Debian: New icedove packages fix several vulnerabilities

    Date13 Jun 2007
    CategoryDebian
    4808
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems. Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1305-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    June 13th, 2007                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : icedove
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-1558 CVE-2007-2867 CVE-2007-2868
    
    Several remote vulnerabilities have been discovered in the Icedove mail client,
    an unbranded version of the Thunderbird client. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2007-1558
    
        Gatan Leurent discovered a cryptographical weakness in APOP
        authentication, which reduces the required efforts for an MITM attack
        to intercept a password. The update enforces stricter validation, which
        prevents this attack.
    
    CVE-2007-2867
     
        Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn
        Wargers and Olli Pettay discovered crashes in the layout engine, which
        might allow the execution of arbitrary code.
    
    CVE-2007-2868
    
        Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant
        discovered crashes in the Javascript engine, which might allow the execution of
        arbitrary code. Generally, enabling Javascript in Icedove is not recommended.
    
    Fixes for the oldstable distribution (sarge) are not available. While there
    will be another round of security updates for Mozilla products, Debian doesn't
    have the ressources to backport further security fixes to the old Mozilla
    products. You're strongly encouraged to upgrade to stable as soon as possible.
    
    For the stable distribution (etch) these problems have been fixed in version
    1.5.0.12.dfsg1-0etch1.
    
    The unstable distribution (sid) will be fixed soon.
    
    We recommend that you upgrade your icedove packages.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.dsc
          Size/MD5 checksum:     1904 782de141f4201acfdb3f64649e8633c1
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.diff.gz
          Size/MD5 checksum:   638452 0b382503b7932c6a125a539ad36a9b56
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1.orig.tar.gz
          Size/MD5 checksum: 33092818 246c0b87e4bd5b5f81df9bc4ad51f918
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28294 f99aeeb33759ba7db937725c1257dc3c
        http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28304 f89eb9a9aaa76fb692f870e4865947ab
        http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28308 0fe7b986606e09ccbc06d35b41c22061
        http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28286 3c896128dee950a2a718d21e0e839e62
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28276 eed67c8b54582ca5bfec91b72c52a232
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28278 1959e478ec9c1a77619b01873ff822f6
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28300 959ee006281d442ce95ef229641ce827
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28290 5ecf563aca0d85c16e197c222100995b
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28306 c4d49ed78de21cb6112f38d189b93bc6
        http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
          Size/MD5 checksum:    28264 f951d0f14dd81bf7684d8129814f1a68
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum: 13441302 9e9c3111c0bae2d3b951d2d5a242a9f4
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum: 52274362 fc61f6dd4176c30e40ce7d1c240b2d04
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum:  3904592 506da6d9493a19303806e4e4599d245e
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum:    51900 718719afe0bc423d1353efa0aaccaf18
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum:   200108 3391daf25055064eb6764c290515a593
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_alpha.deb
          Size/MD5 checksum:    64016 8f71e349f0776572f1b47a0430c293ee
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum: 12139602 c6589e27cfac81ddad462cfcc5dd1a20
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum: 51380120 b958a63e854cca7a442ee0207206bfd3
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum:  3625224 099909dc279e37cbfabba5b165b31f88
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum:    51780 8d98858fe2412be2d3d3b3b2efb20f48
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum:   195302 5dd2cea99bb81707d2fb3eb437b522f7
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_amd64.deb
          Size/MD5 checksum:    60724 24d81815f6ade2ca9e5505bb2be1a1dc
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum: 10829726 11a5ea81b564b5b2a66d666a94448da1
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum: 50725554 f3f0d6ef0eaa89c94998033cd909298f
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum:  3621960 dbef27a6cbcff0fb0a3b1b71ab38b12d
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum:    47306 b66e3e1280ad688ff19c846dba1d3e79
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum:   189468 56ba9915760e9e1d7b3e67ebf8080e9f
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_arm.deb
          Size/MD5 checksum:    58506 6ea7bef2259e0bcd5e5e2e90289bda7e
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum: 13567948 0c42a2559ba36becc3280ed6e4847b39
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum: 52188544 61673b2091252f8941434c39dd533849
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum:  3633974 6dcd7d0f6ebacd6963adca1c8d67f3a3
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum:    53128 3ebf0f6649342d5d0eed34da1b8f8b66
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum:   198222 888abaea2f5d82483409fb0559ab39f8
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_hppa.deb
          Size/MD5 checksum:    64392 889538b4f36141d736e6bd8255335265
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum: 10876072 4798da0589b3eda451189f4ee837daa6
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum: 50636714 7cf5cf91aa41e12962a9b54cfcbc1f95
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum:  3619896 8b82595f5dd7722df603604522e8fe77
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum:    47684 442980b3b4af19981d3cefeab4c7be16
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum:   190362 aeebbabe4cd629c53e0b4457909672c5
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_i386.deb
          Size/MD5 checksum:    57716 8a4994ffe091c7856528272c7819677e
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum: 16500728 09d49b0442fd424b4aed1b19cf03c17f
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum: 51672952 ca7a8a748836b8c7e18f5477fa0ccbd4
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum:  3674838 4c056de3d838a4b6fd798534134fda83
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum:    59168 88f4bd4ab03c5114cf877b20d256b136
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum:   204384 f81bf3f095059110035b527083d21513
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_ia64.deb
          Size/MD5 checksum:    73782 0e0446628f65f1971d610f8ea5eb55a8
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum: 11547504 cb91bfc37e93e7ad7758d8bc88f1ea3b
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum: 53010312 c000535f52bf6cf0882c24ffb1aa8f99
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum:  3629758 404d00290b34e0dccbe535486d15d2ef
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum:    48860 beeb138cb257900367f1a3515663a9bb
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum:   192122 51ba670ff72d85f5d268e76938ef3e1a
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mips.deb
          Size/MD5 checksum:    58236 48a92291ff311b4baaa5127ed05fabd2
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum: 11324984 054ea1a49b85b8ef1c96378a7e374d0d
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum: 51571486 a8f34224277f5c1ae2a0f61b70d02593
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum:  3629510 2e916487ac92b5fcf526448f059ba705
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum:    48698 21fa0e18cf48698b639a42a118f069c4
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum:   191618 0ea2fb530662a75f87c4900eed37e580
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mipsel.deb
          Size/MD5 checksum:    58298 7dbf75a88f7a731046b6e030f39fcb2e
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum: 11771646 28848cf3b4daa66182ea2e6b3cc9f923
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum: 53187512 5c06f5751cf333896cefd8cd716d6ee0
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum:  3625032 e8da32f365cb833338a5f02ef1bd3854
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum:    49320 a51244d6bcad918b35045910efd3ee41
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum:   192360 22505d425d81e8c9cfc080e28385bf17
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_powerpc.deb
          Size/MD5 checksum:    60046 f5537d555c091d6b21ed376cb285d618
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum: 12798692 f6c0fdd711173ad917b5ad6a519c39ef
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum: 52048216 a1b5a704d041b321d381192cc36ec16b
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum:  3628374 004598a21c81cd2d7c246eae41f8083a
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum:    52374 ef69f9ba492cc13cb34e7e5ffba9ffd6
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum:   197070 0910dede4859dc42492de82b278af585
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_s390.deb
          Size/MD5 checksum:    61830 4c3b615eeda0bd9ce6563a9c147047c7
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum: 11083210 15ca31506f5fc73c238fec8c744db051
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum: 50536416 5da4451d0af12a06d57de7910393b93e
        http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum:  3618046 3e22307aa970e88dc69f9e459ee8993e
        http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum:    47856 81b806db6c0fe39763603af6758bc76d
        http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum:   189880 bf1d05dfd15fbb91a5f4aa369f3802f1
        http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_sparc.deb
          Size/MD5 checksum:    57790 cb8c6d9edd31af176b32dfcf5a6a88a5
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.