1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2297-1] icedove security update

    From Moritz Muehlenhoff@1:229/2 to All on Sun Aug 21 21:20:02 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2297-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 21, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : icedove
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982
    CVE-2011-2983 CVE-2011-2984

    Several vulnerabilities have been discovered in Icedove, an unbranded
    version of the Thunderbird mail/news client.

    CVE-2011-0084

    "regenrecht" discovered that incorrect pointer handling in the SVG
    processing code could lead to the execution of arbitrary code.

    CVE-2011-2378

    "regenrecht" discovered that incorrect memory management in DOM
    processing could lead to the execution of arbitrary code.

    CVE-2011-2981

    "moz_bug_r_a_4" discovered a Chrome privilege escalation
    vulnerability in the event handler code.

    CVE-2011-2982

    Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
    corruption bugs, which may lead to the execution of arbitrary code.

    CVE-2011-2983

    "shutdown" discovered an information leak in the handling of
    RegExp.input.

    CVE-2011-2984

    "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability.


    As indicated in the Lenny (oldstable) release notes, security support for
    the Icedove packages in the oldstable needed to be stopped before the end
    of the regular Lenny security maintenance life cycle.
    You are strongly encouraged to upgrade to stable or switch to a different
    mail client.

    For the stable distribution (squeeze), this problem has been fixed in
    version 3.0.11-1+squeeze4.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.1.12-1.

    We recommend that you upgrade your iceweasel packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.11 (GNU/Linux)

    iEYEARECAAYFAk5RVPQACgkQXm3vHE4uylqCugCg2YT7jC8Ar75VSN9FS4hPG//H CMQAn0YN4UElR0Y03Sfm8GIVGSZl8/0p
    =83po
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)