd7c8344771ea5c9e333a1b http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_ia64.deb Size/MD5 checksum: 59883636 95627f56e1033f33150f1f9d376003ef mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 191112 5906efb6ca3dbe054e906f7b22f08437 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 61481162 3fd870051ce1abb7d9f4f21795ed26f3 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 11153962 ff7b7663327bee5dc0047e1e19e86144 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 1959382 907240b378aa04bc7303b86920dc0ad0 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 599576 fd0e3eaf3a9c2f0a8bccf9f0d86c9ec8 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_mips.deb Size/MD5 checksum: 50040 3aca9ae6ee5a6ae8f1aa84c5db300c88 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 191354 7eaf6aacbafbd0a4fdf44e7236c0938a http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 49888 b292f596100550bebfa995d5257d9b94 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 59840188 850f4ce08b0844e113e9484d45599f4b http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 1942296 f0debfbf60133383ac7cd6283651981a http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 596036 6a83b253c357e53c2328d21465b0d86c http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_mipsel.deb Size/MD5 checksum: 10906082 2283d8b033adae277eb068df1bb04934 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 2006544 e50dbd0672c095d1e17441eff098da90 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 61612928 d68c54f558206a0494b7e9120ddd66fb http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 49364 6589fb88dcdc36db56fcc558682353ce http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 11304980 7fb0499168a1507a9a137fc45ae57ba1 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 596288 143f9b6509e38ae9c7a70d3450b6c962 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_powerpc.deb Size/MD5 checksum: 192164 3f981a2dc64f14c66ee30e4178df2da1 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 60369514 fa3b32d386daf6fb0ce1f7d0b20840c7 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 2185920 820309b77fcf5ac32c157e3708e6b5e2 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 611780 d7e128a4914cf2a65a84e742b106ff24 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 54086 b3a90c69d912cea90c1478e3448f4616 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 197022 4613b8a9f393a8d6e950c6b2a0ecd1e6 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_s390.deb Size/MD5 checksum: 12282472 96018b365bde6cb21ce2b822e8d68c9a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 585406 1205a79d265d0851ab47c422cf6fd9e6 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 58513920 c86edaca6caf4c2313d602e0f5bacbc9 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 189800 2eee769a043e3e8ab62ea64558982ee5 http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 10653162 7672a64a0aded3237d111ddefcc16030 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 48158 1c3dbec97e1a32319e37a6fdcd1272ab http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch2_sparc.deb Size/MD5 checksum: 1896086 775e67f07235627084efa3f7a1850327 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.