lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080512160937.GA3776@galadriel.inutil.org>
Date: Mon, 12 May 2008 18:09:37 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1574-1] New icedove packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1574-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
May 12, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237

Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-1233

    "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
    CVE-2007-5338 allow the execution of arbitrary code through
    XPCNativeWrapper.

CVE-2008-1234

    "moz_bug_r_a4" discovered that insecure handling of event
    handlers could lead to cross-site scripting.

CVE-2008-1235
  
    Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
    that incorrect principal handling can lead to cross-site
    scripting and the execution of arbitrary code.

CVE-2008-1236

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
    Palmgren discovered crashes in the layout engine, which might
    allow the execution of arbitrary code.

CVE-2008-1237

    "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
    Javascript engine, which might allow the execution of arbitrary
    code.

For the stable distribution (etch), these problems have been fixed in
version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.

We recommend that you upgrade your icedove packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.dsc
    Size/MD5 checksum:     1982 750841a80bc12a55c8714049c8e2f102
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a.orig.tar.gz
    Size/MD5 checksum: 33904847 5533bdceb008204723782f850283be45
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.diff.gz
    Size/MD5 checksum:   640408 27408941d140932f9197f0547d7bb31d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29250 21e65cf10c096d64a9d691d6f1e6cfec
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29242 276f8b7ae7bbaa8ec030e642fbb448c9
  http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29268 b67489e95d0d6b661377c98771a44155
  http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29276 35896da05ba12ac6acc6b24c6d509fd3
  http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29260 04188b5c68812ecf191d199a7429b492
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29264 4e27be46c0eab33d785e43dd19f8019c
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29254 15fec611ffe69560ff13f63177b8f257
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29272 b7e77da68082710c4421c0e411a8355f
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29246 63246087e1548ab3328052b93137a193
  http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
    Size/MD5 checksum:    29232 806bc19f2cc731028f9d10a614de3451

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum: 52441922 19d7a51478aeb2356795355b28fd341e
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum:   199552 bd9c6a981d4743d78498afc0c160b286
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum:  3960108 44b30c24eff6c09076d80bc50bcb7ecb
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum:    53710 35fa9294193939b1cfef617f214ea717
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum: 13475852 797d32eeb2959e5f81537825e6400e25
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
    Size/MD5 checksum:    64472 7bb0141a1b699dbc26d3f0c43d1cda96

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum:  3679760 2be74437d2161071e69adeb9ae7ca909
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum:    61718 d2c224bfe36b28b56999b84eb025b63a
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum:    52682 6b320c569ff44560fa3debca9fc61199
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum:   196280 a1b59bbc12dce9c50800805b1536497a
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum: 51521766 26f926056b590c362c48c45419134e23
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
    Size/MD5 checksum: 12183028 9687de9ed8b52bc3b2f94c120d27b570

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum:   190322 45e6393607c33f4ecd17ac97ae3a1a71
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum:    59394 01561cf45d17871fc09d1c8b71c278f9
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum:  3923352 8d586d550bb46a0e718594ee40403a0c
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum:    47616 cd497c92f494924ee0864615f909a35a
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum: 10899636 aa73849db3b476f28bc1df10e85197a8
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
    Size/MD5 checksum: 50884498 77b1e9686fe268e8697305d00a7ddcfd

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum:   200908 bf43001b7ea36ac2017fed0d5995abb4
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum: 13645256 879dc4dafce6426453ff633ccbbed914
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum:    53970 22c7fb95f0c09664eeebd79c99642fd0
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum:    66264 9ff1df9182a8046ba3eb2a678d5df984
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum: 52342386 c89a7aef07d1394f858f6f86e02267bf
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
    Size/MD5 checksum:  3958194 55eb990e93fece41ca1ba5008bdefe23

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum:   191326 044b8b6462f4f97ed794f8bb68c2f978
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum:    58688 454b45fbd716656110858eac1f726ec4
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum: 10915630 259b08e1e1d11463a8ef801b65a38866
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum:    48678 3c9c56c959bfda5fcc8af67218f2d46f
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum:  3676688 d1d32c190cb2ee48750f339e2158924c
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
    Size/MD5 checksum: 50792070 854983df69868204fda6ff5e2364d605

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum:    49632 1a8803705eeabb9cc0271dbc92622d02
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum:  3684240 603373481c8417f2cc1e5c1fefda4dbe
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum: 51720194 3b00fd8f263a42dd063dfd0182628a0c
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum:    59310 21fe1260c554ba22b7287a0097030df6
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum:   192632 a0d990027ce888c6c4551d2e2912017e
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
    Size/MD5 checksum: 11364440 44c5674b80a8e91cceb80d3609ec9774

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum:  3679326 931cba187bccd68bbd374f7cfe9849b3
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum: 53339970 d9984f24c76c765a4da7e479effde4f9
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum: 11811386 b3e9e0f72162e51538667a29b7fde72e
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum:    61092 2d7aefceabded3d7377ccd93e9984187
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum:   193330 ee0580a84886eebdb24f4ccf26f5d4bc
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
    Size/MD5 checksum:    50240 d76bb7b61a861111841b558bd0d62124

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum: 52198524 1d4e2d10c96095ece6e5ef72e510167a
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum:    53296 dd0b4567cddf2bb2059024a59fac71a2
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum:  3682976 0e8fd8898a51d592259339c4815728f1
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum:    62876 0c621aace4e543c3d563d6c9eda96482
  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum: 12844796 eb48aef48c73789e99af63593ab5cc99
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
    Size/MD5 checksum:   198050 b724ab8ffad1da2516b787bbd08ee5ab

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum: 11122980 b9529ccfbaba2d55842700bcedf3e5a7
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum: 50676676 e003473e7d4b16d51c82ec5a41c6c24a
  http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum:    58758 32fd31881fc16d9b63fedfd67d181877
  http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum:  3673632 a010187bf5fcb8915270f01e2625c444
  http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum:   190856 964eefa305fbed0c638d338cd61efbd3
  http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
    Size/MD5 checksum:    48764 26d5a91f26d267f69e7fd3aa1cf1ffc9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIKGuLXm3vHE4uyloRAka7AKCl6/aXitkjoMokw0Qb9tJBUfsMsQCfdsHs
137paU/uKvMmmsJsLq0LIZA=
=VsU/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ