Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilitie

From Steffen Joeris@1:229/2 to All on Wed Mar 31 10:50:01 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2025-1 [email protected] http://www.debian.org/security/ Steffen Joeris
March 31, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : icedove
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463
CVE-2009-3072 CVE-2009-3075 CVE-2010-0163

Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-2408

Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name in the subject's
Common Name (CN) field of an X.509 certificate (MFSA 2009-42).

CVE-2009-2404

Moxie Marlinspike reported a heap overflow vulnerability in the code
that handles regular expressions in certificate names (MFSA 2009-43).

CVE-2009-2463

monarch2020 discovered an integer overflow n a base64 decoding function
(MFSA 2010-07).

CVE-2009-3072

Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).

CVE-2009-3075

Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).

CVE-2010-0163

Ludovic Hirlimann reported a crash indexing some messages with
attachments, which could lead to the execution of arbitrary code
(MFSA 2010-07).

For the stable distribution (lenny), these problems have been fixed in
version 2.0.0.24-0lenny1.

Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.

For the testing distribution squeeze and the unstable distribution (sid),
these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz
Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc
Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz
Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb
Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb
Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a

arm architecture (ARM)

http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb
Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb
Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb
Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:45:48
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilitie

Who's Online

Recent Visitors

System Info