Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-658.NASLHistoryOct 17, 2016 - 12:00 a.m.
Debian DLA-658-1 : icedove security update
2016-10-1700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
Multiple security issues have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.
For Debian 7 ‘Wheezy’, these problems have been fixed in version 45.4.0-1~deb7u1.
We recommend that you upgrade your icedove packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-658-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(94078);
script_version("2.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284");
script_name(english:"Debian DLA-658-1 : icedove security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple security issues have been found in Icedove, Debian's version
of the Mozilla Thunderbird mail client: Multiple memory safety errors
may lead to the execution of arbitrary code or denial of service.
For Debian 7 'Wheezy', these problems have been fixed in version
45.4.0-1~deb7u1.
We recommend that you upgrade your icedove packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2016/10/msg00014.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/icedove"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:calendar-google-provider");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceowl-extension");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/05");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"calendar-google-provider", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove-dbg", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedove-dev", reference:"45.4.0-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"iceowl-extension", reference:"45.4.0-1~deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | calendar-google-provider | p-cpe:/a:debian:debian_linux:calendar-google-provider |
| debian | debian_linux | icedove | p-cpe:/a:debian:debian_linux:icedove |
| debian | debian_linux | icedove-dbg | p-cpe:/a:debian:debian_linux:icedove-dbg |
| debian | debian_linux | icedove-dev | p-cpe:/a:debian:debian_linux:icedove-dev |
| debian | debian_linux | iceowl-extension | p-cpe:/a:debian:debian_linux:iceowl-extension |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284
lists.debian.org/debian-lts-announce/2016/10/msg00014.html
packages.debian.org/source/wheezy/icedove
Related
nessus
nessus
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-1912)
2016-09-22 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160921)
2016-09-22 00:00:00
Debian DSA-3674-1 : firefox-esr - security update
2016-09-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3674-1)
2016-09-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2434-1)
2021-04-19 00:00:00
Mozilla Thunderbird Security Advisories (MFSA2016-88, MFSA2016-88) - Windows
2016-10-21 00:00:00
debian
debian
[SECURITY] [DLA 658-1] icedove security update
2016-10-16 17:20:00
[SECURITY] [DSA 3674-1] firefox-esr security update
2016-09-22 19:55:24
[SECURITY] [DLA 636-1] firefox-esr security update
2016-09-27 12:05:24
oraclelinux
oraclelinux
firefox security update
2016-09-21 00:00:00
thunderbird security update
2016-10-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2016-10-12 20:08:55
Security update for MozillaFirefox (important)
2016-10-04 13:09:46
Security update for MozillaFirefox (important)
2016-10-04 13:10:47
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-10-27 00:00:00
Firefox vulnerabilities
2016-09-22 00:00:00
Firefox vulnerabilities
2016-08-05 00:00:00
mageia
mageia
Updated firefox/rootcerts/nss packages fix security vulnerability
2016-09-28 08:59:24
Updated iceape packages fix security vulnerability
2017-02-20 16:24:57
Updated thunderbird packages fix security vulnerability
2016-10-06 22:47:10
kaspersky
kaspersky
KLA10889 Multiple vulnerabilities in Mozilla Thunderbird
2016-10-20 00:00:00
KLA10876 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-09-13 00:00:00
KLA10852 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-08-02 00:00:00
redhat
redhat
(RHSA-2016:1912) Critical: firefox security update
2016-09-21 06:56:38
(RHSA-2016:1985) Important: thunderbird security update
2016-10-03 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.4 — Mozilla
2016-09-20 00:00:00
Security vulnerabilities fixed in Thunderbird 45.4 — Mozilla
2016-10-03 00:00:00
Security vulnerabilities fixed in Firefox 49 — Mozilla
2016-09-20 00:00:00
centos
centos
firefox security update
2016-09-22 13:23:33
thunderbird security update
2016-10-03 20:12:34
ibm
ibm
archlinux
archlinux
[ASA-201609-22] firefox: multiple issues
2016-09-22 00:00:00
firefox: multiple issues
2016-08-05 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-09-13 00:00:00
Mozilla -- multiple vulnerabilities
2016-08-02 00:00:00
threatpost
threatpost
Mozilla Patches Certificate Pinning Vulnerability in Firefox
2016-09-21 08:58:18
prion
prion
Design/Logic Flaw
2016-09-22 22:59:00
Design/Logic Flaw
2016-09-22 22:59:00
Design/Logic Flaw
2016-09-22 22:59:00
ubuntucve
ubuntucve
veracode
veracode
Use-After-Free
2019-05-02 05:49:54
Man-in-the-Middle
2019-05-02 05:49:54
Use-After-Free
2019-05-02 05:49:54
redhatcve
redhatcve
cve
cve
debiancve
debiancve
osv
osv
icedove - security update
2016-10-16 00:00:00
gentoo
gentoo
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00
Related for DEBIAN_DLA-658.NASL