Debian: New iceape packages fix several vulnerabilities

    Date05 Nov 2007
    CategoryDebian
    2955
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1401-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    November 5th, 2007                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : iceape
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
    
    Several remote vulnerabilities have been discovered in the Iceape internet
    suite, an unbranded version of the Seamonkey Internet Suite. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-1095
    
        Michal Zalewski discovered that the unload event handler had access to
        the address of the next page to be loaded, which could allow information
        disclosure or spoofing.
    
    CVE-2007-2292
    
        Stefano Di Paola discovered that insufficient validation of user names
        used in Digest authentication on a web site allows HTTP response splitting
        attacks.
    
    CVE-2007-3511
    
        It was discovered that insecure focus handling of the file upload
        control can lead to information disclosure. This is a variant of
        CVE-2006-2894.
    
    CVE-2007-5334
    
        Eli Friedman discovered that web pages written in Xul markup can hide the
        titlebar of windows, which can lead to spoofing attacks.
    
    CVE-2007-5337
    
        Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
        schemes may lead to information disclosure. This vulnerability is only
        exploitable if Gnome-VFS support is present on the system.
    
    CVE-2007-5338
    
        "moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
        could be bypassed, which might allow privilege escalation.
    
    CVE-2007-5339
     
        L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
        Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
        crashes in the layout engine, which might allow the execution of arbitrary code.
    
    CVE-2007-5340
    
        Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
        Javascript engine, which might allow the execution of arbitrary code.
    
    
    The Mozilla products in the oldstable distribution (sarge) are no longer
    supported with with security updates.
    
    For the stable distribution (etch) these problems have been fixed in version
    1.0.11~pre071022-0etch1.
    
    For the unstable distribution (sid) these problems have been fixed in version
    1.1.5-1.
    
    We recommend that you upgrade your iceape packages.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1.dsc
          Size/MD5 checksum:     2074 e6a4f880b795639b974fcb82928e9812
        http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1.diff.gz
          Size/MD5 checksum:   270411 ee0de630c39ce41571376686c5d2c294
        http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022.orig.tar.gz
          Size/MD5 checksum: 43514948 0b1ae7b3fb5abc0d0a4739465ba72509
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:   279030 30ff0f4775351d46232e864140c6ceba
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:  3660616 16e305a8147c5a9f21c3967267b4f4d4
        http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    28154 99196ea2f930ae2766159a3046631baf
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    27678 e726208989842a77320ca0f8c349e52e
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26756 1cd699df4b5cbd0c480e507e1fbe94b5
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26768 c21d02928bc804167301619e1219dde7
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26886 92142fa6d3fba92f7f6964700c1ce68b
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26794 b07d8bb640f6dc6972b974b63f818c84
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26790 2b11a3e11a51afc7345cb64673782a0b
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26772 7695a0af3e96129a80658fb2118e9c12
        http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26758 4732b5254e491ab5f8f13a100bff4a56
        http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.11~pre071022-0etch1_all.deb
          Size/MD5 checksum:    26746 eefe5f45b298c8498fc41d8e3d3e9e7e
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum: 12880070 a4ee8782f56ad529d0f73248be95354a
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum:   625780 6ef1ea9e22ad574e6782f1e0f076e4f4
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum: 60608024 70c4f54996d8ca42bba853711889d430
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum:   197338 927d525eb6b4828d84dc8f62bc750fe6
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum:    53402 a8b7dc4beb3dbfb85b1381177e29754d
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_alpha.deb
          Size/MD5 checksum:  2282320 3e4690fc951ff87854d1d40ebab6bbec
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum: 11657856 af16e0a6ddf4de0e08d2c719bec00107
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum:   609006 09cd5e0ca5c411e2305c79f84d55b5e2
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum: 59599422 f133a16a066a462be37538fd758ab63b
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum:   194436 55725303a248ce9070fc602c68adc7dd
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum:    52842 e506718ca8cf8c8cfdee6815381c26d0
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_amd64.deb
          Size/MD5 checksum:  2091278 b53a14458295ce9403e374a3c0e58031
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum: 10415828 39a6f5fd878607e9ff756d58323fe5a0
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum:   585422 8b081bedd7dd848d69e5a6f1429162e7
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum: 58748656 5ac2e4ed57cb9726aeb690b8a5da79ab
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum:   186728 41a4be6ac4077ce59625895b927dd61d
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum:    47152 c9cdcac1322d6d75f713cff1836f09e5
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_arm.deb
          Size/MD5 checksum:  1916306 8c451e15edc8ecc78df05295913239e7
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum: 12978232 8724608f0a25cd979e8e5ddcbb342f63
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum:   617042 4a81a282c5f5f8ebd50cde68528bc0e2
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum: 60470574 3968d8b01502a87945356cf9b1be73f0
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum:   196970 6aabd1ffaad42a0ca6d6cf7fe2a3053f
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum:    53968 0b08768f9418524ea14e8e9ff59c35ba
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_hppa.deb
          Size/MD5 checksum:  2350820 b79140c4b94b67721f1aee7153a8c310
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum: 10463942 15cb74087670d2fa85f9af9826df2e32
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum:   588272 da0551c144ef1ce314a613304ce32029
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum: 58675056 ee77923b2c035ba2d3f016e20d83d5a4
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum:   189152 27c78e3404c42c973b5f9fd6ffaea8b9
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum:    47944 70edee553926a9ca2e62ce6762e6a1bf
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_i386.deb
          Size/MD5 checksum:  1890268 69075490c69342483549d311ef85fbba
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum: 15775558 92fd162ca0556872b66ef904a8f448ba
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum:   661296 b0eeec87a5d92be85dbe8cd893235d25
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum: 59872136 8b3cbf0d2498944ba7bfa2693fc06645
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum:   204094 6b45bd689e8460305f9192ad8e3d6a0d
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum:    61408 41f6472dad2be56ecc62dfa606a99112
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_ia64.deb
          Size/MD5 checksum:  2816232 608d16fb3f4f309cfef7c6c6e916859d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum: 11115636 9dbc41ef14c5c2c89e35ac80140dd1ac
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum:   598794 1436f1dc04bdf0fb1490c8c73f060fef
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum: 61466500 a7704a47a6d78bb280c3c9d7716a7576
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum:   191078 8202fb8d2a3ebad569626e0f0f799bdb
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum:    49500 20a46a946797ec4e75981841dec335b3
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_mips.deb
          Size/MD5 checksum:  1955834 cf2911e486f3f55f4a2b77b41156f3f5
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum: 10901514 cb2ba945746d58fcaa763963fbc2ee74
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum:   595310 4e6e53caa1017de6f91346e40f5f849b
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum: 59813988 8f56cc3bc3664b2384d49dedf8380c05
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum:   190604 8dc63c4d651e8964169459c1f3850b14
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum:    49300 0728ef1e54c94009570504e91e0b7eaf
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_mipsel.deb
          Size/MD5 checksum:  1940974 a609f7a8aeb0cbc4739e4f3a27ee996f
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum: 11301178 0cf3c14c28a176581ccc440f2247f58c
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum:   595702 4421dd6ec5fdd8fbd6d9d075ea35f7f2
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum: 61595190 e9b651186d1e3b12bc95b69958c23e11
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum:   191474 d6dd4dec104923ad44788781a722c9f5
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum:    48756 6706bb53b4e8ce2d9d2f6cf872dbd8a3
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_powerpc.deb
          Size/MD5 checksum:  2005776 91b8f679f552cce7dcfbe2be46c8ba79
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum: 12276824 28105e1a9216105e460faa75f26bfce8
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum:   611172 4a0a29b87ad2f5df647d9362d5251e21
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum: 60346724 3fa1d8409f1facc440ad77f66e5740bd
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum:   196284 b760f467619ccc7a53e1b6817d4f1364
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum:    53462 3ceeda923071bfec956bf37d1540c61d
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_s390.deb
          Size/MD5 checksum:  2185182 d3858fd63f9b99ed871a5e806d6ff61d
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum: 10649450 4f80c3812535c5b4e713f1630ebab266
        http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum:   584784 a3774a21ef386c08191655b0d3386890
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum: 58494668 3002fd355671533198ef214ab7a94799
        http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum:   189092 316b44709d66fba17200611dd80f0709
        http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum:    47570 de701461a423b0d88a4038e24cbb430f
        http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_sparc.deb
          Size/MD5 checksum:  1895182 28565a8d31972c0883ebc19fb3091d1d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.