Debian Security Advisory DSA 3410-1 (icedove - security update)

Debian Security Advisory DSA 3410-1 (icedove - security update). Multiple security issues found in Icedove, Debian's version of Mozilla Thunderbird mail client. Memory safety errors, integer overflows, and buffer overflows may lead to the execution of arbitrary code or denial of servic

Reporter	Title	Published	Views	Family All 493
IBM Security Bulletins	Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)	16 Jun 201821:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified	18 Jun 201800:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Network Security (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2015-7181 CVE-2015-7182 CVE-2015-7183)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS	18 Jun 201800:09	–	ibm

Source	Link
debian	www.debian.org/security/2015/dsa-3410.html

# OpenVAS Vulnerability Test
# $Id: deb_3410.nasl 6609 2017-07-07 12:05:59Z cfischer $
# Auto-generated from advisory DSA 3410-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703410);
    script_version("$Revision: 6609 $");
    script_cve_id("CVE-2015-4473", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489",
                  "CVE-2015-4513", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7188",
                  "CVE-2015-7189", "CVE-2015-7193", "CVE-2015-7194", "CVE-2015-7197",
                  "CVE-2015-7198", "CVE-2015-7199", "CVE-2015-7200");
    script_name("Debian Security Advisory DSA 3410-1 (icedove - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $");
    script_tag(name: "creation_date", value: "2015-12-01 00:00:00 +0100 (Tue, 01 Dec 2015)");
    script_tag(name: "cvss_base", value: "10.0");
    script_tag(name: "cvss_base_vector", value: "AV:N/AC:L/Au:N/C:C/I:C/A:C");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2015/dsa-3410.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "icedove on Debian Linux");
    script_tag(name: "insight",   value: "Icedove is an unbranded Thunderbird mail
client suitable for free distribution. It supports different mail accounts
(POP, IMAP, Gmail), has an integrated learning Spam filter, and offers easy
organization of mails with tagging and virtual folders. Also, more features can be
added by installing extensions.");
    script_tag(name: "solution",  value: "For the oldstable distribution (wheezy),
these problems have been fixed in version 38.4.0-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 38.4.0-1~deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 38.4.0-1.

In addition enigmail has been updated to a release compatible with the
new ESR38 series.

We recommend that you upgrade your icedove packages.");
    script_tag(name: "summary",   value: "Multiple security issues have been
found in Icedove, Debian's version of the Mozilla Thunderbird mail client:
Multiple memory safety errors, integer overflows, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or denial of
service.");
    script_tag(name: "vuldetect", value: "This check tests the installed
software version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"calendar-google-provider", ver:"38.4.0-1~deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove", ver:"38.4.0-1~deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dbg", ver:"38.4.0-1~deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dev", ver:"38.4.0-1~deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"iceowl-extension", ver:"38.4.0-1~deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"calendar-google-provider", ver:"38.4.0-1~deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove", ver:"38.4.0-1~deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dbg", ver:"38.4.0-1~deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dev", ver:"38.4.0-1~deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"iceowl-extension", ver:"38.4.0-1~deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

07 Jul 2017 00:00Current

0.8Low risk

Vulners AI Score0.8

EPSS0.11044