Linux Security
    Linux Security
    Linux Security

    Debian: icedove fix several vulnerabilities DSA-1574-1

    Date 12 May 2008
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1574-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    May 12, 2008                
    - ------------------------------------------------------------------------
    Package        : icedove
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237
    Several remote vulnerabilities have been discovered in the Icedove mail
    client, an unbranded version of the Thunderbird client. The Common
    Vulnerabilities and Exposures project identifies the following problems:
        "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
        CVE-2007-5338 allow the execution of arbitrary code through
        "moz_bug_r_a4" discovered that insecure handling of event
        handlers could lead to cross-site scripting.
        Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
        that incorrect principal handling can lead to cross-site
        scripting and the execution of arbitrary code.
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
        Palmgren discovered crashes in the layout engine, which might
        allow the execution of arbitrary code.
        "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
        Javascript engine, which might allow the execution of arbitrary
    For the stable distribution (etch), these problems have been fixed in
    We recommend that you upgrade your icedove packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian 4.0 (stable)
    - -------------------
    Stable updates are available for alpha, amd64, arm, hppa, i386, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1982 750841a80bc12a55c8714049c8e2f102
        Size/MD5 checksum: 33904847 5533bdceb008204723782f850283be45
        Size/MD5 checksum:   640408 27408941d140932f9197f0547d7bb31d
    Architecture independent packages:
        Size/MD5 checksum:    29250 21e65cf10c096d64a9d691d6f1e6cfec
        Size/MD5 checksum:    29242 276f8b7ae7bbaa8ec030e642fbb448c9
        Size/MD5 checksum:    29268 b67489e95d0d6b661377c98771a44155
        Size/MD5 checksum:    29276 35896da05ba12ac6acc6b24c6d509fd3
        Size/MD5 checksum:    29260 04188b5c68812ecf191d199a7429b492
        Size/MD5 checksum:    29264 4e27be46c0eab33d785e43dd19f8019c
        Size/MD5 checksum:    29254 15fec611ffe69560ff13f63177b8f257
        Size/MD5 checksum:    29272 b7e77da68082710c4421c0e411a8355f
        Size/MD5 checksum:    29246 63246087e1548ab3328052b93137a193
        Size/MD5 checksum:    29232 806bc19f2cc731028f9d10a614de3451
    alpha architecture (DEC Alpha)
        Size/MD5 checksum: 52441922 19d7a51478aeb2356795355b28fd341e
        Size/MD5 checksum:   199552 bd9c6a981d4743d78498afc0c160b286
        Size/MD5 checksum:  3960108 44b30c24eff6c09076d80bc50bcb7ecb
        Size/MD5 checksum:    53710 35fa9294193939b1cfef617f214ea717
        Size/MD5 checksum: 13475852 797d32eeb2959e5f81537825e6400e25
        Size/MD5 checksum:    64472 7bb0141a1b699dbc26d3f0c43d1cda96
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:  3679760 2be74437d2161071e69adeb9ae7ca909
        Size/MD5 checksum:    61718 d2c224bfe36b28b56999b84eb025b63a
        Size/MD5 checksum:    52682 6b320c569ff44560fa3debca9fc61199
        Size/MD5 checksum:   196280 a1b59bbc12dce9c50800805b1536497a
        Size/MD5 checksum: 51521766 26f926056b590c362c48c45419134e23
        Size/MD5 checksum: 12183028 9687de9ed8b52bc3b2f94c120d27b570
    arm architecture (ARM)
        Size/MD5 checksum:   190322 45e6393607c33f4ecd17ac97ae3a1a71
        Size/MD5 checksum:    59394 01561cf45d17871fc09d1c8b71c278f9
        Size/MD5 checksum:  3923352 8d586d550bb46a0e718594ee40403a0c
        Size/MD5 checksum:    47616 cd497c92f494924ee0864615f909a35a
        Size/MD5 checksum: 10899636 aa73849db3b476f28bc1df10e85197a8
        Size/MD5 checksum: 50884498 77b1e9686fe268e8697305d00a7ddcfd
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   200908 bf43001b7ea36ac2017fed0d5995abb4
        Size/MD5 checksum: 13645256 879dc4dafce6426453ff633ccbbed914
        Size/MD5 checksum:    53970 22c7fb95f0c09664eeebd79c99642fd0
        Size/MD5 checksum:    66264 9ff1df9182a8046ba3eb2a678d5df984
        Size/MD5 checksum: 52342386 c89a7aef07d1394f858f6f86e02267bf
        Size/MD5 checksum:  3958194 55eb990e93fece41ca1ba5008bdefe23
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   191326 044b8b6462f4f97ed794f8bb68c2f978
        Size/MD5 checksum:    58688 454b45fbd716656110858eac1f726ec4
        Size/MD5 checksum: 10915630 259b08e1e1d11463a8ef801b65a38866
        Size/MD5 checksum:    48678 3c9c56c959bfda5fcc8af67218f2d46f
        Size/MD5 checksum:  3676688 d1d32c190cb2ee48750f339e2158924c
        Size/MD5 checksum: 50792070 854983df69868204fda6ff5e2364d605
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:    49632 1a8803705eeabb9cc0271dbc92622d02
        Size/MD5 checksum:  3684240 603373481c8417f2cc1e5c1fefda4dbe
        Size/MD5 checksum: 51720194 3b00fd8f263a42dd063dfd0182628a0c
        Size/MD5 checksum:    59310 21fe1260c554ba22b7287a0097030df6
        Size/MD5 checksum:   192632 a0d990027ce888c6c4551d2e2912017e
        Size/MD5 checksum: 11364440 44c5674b80a8e91cceb80d3609ec9774
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  3679326 931cba187bccd68bbd374f7cfe9849b3
        Size/MD5 checksum: 53339970 d9984f24c76c765a4da7e479effde4f9
        Size/MD5 checksum: 11811386 b3e9e0f72162e51538667a29b7fde72e
        Size/MD5 checksum:    61092 2d7aefceabded3d7377ccd93e9984187
        Size/MD5 checksum:   193330 ee0580a84886eebdb24f4ccf26f5d4bc
        Size/MD5 checksum:    50240 d76bb7b61a861111841b558bd0d62124
    s390 architecture (IBM S/390)
        Size/MD5 checksum: 52198524 1d4e2d10c96095ece6e5ef72e510167a
        Size/MD5 checksum:    53296 dd0b4567cddf2bb2059024a59fac71a2
        Size/MD5 checksum:  3682976 0e8fd8898a51d592259339c4815728f1
        Size/MD5 checksum:    62876 0c621aace4e543c3d563d6c9eda96482
        Size/MD5 checksum: 12844796 eb48aef48c73789e99af63593ab5cc99
        Size/MD5 checksum:   198050 b724ab8ffad1da2516b787bbd08ee5ab
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum: 11122980 b9529ccfbaba2d55842700bcedf3e5a7
        Size/MD5 checksum: 50676676 e003473e7d4b16d51c82ec5a41c6c24a
        Size/MD5 checksum:    58758 32fd31881fc16d9b63fedfd67d181877
        Size/MD5 checksum:  3673632 a010187bf5fcb8915270f01e2625c444
        Size/MD5 checksum:   190856 964eefa305fbed0c638d338cd61efbd3
        Size/MD5 checksum:    48764 26d5a91f26d267f69e7fd3aa1cf1ffc9
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.