Basic search

K
debianDebianDEBIAN:DSA-1506-1:BBA3D
HistoryFeb 24, 2008 - 12:30 p.m.

[SECURITY] [DSA 1506-1] New iceape packages fix several vulnerabilities

2008-02-2412:30:41
lists.debian.org
16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%


Debian Security Advisory DSA-1506-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2008 http://www.debian.org/security/faq


Package : iceape
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591
CVE-2008-0592 CVE-2008-0593 CVE-2008-0594

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0412

Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.

CVE-2008-0413

Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Philip Taylor and "tgirmann" discovered crashes in the Javascript
engine, which might allow the execution of arbitrary code.

CVE-2008-0414

"hong" and Gregory Fleisher discovered that file input focus
vulnerabilities in the file upload control could allow information
disclosure of local files.

CVE-2008-0415

"moz_bug_r_a4" and Boris Zbarsky discovered discovered several
vulnerabilities in Javascript handling, which could allow
privilege escalation.

CVE-2008-0417

Justin Dolske discovered that the password storage machanism could
be abused by malicious web sites to corrupt existing saved passwords.

CVE-2008-0418

Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory
traversal vulnerability in chrome: URI handling could lead to
information disclosure.

CVE-2008-0419

David Bloom discovered a race condition in the image handling of
designMode elements, which can lead to information disclosure or
potentially the execution of arbitrary code.

CVE-2008-0591

Michal Zalewski discovered that timers protecting security-sensitive
dialogs (which disable dialog elements until a timeout is reached)
could be bypassed by window focus changes through Javascript.

CVE-2008-0592

It was discovered that malformed content declarations of saved
attachments could prevent a user in the opening local files
with a ".txt" file name, resulting in minor denial of service.

CVE-2008-0593

Martin Straka discovered that insecure stylesheet handling during
redirects could lead to information disclosure.

CVE-2008-0594

Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing
protections could be bypassed with <div> elements.

For the stable distribution (etch), these problems have been fixed in
version 1.0.12~pre080131b-0etch1.

The Mozilla releases from the old stable distribution (sarge) are no
longer supported with security updates.

We recommend that you upgrade your iceape packages.

Upgrade instructions


wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz
Size/MD5 checksum: 43535826 39071cd311888d73254336b782109776
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.dsc
Size/MD5 checksum: 1439 eaee68845cb7d4660609f6c47ac01666
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.diff.gz
Size/MD5 checksum: 269895 fb6e3c3d3bc4a94773c1b4921fdb42d6

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27208 91bbb99fad75c41e2df1170749014288
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27210 0233d457074aa58542b8662c2a54c48a
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27244 51f7e38462c1f39e0c662e4b58eca43a
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 281870 1e8faf69c0bbf186f1a6c1d199646ce6
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 3927248 df30ff32e825d5ceb1630025a7d0ef88
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27248 2b1e9711c1e80b9651b88e3dc19d4b76
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 28614 20c852fc8104981654bd6227a0602375
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27232 97c0a7e4b71cc083c711086dd160322a
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27348 ad7233b5d98e1557cdc190d9cf6746df
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27236 8ae02d5d250866771250e19e5bb967bb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 27220 6035bbc507f4fc30a0564aa18c5a3a98
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb
Size/MD5 checksum: 28186 4997ba36f2c9aacf25eb9c41bf104d6f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 197832 c2be45e20e6834b19969e125925622a1
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 60612536 5fbbf1f26498f361c0aadc0535bdee92
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 53952 ef80eea66f161134bc52d0cdbf985f51
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 626136 542e77b2a6ad52a40d29ecafa76c15a7
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 2282858 e915238d369b469d5911e10d92be0e99
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_alpha.deb
Size/MD5 checksum: 12884578 9b5912dc643b38e5d3120d34d8685f16

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 59608524 146775d1bd21250e027006f9dbf90d6f
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 613832 6cb81b62325770fd1e2590908d0afda7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 195048 2ccb3800e4edcd8510d707a9ac4a5d7e
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 11687282 2fc3db14be5dd03b082497ab6f9ffc36
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 53366 8789d8dd06e30ce580ab37e94ec1d44b
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb
Size/MD5 checksum: 2099654 99aef23fe234563ce99f3d8ce89b02d2

arm architecture (ARM)

http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 1916734 bdda1babe619d6f11429f1fb813fc347
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 10421094 4cf350729bfeff5f0a6edba041e72be7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 58769074 99504f3ad7121ed31583e3c77c3086e2
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 586096 4c1e372a14bcbe1ec4b3046be24ced89
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 186930 33820091037a0e30e4271e8c8c462ff9
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_arm.deb
Size/MD5 checksum: 47526 5244fa8a247df56a3f14c364107dc5b8

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 60480238 50ee40317fd63bd0c7d04022e21f8f76
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 2340460 70af4c1cfbd089e6a2ad548d1553093b
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 12958476 f2acc587b4c985c6ea939ed1bba53de9
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 615240 7e3158df6d488c6b0bfe7827cfce37ed
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 54444 c7ddb1f77645cd60689dbb7a5c4b2768
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_hppa.deb
Size/MD5 checksum: 198108 967170dcf4a4a1d6687d2d0b55edaec8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 1891212 ba923a32b2a34a9299cb4d5a8bad2d77
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 10469782 994f4b0fd8e4bd9af76fe013c7123bdc
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 588886 5856c66a12bf5a984668743b8b366cee
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 189766 ee9064d51a33a035b7a46de44d80249d
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 58697388 299a8786d15d0abb99d7fc6fe4b87b7f
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_i386.deb
Size/MD5 checksum: 48438 de1f808e760ee3ca502efb8276875fbf

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 661876 a673cbf8efb0be476d2cd23dc514704a
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 61898 cccd1556f5ee674a2c2f6ddf71522b39
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 59883340 f6ee758cb0b235682f20e2e22edd870a
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 2817080 c0adbe387222eedf4d5cf7eff91a4657
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 204694 8aa8c681d136482bd2cda6563eacbfb9
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_ia64.deb
Size/MD5 checksum: 15783590 960303c76c2be69aad2e4b7bfe4f542e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 61481346 66bc2a72517409d5334bc0ba40be51fd
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 599404 ff50ca675b598da75eb7f3ab08d34ee6
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 11154048 bd1cb7c5bc7136fd644eb9c87e7181b7
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 1959202 7eb50924f7400d84008edffd0e9d6413
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 49884 80c1be2a4afb6ce7bf9fc785901704dd
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mips.deb
Size/MD5 checksum: 190950 006169fb68cb210f51fe52090be5050e

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 49768 42593decc9887241317c87567f8223b1
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 191194 78f3b008208527bf214ed516e85b13f3
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 59840612 0118b96a4f8d82286b8d5ccc946b6c0d
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 10905670 9874cc963f87d284d927d467eafc8c2f
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 595920 3024870501878bf13254165af3ac9686
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mipsel.deb
Size/MD5 checksum: 1942002 130b8ab791ae8591e22d9635362bf202

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 49232 e526eb3de3861503a826593f582f2932
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 596206 da0aa1d500d126ef390da42e3b3bc973
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 192018 6278d2517e0d32b3e5c42aa2f0010aef
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 61613310 b6b25ed7a498f98c3908efb7bd185e0a
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 2006468 3253d618628235a609417783309079aa
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_powerpc.deb
Size/MD5 checksum: 11304736 186491b14177328e4cdcc2c0599bee48

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 53962 937cb4b85e25812c189fde886a9ae8b8
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 196854 e838b4c9820b202ba25da00adca529e8
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 12282708 04c09a3bbbe96035301ffa3fa427d2e2
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 60369160 80e463d3e1abe4c6f2e44084c0af1cc6
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 611658 d51e50f35fa7f644e68719bd3c3e1cde
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_s390.deb
Size/MD5 checksum: 2185818 4b702edba4ac2c7e85a22f499250fd40

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 1895872 2eb1f20b00c11d4f4330016aaa827d55
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 10652974 8ea3ab5df7323a302c0b9441222fb407
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 58513948 a455a4a30f354129f5ab3441fcb422af
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 585296 a57295461949681a7628c2c0aa603ccb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 48038 5cba2cf78058d6dd4609cb895961298d
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_sparc.deb
Size/MD5 checksum: 189644 bdc3c7725fed05757a888de08a4fa959

These files will probably be moved into the stable distribution on
its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%

Related for DEBIAN:DSA-1506-1:BBA3D