1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilitie

    From Steffen Joeris@1:229/2 to All on Sun Jul 12 13:30:20 2009
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------ Debian Security Advisory DSA-1830-1 [email protected] http://www.debian.org/security/ Steffen Joeris
    July 12, 2009 http://www.debian.org/security/faq
    - ------------------------------------------------------------------------

    Package : icedove
    Vulnerability : several vulnerabilities
    Problem type : remote
    Debian-specific: no
    CVE IDs : CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841


    Several remote vulnerabilities have been discovered in the Icedove
    mail client, an unbranded version of the Thunderbird mail client. The
    Common Vulnerabilities and Exposures project identifies the following
    problems:

    CVE-2009-0040

    The execution of arbitrary code might be possible via a crafted PNG file
    that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    (MFSA 2009-10)

    CVE-2009-0352

    It is possible to execute arbitrary code via vectors related to the
    layout engine. (MFSA 2009-01)

    CVE-2009-0353

    It is possible to execute arbitrary code via vectors related to the
    JavaScript engine. (MFSA 2009-01)

    CVE-2009-0652

    Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing
    attack via Unicode box drawing characters in internationalized domain
    names. (MFSA 2009-15)

    CVE-2009-0771

    Memory corruption and assertion failures have been discovered in the
    layout engine, leading to the possible execution of arbitrary code.
    (MFSA 2009-07)

    CVE-2009-0772

    The layout engine allows the execution of arbitrary code ia vectors
    related to nsCSSStyleSheet::GetOwnerNode, events, and garbage
    collection. (MFSA 2009-07)

    CVE-2009-0773

    The JavaScript engine is prone to the execution of arbitrary code via
    several vectors. (MFSA 2009-07)

    CVE-2009-0774

    The layout engine allows the execution of arbitrary code via vectors
    related to gczeal. (MFSA 2009-07)

    CVE-2009-0776

    Georgi Guninski discovered that it is possible to obtain xml data via
    an issue related to the nsIRDFService. (MFSA 2009-09)

    CVE-2009-1302

    The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14)

    CVE-2009-1303

    The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14)

    CVE-2009-1307

    Gregory Fleischer discovered that it is possible to bypass the Same
    Origin Policy when opening a Flash file via the view-source: scheme.
    (MFSA 2009-17)

    CVE-2009-1832

    The possible arbitrary execution of code was discovered via vectors
    involving "double frame construction." (MFSA 2009-24)

    CVE-2009-1392

    Several issues were discovered in the browser engine as used by icedove,
    which could lead to the possible execution of arbitrary code.
    (MFSA 2009-24)

    CVE-2009-1836

    Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks
    on a certain proxy response. (MFSA 2009-27)

    CVE-2009-1838

    moz_bug_r_a4 discovered that it is possible to execute arbitrary
    JavaScript with chrome privileges due to an error in the
    garbage-collection implementation. (MFSA 2009-29)

    CVE-2009-1841

    moz_bug_r_a4 reported that it is possible for scripts from page content
    to run with elevated privileges and thus potentially executing arbitrary
    code with the object's chrome privileges. (MFSA 2009-32)

    No CVE id yet

    Bernd Jendrissek discovered a potentially exploitable crash when viewing
    a multipart/alternative mail message with a text/enhanced part.
    (MFSA 2009-33)


    For the stable distribution (lenny), these problems have been fixed in
    version 2.0.0.22-0lenny1.

    As indicated in the Etch release notes, security support for the
    Mozilla products in the oldstable distribution needed to be stopped
    before the end of the regular Etch security maintenance life cycle.
    You are strongly encouraged to upgrade to stable or switch to a still
    supported mail client.

    For the testing (squeeze) distribution these problems will be fixed soon.

    For the unstable distribution (sid), these problems have been fixed in
    version 2.0.0.22-1.


    We recommend that you upgrade your icedove packages.


    Upgrade instructions
    - --------------------

    wget url
    will fetch the file for you
    dpkg -i file.deb
    will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
    will update the internal database
    apt-get upgrade
    will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.


    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------

    Debian (stable)
    - ---------------

    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

    Source archives:

    http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.dsc
    Size/MD5 checksum: 1667 e373157340de8a93d36e6210afe2f345
    http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.diff.gz
    Size/MD5 checksum: 118782 0f1d8098818180a72820438adfa79436
    http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22.orig.tar.gz
    Size/MD5 checksum: 36965969 8e0ffafaece0680a42c0cb11ff34c64a

    alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_alpha.deb
    Size/MD5 checksum: 13441166 eb9f665e0e18b36daf2542288567bc0e
    http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_alpha.deb
    Size/MD5 checksum: 57359422 0e1af2a3bfd6d7f1d66840a9d9bbdc3c
    http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_alpha.deb
    Size/MD5 checksum: 60844 e782984c2808227c747a7930c70455d5
    http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_alpha.deb
    Size/MD5 checksum: 3723116 f35a203a81b097f19d67a454df6eae3f

    amd64 architecture (AMD x86_64 (AMD64))

    http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_amd64.deb

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)