Debian: New iceape packages fix several vulnerabilities

    Date28 Mar 2008
    CategoryDebian
    2836
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1534-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    March 28, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : iceape
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
                     CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
                     CVE-2008-1241
    
    Several remote vulnerabilities have been discovered in the Iceape internet
    suite, an unbranded version of the Seamonkey Internet Suite. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-4879
    
        Peter Brodersen and Alexander Klink discovered that the
        autoselection of SSL client certificates could lead to users
        being tracked, resulting in a loss of privacy.
    
    CVE-2008-1233
    
        "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
        CVE-2007-5338 allow the execution of arbitrary code through
        XPCNativeWrapper.
    
    CVE-2008-1234
    
        "moz_bug_r_a4" discovered that insecure handling of event
        handlers could lead to cross-site scripting.
    
    CVE-2008-1235
      
        Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
        that incorrect principal handling can lead to cross-site
        scripting and the execution of arbitrary code.
    
    CVE-2008-1236
    
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
        Palmgren discovered crashes in the layout engine, which might
        allow the execution of arbitrary code.
    
    CVE-2008-1237
    
        "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
        Javascript engine, which might allow the execution of arbitrary
        code.
    
    CVE-2008-1238
    
        Gregory Fleischer discovered that HTTP Referrer headers were
        handled incorrectly in combination with URLs containing Basic
        Authentication credentials with empty usernames, resulting
        in potential Cross-Site Request Forgery attacks.
    
    CVE-2008-1240
    
        Gregory Fleischer discovered that web content fetched through
        the jar: protocol can use Java to connect to arbitrary ports.
        This is only an issue in combination with the non-free Java
        plugin.
    
    CVE-2008-1241
    
        Chris Thomas discovered that background tabs could generate
        XUL popups overlaying the current tab, resulting in potential
        spoofing attacks.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.0.13~pre080323b-0etch1.
    
    The Mozilla products of the old stable distribution (sarge) are no
    longer supported.
    
    We recommend that you upgrade your iceape packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.dsc
        Size/MD5 checksum:     1439 bbddb3a4298f074ef44d28726cb899a7
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.diff.gz
        Size/MD5 checksum:   270153 f1f5729e8f0ae75037263ce466411f93
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz
        Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27452 67eb8b78d13a177e8060ba1010f3aba5
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    28426 1cfeb741553c331bf3a05d3d615ed45e
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27584 fbc1fd43eda2b6a1e013d6500f2a4251
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27472 07d0092d76d3b0e20b4abdb7bfda5cb9
      http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    28852 bfae5642743dbbec8d2ff16aa33210a2
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27466 593903e4433b310299117247b834b7b6
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:  3928454 ee73849da0e9a4399c5a3e4050a84c6d
      http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27440 fb68ab7bd171309832a5cea94634709d
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27488 281d7a31a496908717da53d533cc92c8
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27488 fab5cb4acfcd6eb254f2d75c260b7f19
      http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:   282162 2801947ecfc25f4e5f442a04f84f748e
      http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch1_all.deb
        Size/MD5 checksum:    27456 11a309344c4747e73c22c241437cbaa5
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum: 12888480 7921f3f3e15968908ed4e5fbd56aab8d
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum:   626308 0053fb055c3ee9d03245374ebd4f0f8e
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum:   198042 22c7d5ffd0b357f79f751a4bd037ff90
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum: 60661454 be0eafd95ec914846264becfce3352f1
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum:    54236 06a465db7cfcd7b822d0fbc3eeb9dbe8
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_alpha.deb
        Size/MD5 checksum:  2283086 90f46111bb978c369b686cf8ac6b7601
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum:  2099810 07b28b205c7eefc3a3877ea97b196e2f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum: 11691952 177221b9335ee60a5714358026c42415
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum:    53616 77e7d16213280b74557a8e6b382b9a2e
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum:   614092 f2cbc1715ac37d18f88bc4f55f6aaec1
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum:   195316 63ab323bcf8f343375e15e771e81ab0a
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_amd64.deb
        Size/MD5 checksum: 59662720 f39cbc78e542cb0b1cbee1c41bd270a2
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum:    48682 3f6be3fa9e4faf9b33ace249b3cae873
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum:  1891680 7d060689b282d8338075d41e1b74edfa
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum: 10480134 a454aa4169bdc8c33055acc1d1c84e31
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum:   589222 21928b5b2d70379970a3fac0dc6a06e4
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum:   190034 a955b664d5c5a04831bbd0504ce0f661
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_i386.deb
        Size/MD5 checksum: 58740636 520dac74cff1a3ca6f9bfa4dfe20a9a2
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum:  2817286 5e9c004f5c549d7f9d97f973d64a1ea0
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum: 59919906 79ff779faed87a05338b396966a9dc4e
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum:    62136 e48897dfff4fb298733ff2a95e1a1087
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum:   662110 f2e7e73357eb4b997aecef7055c3f33f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum: 15794020 7f278b9e166a936a7910bf3756b14a74
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_ia64.deb
        Size/MD5 checksum:   204956 9995011c479f89d6bc30340f9c12cefa
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum:   599712 25733a7076ffa75701fc5b602ac18109
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum:    50154 509c15bc0ec88ee22fdd6f808a7a28cc
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum:  1959486 7c51ab276c725e6973fc7184c99384b2
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum: 11157502 d6a4e81674b7a779d55beda2eadec238
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum: 61513330 70f6d19279890154f0fce90f55ba205f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mips.deb
        Size/MD5 checksum:   191252 86cbc31711645f2fc0c8c9dbebcb750f
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum:   191486 4c713676077a8ed9757d4ba26ec6dda0
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum: 10910618 39f5b0ba8e2820b9d4e04423c39afe23
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum:   596164 cf1651c09d984cf9748eed698d28f4d1
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum:    49998 6859bf75d6d84d40f52fab864dfc0c86
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum: 59864430 875cb3f035a468c7a798baeb43aeae56
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mipsel.deb
        Size/MD5 checksum:  1942462 d8b585c728d1c3c79794340ab36f149d
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum:  2006632 cb5d4644f988da299d5d2981d65624e3
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum:   596412 20b7d022fc264028ff3bd98f0880c0a8
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum:   192266 ccc58d21f227b6f76418a02dae9ee465
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum: 61653568 4573fd2de80ddb97b43e59b43c03c21b
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum:    49458 6ab4067f7480066a0ba9dafb50c10634
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_powerpc.deb
        Size/MD5 checksum: 11310320 2583312ad8822789d7e1331168ba85be
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum: 60408236 61255bd3e79604b8a7e969001328f838
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum: 12287744 9d77ab82ad6113e433f7326ad356780f
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum:   197132 f93d1c741a8a63303fc89ae76aeaa869
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum:   611904 6a7bdbee38806943338ad71a5eb4bdc0
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum:    54206 0a4ed8eb13c620548650bd3cd92f1637
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_s390.deb
        Size/MD5 checksum:  2186016 fcfd0fd599884e1415f03ddbc29bb3ae
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum:   189920 534d2f5cc56549b87576e038114466c4
      http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum:    48260 c9be9a7854ea7876c89048f0cc0b0a00
      http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum: 58546302 19a562c621f0347ec994a95e51244014
      http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum:   585528 78f5742b546957c8e2b405186cb6e202
      http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum:  1896246 b21c759518c193e4bc8956d96fa5e9af
      http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_sparc.deb
        Size/MD5 checksum: 10659660 d2c72f953bcdd7a11f62a0adaa91246e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.