Lucene search

K
debianDebianDEBIAN:DSA-3410-1:624AB
HistoryDec 01, 2015 - 10:21 p.m.

[SECURITY] [DSA 3410-1] icedove security update

2015-12-0122:21:09
lists.debian.org
29
debian
icedove
security update
cve-2015-4473
cve-2015-4487
cve-2015-4488
cve-2015-4489
cve-2015-4513
cve-2015-7181
cve-2015-7182
cve-2015-7188
cve-2015-7189
cve-2015-7193
cve-2015-7194
cve-2015-7197
cve-2015-7198
cve-2015-7199
cve-2015-7200
memory safety errors
integer overflows
buffer overflows
debian wheezy
debian jessie
debian sid
enigmail
esr38.

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.096

Percentile

95.0%


Debian Security Advisory DSA-3410-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 01, 2015 https://www.debian.org/security/faq


Package : icedove
CVE ID : CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489
CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7188
CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7197
CVE-2015-7198 CVE-2015-7199 CVE-2015-7200

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 38.4.0-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 38.4.0-1~deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 38.4.0-1.

In addition enigmail has been updated to a release compatible with the
new ESR38 series.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.096

Percentile

95.0%