Lucene search
Debian: Security Advisory (DSA-2464-1)
ποΈΒ 31 May 2012Β 00:00:00Reported byΒ Copyright (C) 2012 Greenbone AGTypeΒ 
Β openvasπΒ plugins.openvas.orgπΒ 20Β Views
The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2464-1 advisory. Several vulnerabilities have been discovered in Icedove, including memory corruption bugs, incorrect multibyte character encoding, and a spoofing vulnerability
Show more
| Reporter | Title | Published | Views | Family All 144 |
|---|---|---|---|---|
 | [SECURITY] [DSA 2464-1] icedove security update | 3 May 201215:45 | β | debian |
| [SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression | 13 May 201221:09 | β | debian |
| [SECURITY] [DSA 2457-1] iceweasel security update | 24 Apr 201220:35 | β | debian |
| [SECURITY] [DSA 2548-1] iceape security update | 24 Apr 201220:56 | β | debian |
 | Debian DSA-2464-2 : icedove - several vulnerabilities | 4 May 201200:00 | β | nessus |
| Debian DSA-2457-2 : iceweasel - several vulnerabilities | 25 Apr 201200:00 | β | nessus |
| Debian DSA-2458-2 : iceape - several vulnerabilities | 25 Apr 201200:00 | β | nessus |
| Thunderbird 10.0.x < 10.0.4 Multiple Vulnerabilities (Mac OS X) | 27 Apr 201200:00 | β | nessus |
| Firefox < 10.0.4 Multiple Vulnerabilities (Mac OS X) | 27 Apr 201200:00 | β | nessus |
| Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird5) | 19 Jan 201500:00 | β | nessus |
10
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/DSA-2464 |
| debian | www.debian.org/security/2012/DSA-2464-1 |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.71343");
script_cve_id("CVE-2012-0467", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0477", "CVE-2012-0479");
script_tag(name:"creation_date", value:"2012-05-31 15:42:55 +0000 (Thu, 31 May 2012)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-2464-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB6");
script_xref(name:"Advisory-ID", value:"DSA-2464-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2012/DSA-2464-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2464");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'icedove' package(s) announced via the DSA-2464-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
CVE-2012-0467
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code.
CVE-2012-0470
Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code.
CVE-2012-0471
Anne van Kesteren discovered that incorrect multibyte character encoding may lead to cross-site scripting.
CVE-2012-0477
Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting.
CVE-2012-0479
Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS.
For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze10.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your icedove packages.");
script_tag(name:"affected", value:"'icedove' package(s) on Debian 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"icedove", ver:"3.0.11-1+squeeze9", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-dbg", ver:"3.0.11-1+squeeze9", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedove-dev", ver:"3.0.11-1+squeeze9", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 May 2012 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS210
EPSS0.262