Linux Security
    Linux Security
    Linux Security

    Debian: New iceape packages fix regression

    Date 24 Apr 2008
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1534-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    April 24, 2008              
    - ------------------------------------------------------------------------
    Package        : iceape
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
                     CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
    A regression in mailnews handling has been fixed. For reference the
    original advisory text below:
    Several remote vulnerabilities have been discovered in the Iceape internet
    suite, an unbranded version of the Seamonkey Internet Suite. The Common
    Vulnerabilities and Exposures project identifies the following problems:
        Peter Brodersen and Alexander Klink discovered that the
        autoselection of SSL client certificates could lead to users
        being tracked, resulting in a loss of privacy.
        "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
        CVE-2007-5338 allow the execution of arbitrary code through
        "moz_bug_r_a4" discovered that insecure handling of event
        handlers could lead to cross-site scripting.
        Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
        that incorrect principal handling can lead to cross-site
        scripting and the execution of arbitrary code.
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
        Palmgren discovered crashes in the layout engine, which might
        allow the execution of arbitrary code.
        "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
        Javascript engine, which might allow the execution of arbitrary
        Gregory Fleischer discovered that HTTP Referrer headers were
        handled incorrectly in combination with URLs containing Basic
        Authentication credentials with empty usernames, resulting
        in potential Cross-Site Request Forgery attacks.
        Gregory Fleischer discovered that web content fetched through
        the jar: protocol can use Java to connect to arbitrary ports.
        This is only an issue in combination with the non-free Java
        Chris Thomas discovered that background tabs could generate
        XUL popups overlaying the current tab, resulting in potential
        spoofing attacks.
    For the stable distribution (etch), these problems have been fixed in
    version 1.0.13~pre080323b-0etch2.
    We recommend that you upgrade your iceape packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian 4.0 (stable)
    - -------------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:   270431 fc94cccf043f45b5bd2f1ea2d6b9b225
        Size/MD5 checksum:     1439 3a1c421b0d61223760b7724dcf7ff6d9
        Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8
    Architecture independent packages:
        Size/MD5 checksum:    28532 87c74c4e89522054101318d3a6aaaef9
        Size/MD5 checksum:    27594 5795424a813f6d765400d27852161904
        Size/MD5 checksum:    27568 7b63ae9c6c56a43ae9db63e2f4c0ff85
        Size/MD5 checksum:    27576 a3cb70fb2e4811959f447c35effd3dcc
        Size/MD5 checksum:  3928614 14cc24bbe9b509d69db0a20ccc1de079
        Size/MD5 checksum:    27558 bde53046463a722d1831cb45a59bb3cf
        Size/MD5 checksum:    27560 62b1ef313aa14596c934a8121eb412c2
        Size/MD5 checksum:   282312 6df637681e0a66b1bf68833b347b2124
        Size/MD5 checksum:    28966 549dc26dd898c58013aeb624098d5db1
        Size/MD5 checksum:    27582 9c5919265f60ed5ba60075bc9b5102dc
        Size/MD5 checksum:    27596 9aa97c6c5f94155ec3e8d36c2414fd1d
        Size/MD5 checksum:    27694 c2a812caa94a72724bb98ec8cfc93249
    alpha architecture (DEC Alpha)
        Size/MD5 checksum: 12886108 2d9a38d95503842a3832aed859f0f80a
        Size/MD5 checksum:  2281642 791f3a80ebdb173c2f9d0ff152f976c9
        Size/MD5 checksum:   627482 5729fa2e2f72dfa803e37a99b461417b
        Size/MD5 checksum:    54972 11524f4ed3875809260eac9a6c0325a0
        Size/MD5 checksum: 60658744 e56cb39f56de70aaf7a201b0e13d309a
        Size/MD5 checksum:   199028 8d154e497acf9e7796390f2b1c1501dd
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum: 59663026 37829add13c621e391eb2c6c9e047ca7
        Size/MD5 checksum:  2099876 895840b306a190900c44dc4088961c50
        Size/MD5 checksum: 11692150 69a227342b3e5d563a716149eadfc7ca
        Size/MD5 checksum:    53740 d716f72d98622c3c97a679705426c2d5
        Size/MD5 checksum:   195436 c5838a1fcb25f0588abed9da193c06ce
        Size/MD5 checksum:   614236 0483f95d4be4d1a5b359a3864bc466f4
    arm architecture (ARM)
        Size/MD5 checksum:   586622 65a7a73dc018e2c1c77c26a412510e7d
        Size/MD5 checksum: 58798986 33ad7943133f5f00672dcdeaa245f057
        Size/MD5 checksum: 10426214 24dbab44f5ab57bccd1a0bfbb0f17680
        Size/MD5 checksum:   187090 57015ccb41fa214c46cd79b696d14198
        Size/MD5 checksum:    47796 e0c6b965e643018af3abb27d41a01c38
        Size/MD5 checksum:  1916922 36584dddf43f46a70412fe794991d07e
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    55158 0f80d4449589b0b77c8ef469ed9c2102
        Size/MD5 checksum:   619606 4ac9462c322063202406f20eb08b6adb
        Size/MD5 checksum:   198562 7dcaaf89e91e427acefa886275f2606c
        Size/MD5 checksum: 12991842 40dbc4f08611a986d30c358b4c442cab
        Size/MD5 checksum:  2349778 0400cc18d7078e6a5c9d675cc5ec935d
        Size/MD5 checksum: 60520824 a501cd292183eb7a909cdc481302cc9d
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  1891942 8b55f7fffc8dda99a78c8deb587b3601
        Size/MD5 checksum:    48796 920f9ba79b92a527149a3f8e3ca9e80f
        Size/MD5 checksum: 58740626 87ac20b038ce496fe0dec8fc78f8fb66
        Size/MD5 checksum:   190146 7d2da0e3a0a4291f5a78da36e4d91758
        Size/MD5 checksum:   589368 c07d98219b6c237b4ecdc8cc24dde349
        Size/MD5 checksum: 10480450 b302009b8337411c5b1cc59a394249a9
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    62286 ae7ef14b5c6bc27032715154c3b830d1
        Size/MD5 checksum:   205078 7ffa6a5b770b336fe224c9c659e22236
        Size/MD5 checksum:  2817294 c1330dea34afd59505ba68496dfc9de0
        Size/MD5 checksum: 59920064 1e9f504516f7e024e3aa7df03b7859c4
        Size/MD5 checksum: 15794360 5a0009de6fe96fd8745b6d1da4f57512
        Size/MD5 checksum:   662296 a147dba65a655f2ffc4bc2dba80d062a
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum: 11157426 2894d4aa411f541d24321e7cfc8c40dc
        Size/MD5 checksum:  1959586 8245d1d89e210dc64822059177c60935
        Size/MD5 checksum:   191382 993aa97774959191af28842e469ee122
        Size/MD5 checksum:    50272 71182383f85762af687451ac3ef38824
        Size/MD5 checksum:   599816 32d92af3b4068d460b27aea4a2941ef5
        Size/MD5 checksum: 61513408 ddaa38162de39210cf0372b66d277afd
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum: 10910758 dc4b71d0b3b3877411f1d6434152ae60
        Size/MD5 checksum:   191610 9829f7d8bf6d3057b575f44f2e42d7ba
        Size/MD5 checksum:   596352 1fbd24b1af0f0a8f09fa6caabd05f9d1
        Size/MD5 checksum:    50114 5321e20192aba965da843116d5198a81
        Size/MD5 checksum: 59864402 a591a34d73e69d6f8ba4985f7398cb60
        Size/MD5 checksum:  1942674 7e8584f9c790ab330d760e0589a8a657
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   596578 8ca91ddc369b7c2ef83d0cd1596cd644
        Size/MD5 checksum:   192394 87211ca1331a30d20a2c899ce647cfc2
        Size/MD5 checksum:    49580 f483e34bfbe4f072ba48fe4467c6d9eb
        Size/MD5 checksum:  2006802 cd1f36cb35b56996ed18ccc2bce77769
        Size/MD5 checksum: 61653704 d6a8402134109d8aa8d086f5a014e180
        Size/MD5 checksum: 11310660 d7775c0b98494daec085df09bdbc87c8
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   197250 556af0df979862515c7a58f9b823cec7
        Size/MD5 checksum:    54332 ef3f1234a167fa3056075501d4ab7ccb
        Size/MD5 checksum:   612090 5b6a56753f5a39caa9336a9dd5e6f67c
        Size/MD5 checksum:  2186154 c106802c2fbf29e99beb440ade898d06
        Size/MD5 checksum: 60408796 7169c59d6b3ea8758e6ca752a44b537d
        Size/MD5 checksum: 12288118 e54834b616bba85af29add06b7c18be7
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   585692 caea96e57a9283b7978ad15fcc6a378c
        Size/MD5 checksum:  1896400 609528b7ee5eb3ca761853daf8a5f619
        Size/MD5 checksum: 10659906 27159c6c7c281cbf50e8b6f8bcb9164a
        Size/MD5 checksum: 58546410 4d394093ea9de39766982f3047fd3f9b
        Size/MD5 checksum:   190044 f0a2981d7f48f1c8e3cec1fb9b9ec6ed
        Size/MD5 checksum:    48396 ad3f586fd1c9f3239fa1a587fcc1603e
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.