[SECURITY] [DSA 2489-1] iceape security update

2012-06-0720:59:25

lists.debian.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

95.5%

JSON

Debian Security Advisory DSA-2489-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
June 7, 2012 http://www.debian.org/security/faq

Package : iceape
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2012-1937 CVE-2012-1940 CVE-2012-1947

Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of Seamonkey.

CVE-2012-1937

Mozilla developers discovered several memory corruption bugs,
which may lead to the execution of arbitrary code.

CVE-2012-1940

Abhishek Arya discovered a use-after-free problem when working
with column layout with absolute positioning in a container that
changes size, which may lead to the execution of arbitrary code.

CVE-2012-1947

Abhishek Arya discovered a heap buffer overflow in utf16 to latin1
character set conersion, allowing to execute arbitray code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-13.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your iceape packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6s390iceape-browser< 2.0.11-13iceape-browser_2.0.11-13_s390.deb
Debian6ia64icedove-dbg< 3.0.11-1+squeeze11icedove-dbg_3.0.11-1+squeeze11_ia64.deb
Debian6powerpcicedove-dbg< 3.0.11-1+squeeze11icedove-dbg_3.0.11-1+squeeze11_powerpc.deb
Debian6i386iceweasel-dbg< 3.5.16-16iceweasel-dbg_3.5.16-16_i386.deb
Debian6armellibmozjs2d< 1.9.1.16-16libmozjs2d_1.9.1.16-16_armel.deb
Debian6s390iceweasel-dbg< 3.5.16-16iceweasel-dbg_3.5.16-16_s390.deb
Debian6sparcspidermonkey-bin< 1.9.1.16-16spidermonkey-bin_1.9.1.16-16_sparc.deb
Debian6kfreebsd-amd64icedove-dbg< 3.0.11-1+squeeze11icedove-dbg_3.0.11-1+squeeze11_kfreebsd-amd64.deb
Debian6sparciceape-mailnews< 2.0.11-13iceape-mailnews_2.0.11-13_sparc.deb
Debian6sparcxulrunner-1.9.1-dbg< 1.9.1.16-16xulrunner-1.9.1-dbg_1.9.1.16-16_sparc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	s390	iceape-browser	< 2.0.11-13	iceape-browser_2.0.11-13_s390.deb
Debian	6	ia64	icedove-dbg	< 3.0.11-1+squeeze11	icedove-dbg_3.0.11-1+squeeze11_ia64.deb
Debian	6	powerpc	icedove-dbg	< 3.0.11-1+squeeze11	icedove-dbg_3.0.11-1+squeeze11_powerpc.deb
Debian	6	i386	iceweasel-dbg	< 3.5.16-16	iceweasel-dbg_3.5.16-16_i386.deb
Debian	6	armel	libmozjs2d	< 1.9.1.16-16	libmozjs2d_1.9.1.16-16_armel.deb
Debian	6	s390	iceweasel-dbg	< 3.5.16-16	iceweasel-dbg_3.5.16-16_s390.deb
Debian	6	sparc	spidermonkey-bin	< 1.9.1.16-16	spidermonkey-bin_1.9.1.16-16_sparc.deb
Debian	6	kfreebsd-amd64	icedove-dbg	< 3.0.11-1+squeeze11	icedove-dbg_3.0.11-1+squeeze11_kfreebsd-amd64.deb
Debian	6	sparc	iceape-mailnews	< 2.0.11-13	iceape-mailnews_2.0.11-13_sparc.deb
Debian	6	sparc	xulrunner-1.9.1-dbg	< 1.9.1.16-16	xulrunner-1.9.1-dbg_1.9.1.16-16_sparc.deb