Debian: iceweasel fix several vulnerabilities DSA-1489-1
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1489-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown", Philip Taylor and "tgirmann" discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-0414 "hong" and Gregory Fleisher discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files. CVE-2008-0415 "moz_bug_r_a4" and Boris Zbarsky discovered discovered several vulnerabilities in Javascript handling, which could allow privilege escalation. CVE-2008-0417 Justin Dolske discovered that the password storage machanism could be abused by malicious web sites to corrupt existing saved passwords. CVE-2008-0418 Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure or potentially the execution of arbitrary code. CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through Javascript. CVE-2008-0592 It was discovered that malformed content declarations of saved attachments could prevent a user in the opening local files with a ".txt" file name, resulting in minor denial of service. CVE-2008-0593 Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure. CVE-2008-0594 Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed withelements. For the stable distribution (etch), these problems have been fixed in version 2.0.0.12-0etch1. The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates. We recommend that you upgrade your iceweasel packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8 Size/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9 Size/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4 Architecture independent packages: Size/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18 Size/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23 Size/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c Size/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0 Size/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378 Size/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485 Size/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80 alpha architecture (DEC Alpha) Size/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd Size/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122 Size/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb Size/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82 Size/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691 hppa architecture (HP PA RISC) Size/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29 Size/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac Size/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d i386 architecture (Intel ia32) Size/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8 Size/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f Size/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f ia64 architecture (Intel ia64) Size/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1 Size/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa Size/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694 Size/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b Size/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0 Size/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db Size/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18 powerpc architecture (PowerPC) Size/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb Size/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05 Size/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e s390 architecture (IBM S/390) Size/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4 Size/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7 Size/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986 Size/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9 Size/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.