Linux Security
Linux Security
Linux Security

Debian: iceape fix several vulnerabilities DSA-1534-1

Date 28 Mar 2008
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1534-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
March 28, 2008              
- ------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
                 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:


    Peter Brodersen and Alexander Klink discovered that the
    autoselection of SSL client certificates could lead to users
    being tracked, resulting in a loss of privacy.


    "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
    CVE-2007-5338 allow the execution of arbitrary code through


    "moz_bug_r_a4" discovered that insecure handling of event
    handlers could lead to cross-site scripting.

    Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
    that incorrect principal handling can lead to cross-site
    scripting and the execution of arbitrary code.


    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
    Palmgren discovered crashes in the layout engine, which might
    allow the execution of arbitrary code.


    "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
    Javascript engine, which might allow the execution of arbitrary


    Gregory Fleischer discovered that HTTP Referrer headers were
    handled incorrectly in combination with URLs containing Basic
    Authentication credentials with empty usernames, resulting
    in potential Cross-Site Request Forgery attacks.


    Gregory Fleischer discovered that web content fetched through
    the jar: protocol can use Java to connect to arbitrary ports.
    This is only an issue in combination with the non-free Java


    Chris Thomas discovered that background tabs could generate
    XUL popups overlaying the current tab, resulting in potential
    spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.0.13~pre080323b-0etch1.

The Mozilla products of the old stable distribution (sarge) are no
longer supported.

We recommend that you upgrade your iceape packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     1439 bbddb3a4298f074ef44d28726cb899a7
    Size/MD5 checksum:   270153 f1f5729e8f0ae75037263ce466411f93
    Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8

Architecture independent packages:
    Size/MD5 checksum:    27452 67eb8b78d13a177e8060ba1010f3aba5
    Size/MD5 checksum:    28426 1cfeb741553c331bf3a05d3d615ed45e
    Size/MD5 checksum:    27584 fbc1fd43eda2b6a1e013d6500f2a4251
    Size/MD5 checksum:    27472 07d0092d76d3b0e20b4abdb7bfda5cb9
    Size/MD5 checksum:    28852 bfae5642743dbbec8d2ff16aa33210a2
    Size/MD5 checksum:    27466 593903e4433b310299117247b834b7b6
    Size/MD5 checksum:  3928454 ee73849da0e9a4399c5a3e4050a84c6d
    Size/MD5 checksum:    27440 fb68ab7bd171309832a5cea94634709d
    Size/MD5 checksum:    27488 281d7a31a496908717da53d533cc92c8
    Size/MD5 checksum:    27488 fab5cb4acfcd6eb254f2d75c260b7f19
    Size/MD5 checksum:   282162 2801947ecfc25f4e5f442a04f84f748e
    Size/MD5 checksum:    27456 11a309344c4747e73c22c241437cbaa5

alpha architecture (DEC Alpha)
    Size/MD5 checksum: 12888480 7921f3f3e15968908ed4e5fbd56aab8d
    Size/MD5 checksum:   626308 0053fb055c3ee9d03245374ebd4f0f8e
    Size/MD5 checksum:   198042 22c7d5ffd0b357f79f751a4bd037ff90
    Size/MD5 checksum: 60661454 be0eafd95ec914846264becfce3352f1
    Size/MD5 checksum:    54236 06a465db7cfcd7b822d0fbc3eeb9dbe8
    Size/MD5 checksum:  2283086 90f46111bb978c369b686cf8ac6b7601

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  2099810 07b28b205c7eefc3a3877ea97b196e2f
    Size/MD5 checksum: 11691952 177221b9335ee60a5714358026c42415
    Size/MD5 checksum:    53616 77e7d16213280b74557a8e6b382b9a2e
    Size/MD5 checksum:   614092 f2cbc1715ac37d18f88bc4f55f6aaec1
    Size/MD5 checksum:   195316 63ab323bcf8f343375e15e771e81ab0a
    Size/MD5 checksum: 59662720 f39cbc78e542cb0b1cbee1c41bd270a2

i386 architecture (Intel ia32)
    Size/MD5 checksum:    48682 3f6be3fa9e4faf9b33ace249b3cae873
    Size/MD5 checksum:  1891680 7d060689b282d8338075d41e1b74edfa
    Size/MD5 checksum: 10480134 a454aa4169bdc8c33055acc1d1c84e31
    Size/MD5 checksum:   589222 21928b5b2d70379970a3fac0dc6a06e4
    Size/MD5 checksum:   190034 a955b664d5c5a04831bbd0504ce0f661
    Size/MD5 checksum: 58740636 520dac74cff1a3ca6f9bfa4dfe20a9a2

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  2817286 5e9c004f5c549d7f9d97f973d64a1ea0
    Size/MD5 checksum: 59919906 79ff779faed87a05338b396966a9dc4e
    Size/MD5 checksum:    62136 e48897dfff4fb298733ff2a95e1a1087
    Size/MD5 checksum:   662110 f2e7e73357eb4b997aecef7055c3f33f
    Size/MD5 checksum: 15794020 7f278b9e166a936a7910bf3756b14a74
    Size/MD5 checksum:   204956 9995011c479f89d6bc30340f9c12cefa

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   599712 25733a7076ffa75701fc5b602ac18109
    Size/MD5 checksum:    50154 509c15bc0ec88ee22fdd6f808a7a28cc
    Size/MD5 checksum:  1959486 7c51ab276c725e6973fc7184c99384b2
    Size/MD5 checksum: 11157502 d6a4e81674b7a779d55beda2eadec238
    Size/MD5 checksum: 61513330 70f6d19279890154f0fce90f55ba205f
    Size/MD5 checksum:   191252 86cbc31711645f2fc0c8c9dbebcb750f

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   191486 4c713676077a8ed9757d4ba26ec6dda0
    Size/MD5 checksum: 10910618 39f5b0ba8e2820b9d4e04423c39afe23
    Size/MD5 checksum:   596164 cf1651c09d984cf9748eed698d28f4d1
    Size/MD5 checksum:    49998 6859bf75d6d84d40f52fab864dfc0c86
    Size/MD5 checksum: 59864430 875cb3f035a468c7a798baeb43aeae56
    Size/MD5 checksum:  1942462 d8b585c728d1c3c79794340ab36f149d

powerpc architecture (PowerPC)
    Size/MD5 checksum:  2006632 cb5d4644f988da299d5d2981d65624e3
    Size/MD5 checksum:   596412 20b7d022fc264028ff3bd98f0880c0a8
    Size/MD5 checksum:   192266 ccc58d21f227b6f76418a02dae9ee465
    Size/MD5 checksum: 61653568 4573fd2de80ddb97b43e59b43c03c21b
    Size/MD5 checksum:    49458 6ab4067f7480066a0ba9dafb50c10634
    Size/MD5 checksum: 11310320 2583312ad8822789d7e1331168ba85be

s390 architecture (IBM S/390)
    Size/MD5 checksum: 60408236 61255bd3e79604b8a7e969001328f838
    Size/MD5 checksum: 12287744 9d77ab82ad6113e433f7326ad356780f
    Size/MD5 checksum:   197132 f93d1c741a8a63303fc89ae76aeaa869
    Size/MD5 checksum:   611904 6a7bdbee38806943338ad71a5eb4bdc0
    Size/MD5 checksum:    54206 0a4ed8eb13c620548650bd3cd92f1637
    Size/MD5 checksum:  2186016 fcfd0fd599884e1415f03ddbc29bb3ae

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   189920 534d2f5cc56549b87576e038114466c4
    Size/MD5 checksum:    48260 c9be9a7854ea7876c89048f0cc0b0a00
    Size/MD5 checksum: 58546302 19a562c621f0347ec994a95e51244014
    Size/MD5 checksum:   585528 78f5742b546957c8e2b405186cb6e202
    Size/MD5 checksum:  1896246 b21c759518c193e4bc8956d96fa5e9af
    Size/MD5 checksum: 10659660 d2c72f953bcdd7a11f62a0adaa91246e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":80,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"8","type":"x","order":"2","pct":12.31,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":7.69,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.