-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1485-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 17, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : icedove Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 A regression has been fixed in icedove's frame handling code. For reference you can find the original update below: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown", Philip Taylor and "tgirmann" discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-0415 "moz_bug_r_a4" and Boris Zbarsky discovered discovered several vulnerabilities in Javascript handling, which could allow privilege escalation. CVE-2008-0418 Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure or potentially the execution of arbitrary code. CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through Javascript. For the stable distribution (etch), these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1-0etch2. The Mozilla products in the old stable distribution (sarge) are no longer supported with security updates. We recommend that you upgrade your icedove packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.diff.gz Size/MD5 checksum: 641080 8da0c046148daa841941f8fdf7d3a468 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1.orig.tar.gz Size/MD5 checksum: 35174191 b1a02873d5e320b1a208dbffc256baee http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.dsc Size/MD5 checksum: 1934 ad83c84fbfa37e05030f04ab2beea2f0 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29162 6aba3762846d6cc855b59449938897a1 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29154 02b82cfbeda2ea8ada9a0646fc5c0691 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29142 cd038ed9a2e5a6b40da1f18a5a2debc0 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29162 283d27da1071b1039ab81c9aa2dcd11d http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29138 93dd70cced9714a43b34624bc2695571 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29150 397ae77f472a060749d09ffbcd6299f6 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29162 1fa418c580e8c82435f91ecd4bf41090 http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29136 b2ffd7bea2f595a1f6fdc96af8e0be87 http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29148 a3a86d0d519201557f17e58d54db82fc http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb Size/MD5 checksum: 29120 f318f2f878e868a74b1ead42db02fbff alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 3959884 710d3d698bf1179e55104abed949a6be http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 64920 a3e95ad0027ccfc73fc8fb63e52e7484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 52788 a74420d45ab8a7ad2c435b2b54625570 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 13477550 8249b008b7de20fca03a4cead73e025d http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 201140 76410d580565d0e3877f34b88d68f977 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb Size/MD5 checksum: 52398862 626fc104e22aa5e728495fc143c9b604 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 51479922 fe1cc4dcd664e5c70d8c3394df0d61b0 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 12176406 b64a56a7f9e06df18f61f00918b62946 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 196168 e1b6a9ce58c58b8f14bc03cd41337e12 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 3678408 ef8c2f54f89929428b6f3df2b7c17089 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 52564 2a6ab2241730acdf6c3005259ef84098 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb Size/MD5 checksum: 61606 b748a3852ed2568670430065a6bcf5e2 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 190242 f01dc34e5354e61cb9b284513983e027 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 47528 a8e89efce73f53de6675ea0bc29493dd http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 10890322 f1c712ab506e05dbfcf6ed15e40ab267 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 3921368 835fe66a9f284867ae50813ee52ea5b7 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 59264 d116e875887ef623ea57b88b28b6ddf0 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb Size/MD5 checksum: 50840090 24a227e1250d063269c58c271ebca291 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 50740666 9b69293b1cbe427ed43818c1d2e18cc2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 48564 34c53bb12a93738db67d7769b67f2044 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 191210 13114249b05826f62ba589e2eeac2d2a http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 58590 6e1bec505bc3795924c9c6f4c63570e9 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 10908406 aa36c6587227a61eb2cf9b5440671351 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb Size/MD5 checksum: 3675024 95eed699227d9fbd5780c3d135a7d7d6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 74640 c91145f299a8a2a1eb7046ea2aca52c6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 3727470 a792a88b248cb0a337ce5ca83b588422 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 205256 6bcb0b58261a71e6e092d3b0058d4e7a http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 59970 1c67ec1fc7b615abd19c1389582baf1f http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 16555888 c50b8f8a39cc52c9c6ccd43bfd16e014 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb Size/MD5 checksum: 51781970 bb9ee0dcf256a786651f84adf2358a0a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 3947082 60d9ea6886588e9b41139780a903d69c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 48240 e5734152adc186470325e182d4b34f70 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 11605920 2e0319113e5009c052cacc7d0307e813 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 53114874 f2f4750010657a7adcf2911c57608309 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 58754 6792b308b73e2150584ef6890a208552 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb Size/MD5 checksum: 192942 88e0819fe73b595444f3dbd3a59232db mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 3682858 c932cc8a6829ca16e1f395b8e55fbebe http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 51683616 b2813b38b94d3715df3fb42bf7c1dad9 http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 59210 5077fb067f758e5b9c5dfcf930cbfae2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 49522 e9ed5680a1d5ebc8afbb30d722ee6468 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 11360126 2078cd56ce9db6fb6245b1a9ee276482 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb Size/MD5 checksum: 192540 fdac9d9b390940dead89c96b3a730432 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 3677952 a858d6b19632c1a9ae9914bc9a5adc5b http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 53293566 63c20de9258639ff550589c12af40f8b http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 60974 9f9e242dfbfbe84cde06b7b661fe0728 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 11805570 d15eac8917db32cb04a8eac9d73a9c17 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 193224 38fd2de7e4b8df743acb2217e54f8b04 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb Size/MD5 checksum: 50124 61db63cfe9242e8379579bc3fcc32e88 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 62754 19a0e3377467c5a1e5fd53a5cd5070d4 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 3681554 395ed68c790698f0fcb30081ad1f9ea0 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 53184 9076795f592696f61c34c53ce29e1ebc http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 12835828 4d1137bbec37f67601f2a7eae99857b9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 52154562 fc8a7b1ff7d7f9cae755629cd19dab80 http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb Size/MD5 checksum: 197916 f7832e2b34d9142799b992794753aac4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 50636782 35d513348d5dda2d7f4c682a7f3f639f http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 190740 0b9a1afa87b0bb0e0bc3fa48d9e3e0bb http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 3671694 d890eeed08ecb1f0eeeff46f09bdeea3 http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 11116804 ddb8b828546498479a3fddd718a0633c http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 58654 35ee94e3ae7339f642ffce1fa42a7c29 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb Size/MD5 checksum: 48644 147aa5f5592ba08bc7f2ec42453a6104 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH3tawXm3vHE4uyloRAg4XAKC/fk0CZhar6XDAY640wYTzTQ5FXwCggtPS cQoW4sf4zC5gatUgo6D9qWY= =310W -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/