Linux Security
Linux Security
Linux Security

Debian: icedove fix several vulnerabilities DSA-1485-1

Date 10 Feb 2008
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1485-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
February 10, 2008           
- ------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594

Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following problems:


    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
    Nickerson discovered crashes in the layout engine, which might allow
    the execution of arbitrary code.


    Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
    Philip Taylor and "tgirmann" discovered crashes in the Javascript
    engine, which might allow the execution of arbitrary code.


    "moz_bug_r_a4" and Boris Zbarsky discovered discovered several
    vulnerabilities in Javascript handling, which could allow
    privilege escalation.


    Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory
    traversal vulnerability in chrome: URI handling could lead to
    information disclosure.


    David Bloom discovered a race condition in the image handling of
    designMode elements, which can lead to information disclosure or
    potentially the execution of arbitrary code.


    Michal Zalewski discovered that timers protecting security-sensitive
    dialogs (which disable dialog elements until a timeout is reached)
    could be bypassed by window focus changes through Javascript.

For the stable distribution (etch), these problems have been fixed in

The Mozilla products in the old stable distribution (sarge) are no
longer supported with security updates.

We recommend that you upgrade your icedove packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     1934 47d17cda0ae1ec315855f996e37a0ee2
    Size/MD5 checksum: 35174191 b1a02873d5e320b1a208dbffc256baee
    Size/MD5 checksum:   639864 5019118913d1598ea534ff58814a8fad
    Size/MD5 checksum:   640166 c8a2dd2880fd468314e00a3dcdc9713a
    Size/MD5 checksum:     1934 0277c98ec500cb111c9037b4acd46f37
    Size/MD5 checksum: 35154860 50acd2143692a17a3726020c79efd792

Architecture independent packages:
    Size/MD5 checksum:    29070 3d934b7f3583e3a04a0bd193e45a3fa6
    Size/MD5 checksum:    29054 75b83c322479e095016108453ff7e862
    Size/MD5 checksum:    28752 207210cf6c217aedb2f0f08a087a4038
    Size/MD5 checksum:    29060 156f796fe78bbebda0b7e25fcf5dbe54
    Size/MD5 checksum:    28750 6082bb3816ce8c712db07c261b663d9b
    Size/MD5 checksum:    29074 b98a074d7074c155a6ba1df263419376
    Size/MD5 checksum:    28710 5262c9e6077043df59f04ac2c9cf76bd
    Size/MD5 checksum:    29042 620536610d06e9062eb8760cde3d990c
    Size/MD5 checksum:    29050 ce479eb792bfef00ae3161fd0d157a61
    Size/MD5 checksum:    28742 bdfa53f9153d29f2c09fc92992768505
    Size/MD5 checksum:    29072 cbae212a095f4aac3b30443328b5ad85
    Size/MD5 checksum:    29066 70d41408a7964be8d214b83c52f873d8
    Size/MD5 checksum:    29048 6665f3ce45a1c320dd55891bceb16f14
    Size/MD5 checksum:    28720 0652a52573e32d8643c8fe56d6d4422c
    Size/MD5 checksum:    29032 32015cf440db3318d6459f6c60a17792
    Size/MD5 checksum:    28738 f5e76fde9c0fa999976c25de142e2933
    Size/MD5 checksum:    28752 80f05dce795e06a217831b3b49a98ea5
    Size/MD5 checksum:    28726 78fa3b134bcc31bfe0d76f2c2822b9a7
    Size/MD5 checksum:    28740 ab949d37a07944176d49a17bd6452915
    Size/MD5 checksum:    28728 2005767e5f5393b4d0cbebf5ba65858d

alpha architecture (DEC Alpha)
    Size/MD5 checksum: 13477574 3586070804bea29285203c0d710a918f
    Size/MD5 checksum:   201020 a3860a5f8ea5df9b1550f1b91a489282
    Size/MD5 checksum:    52680 1845988f3eefd9eb4a4f1ff0ae579442
    Size/MD5 checksum:    64830 1927b164d0d1de06860412201c70cbad
    Size/MD5 checksum:  3959656 dfc28dccc2e40374cfad1ef967dba6af
    Size/MD5 checksum: 52398982 dbfb06787432361c6c6b29db01797658

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    61508 7a29b7ebb0148d1dc10cf3184791de68
    Size/MD5 checksum: 51479238 7546f24646bab864f479ea32fac82a5c
    Size/MD5 checksum:  3678346 7f2501ff09f24d2a4fa384d531969897
    Size/MD5 checksum: 51479136 f56252c61054eae347480d45fb3e845f
    Size/MD5 checksum:   196082 ff2443c7df9dff331f9f54050c191a88
    Size/MD5 checksum:    52482 63a6d9b1e0d24dd0c19ba12472a353df
    Size/MD5 checksum:    52126 18ad28ac6de6ec10a0b1c7f0d4c12400
    Size/MD5 checksum:  3678234 4b53c36eadec973ac33961e5742b66bb
    Size/MD5 checksum: 12175876 ef4f2cb4f8c6fea463fd1afd312a81bc
    Size/MD5 checksum: 12176086 2ccb02753ddc07f672554b7cb0fcfc86
    Size/MD5 checksum:   195766 cb0743a07f4c39a03e373a01006d035d
    Size/MD5 checksum:    61202 07ee675ef4abe42c7a815328838117bd

arm architecture (ARM)
    Size/MD5 checksum:   190188 d49cdf38bf863bb4474eb59012fcb93f
    Size/MD5 checksum:    59164 ca8d2f5c2675ecff0d0523020c186beb
    Size/MD5 checksum:  3921168 aff4bbe777f2d3218884bf11ca7d903f
    Size/MD5 checksum: 50840516 be399e7f6a6c757dbc19f6fc940c2bab
    Size/MD5 checksum:    47460 ef2213d60c4639700568a4e46cd69823
    Size/MD5 checksum: 10890196 3470ed870a82c96f0723fb1bd2f4be82

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   198992 e81f2d89f597b911fe0039f376cb6071
    Size/MD5 checksum:    65160 8aaeb868e5deba710ebcef667d6bc0d2
    Size/MD5 checksum: 13608366 e4467458a79b80c599043a5031399129
    Size/MD5 checksum:  3687204 32e6df9922d3c3e9e3c30c59cd0d89d8
    Size/MD5 checksum:    53822 227f6e6ed89384579939a71b513c654c
    Size/MD5 checksum: 52304678 22339033b10f9f7cc264f1d1b6f49a39

i386 architecture (Intel ia32)
    Size/MD5 checksum: 50739726 8d281ab2f28aa46d2f45cabf38bbf5b6
    Size/MD5 checksum:    58468 94da561a6c16dd61b4d67c5454bde263
    Size/MD5 checksum: 10908248 b074acc60f11fe65f51123835aaf6563
    Size/MD5 checksum:    48492 75b5a0dd4fb0eb5356447aadf473dd88
    Size/MD5 checksum:  3674908 3f714044ed45a0865cae0ee8a3afbbfe
    Size/MD5 checksum:   191110 4bc9512a954cd2a1959f222e58410f13

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    74540 b94103c0acece46ae23b9a4184559ba0
    Size/MD5 checksum:   205164 4e4cc75611d4c426bf3853f5b5fc913f
    Size/MD5 checksum: 16555710 a753acd40202db1505db475a2b07f864
    Size/MD5 checksum: 51782076 90f6f1d609fc6bb1da002042c4176144
    Size/MD5 checksum:    59892 114f7dab7046fd2b829ee73c11673ffd
    Size/MD5 checksum:  3727334 ac550246f7050e9e990cab2b41e8e307

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    58660 37b7e382b913d32fd45b56a900144fa9
    Size/MD5 checksum:    48156 0506a2b5cf3217a0166604642cb3fc0e
    Size/MD5 checksum: 11605890 bc3cbfe3c00029a23b8c534eb095293e
    Size/MD5 checksum:  3947208 37c2f220a567efc7bf857ff663a14eaa
    Size/MD5 checksum: 53115496 16d60f83edc41d2013b2b2e4c7688dce
    Size/MD5 checksum:   192834 fba067d4a1f28460717326ab9ae587a4

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  3682680 b15523a9b11e167180ce538c22dc7e8e
    Size/MD5 checksum:    59106 9251493e24dd6caf9492a190e1369273
    Size/MD5 checksum: 11359948 600b1ca471f3a5a2daac335e6ed65107
    Size/MD5 checksum:    49440 ab77a977ef3502f4757a2323659cded3
    Size/MD5 checksum: 51683256 51f5272cb9f400636744ab6ff2c8ce12
    Size/MD5 checksum:   192436 86101919ad16ae491d06c0f83060f0d1

powerpc architecture (PowerPC)
    Size/MD5 checksum:    60886 a9424e09ad82b64db9d1d65bbd7556d5
    Size/MD5 checksum:    50054 52f349cfd8a85b106c706327762b81a8
    Size/MD5 checksum:   193124 b58c8e8eb9b6d1b2be4f8aa0fd779914
    Size/MD5 checksum: 53293062 910fdc0bcc50371aa0e2838a0a89916d
    Size/MD5 checksum: 11805588 abc0b4e82912b742c5119e9edc4e7489
    Size/MD5 checksum:  3677676 311d4ff42e46e793e90ddfe6911d194f

s390 architecture (IBM S/390)
    Size/MD5 checksum:   197844 b4385940911f567c17ac3cc3ac9fc104
    Size/MD5 checksum: 12835874 02f93e3ecb6316b3d3babf2ad9deaddb
    Size/MD5 checksum:    53086 bc9e0b2d5c06d15f5cb4e88ec212f40a
    Size/MD5 checksum:    62660 b2bf4a97ea54e1a763ccbf6aef9d6c88
    Size/MD5 checksum:  3681442 b9a4130ab7d39167b5c4ed88120960e4
    Size/MD5 checksum: 52154828 7b31678e0368e0d4f5f7161a5c97a4a4

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  3671540 1b82017a4f3a5865aedf3c29606c4cae
    Size/MD5 checksum:    48550 95504b7be39d3be94d5700c93d6cd508
    Size/MD5 checksum:    58548 47ad983571038b9cdf942209ad9e5015
    Size/MD5 checksum:   190634 475b3ce08529ed49e51d429a07d1b31f
    Size/MD5 checksum: 50636272 fe393a565f673bf90d0ac4a0cfdcd19b
    Size/MD5 checksum: 11116646 e52cdfe384360f7055c7b45ad53b7a6b

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":81.13,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.43,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.