-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1300-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 7th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : iceape Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2870 CVE-2007-2871 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1362 Nicolas Derouet discovered that Iceape performs insufficient validation of cookies, which could lead to denial of service. CVE-2007-1558 Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack. CVE-2007-2867 Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2007-2868 Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant discovered crashes in the javascript engine, which might allow the execution of arbitrary code. CVE-2007-2870 "moz_bug_r_a4" discovered that adding an event listener through the addEventListener() function allows cross-site scripting. CVE-2007-2871 Chris Thomas discovered that XUL popups can can be abused for spoofing or phishing attacks. Fixes for the oldstable distribution (sarge) are not available. While there will be another round of security updates for Mozilla products, Debian doesn't have the ressources to backport further security fixes to the old Mozilla products. You're strongly encouraged to upgrade to stable as soon as possible. For the stable distribution (etch) these problems have been fixed in version 1.0.9-0etch1. A build for the arm architecture is not yet available, it will be provided later. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your iceape packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.dsc Size/MD5 checksum: 1403 fac51ae60382306a1f5937d393cad9b8 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.diff.gz Size/MD5 checksum: 265235 f0632d0ab1011723516b42ddc3fbf077 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9.orig.tar.gz Size/MD5 checksum: 42936008 f3f2409c45e5e48124159f71c3f305db Architecture independent components: http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.9-0etch1_all.deb Size/MD5 checksum: 278514 abeb91d6d747fbd2a2dc4c53a0c1b730 http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.9-0etch1_all.deb Size/MD5 checksum: 3655228 aeaa72117bdef3db570d175294003567 http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1_all.deb Size/MD5 checksum: 27642 2c103331d2f75caab26dc5c5c5b53db5 http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 27172 6461173091e780104247676063370dd4 http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26244 3a26fad0fccac9cb3f0a3826eaba0398 http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26258 6c114441ed304d22a68626e641714a32 http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26380 36e2977fd80cdf0e5132d3e5d3d7566f http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26280 4f803f93ba3146cf3568a8255d7ff1ce http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26276 fc04a5e05749f469061437aebce7e25c http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26266 b14a9f36ebf0b29133dd6d136d74b1d4 http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26248 ffa152a5ad9a647f7b6c7b509542b6c4 http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.9-0etch1_all.deb Size/MD5 checksum: 26240 ef0a008c5d7c4d832dde3bb10fa06ef1 Alpha architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 12865430 8418f1985dc4615ef0507f14c06ab65a http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 625182 0a1b310be2bd861d5686b03b9ac1ad4a http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 60530626 66a769a586e4bce6abfcae5f31abd779 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 196750 364d4c0c512880760c200dcc796100cc http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 52960 1c12d82410100d48a17ec75c4fc0c0d4 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_alpha.deb Size/MD5 checksum: 2281764 4955a49cf9ef25f24ffd37768864564d AMD64 architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 11647006 a84a6860787ef130576e7fb11f8eabec http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 608506 1bf656a5edc44eb320997a42a1fad33c http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 59537150 2ed3859e18f3bab0b6b48e6d91e653c3 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 193924 7b741afe2710da66e2306f681a8323a5 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 52456 c762266f74dd5db459d4b40763c70d10 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_amd64.deb Size/MD5 checksum: 2090278 1fff0ff3907d8990df3874a295ab795b HP Precision architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 12941432 53b838fbda55ae87993a2be1bb8787f6 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 614398 15b391e088060d1065354384af4dd688 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 60391748 e26a56439db9415ae0226c4fa28c2e79 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 196962 cb87bee865d7f77a525d3e75707c50a0 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 53538 93a72fdb9dacbf0f690a6c20222842a5 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_hppa.deb Size/MD5 checksum: 2338650 4e68071e6271350ad331f6f387328450 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_i386.deb Size/MD5 checksum: 10454294 da901720379e4b1bad94459ba8053687 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_i386.deb Size/MD5 checksum: 587850 ec7ad19e450d2490ff3ebd1b50bf4096 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_i386.deb Size/MD5 checksum: 58613040 7ffa59d625d92dd2975c8df5ffe773c7 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_i386.deb Size/MD5 checksum: 188602 970dba31c02d4fecf9418f4d2e783dff http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_i386.deb Size/MD5 checksum: 47562 a8435ff7e0e9256fd18dba5563a52f61 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_i386.deb Size/MD5 checksum: 1889432 af7c62e7b76245ca48a8253beb9d450d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 15756760 95de0b7bb5cd9b7f4f9f30b6eb0880cd http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 660486 7903f3f9c0dc33d2a603d67ec1796d4f http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 59810372 007d904791cfd676855b88dcb837f8ee http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 203602 e6ec5ad7093347c8bae4a4bf5232ba98 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 61072 976efb7973f37f1dea1304d65aeaac3f http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_ia64.deb Size/MD5 checksum: 2815398 1e2078b5d7adab616fa3f5dc16bee183 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mips.deb Size/MD5 checksum: 11102688 a2332134ba7eca56ea9d2fd2300d38fd http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mips.deb Size/MD5 checksum: 598284 8db74e82ba6915c61ad634cd2997c34e http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mips.deb Size/MD5 checksum: 61397714 de6b3f48f35ad453900025ec3de34baf http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mips.deb Size/MD5 checksum: 190580 089d2bfc82e5bbccd28e2d39d63ff3e5 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mips.deb Size/MD5 checksum: 49058 fba4238a8887be242521fc1b13329a68 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mips.deb Size/MD5 checksum: 1955378 a5e472ed92e8be52cee996d111210732 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 10890126 da61a2407cb332806ef54f30c6683055 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 594906 6da11b3f0e5da40aac23e8fcea295405 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 59749198 d336210141b28e1e54c351d7da403e76 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 190102 a5619388f97802a39a7ebd8e72930581 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 48856 85ccbe07938b1b0bd7c2bb6f5116b1e5 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mipsel.deb Size/MD5 checksum: 1940148 1f5dd8c10e94e3362ef3ce6abca7665c PowerPC architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 11286956 52990bdec220bab9968d859c79e8cbe8 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 595182 6f9393fc2c13eea7e281a57b6955cd05 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 61536458 981f8b40052ab8a3d78fbd7a90acedf7 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 190982 d7e50ff547bf3a4f7633ab5dd56c8e9e http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 48376 9409001d405fdbf55a9825ee3f60cf85 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_powerpc.deb Size/MD5 checksum: 2005444 0b699049484cc571b7516efc43afd6ad IBM S/390 architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_s390.deb Size/MD5 checksum: 12266856 9014128ea5980d3ee1c6203883ec3d42 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_s390.deb Size/MD5 checksum: 610568 1f7d3b6e02bca35cac33df9083ec5809 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_s390.deb Size/MD5 checksum: 60291956 fb54cc2a913940344cd70799511ac524 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_s390.deb Size/MD5 checksum: 195766 9a53913dc7c84a73b32aa438f51e5c36 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_s390.deb Size/MD5 checksum: 53044 2b8eeeeacfdc9fbbf891103af7b97e08 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_s390.deb Size/MD5 checksum: 2184358 c233670f97859a3e1e18ae168cd4a1c6 Sun Sparc architecture: http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 10634168 95edbd8c95e760fef36e0ca194fc1c23 http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 584234 50ca6c5a2b8031467cf7e77aba71f9d8 http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 58430974 883810feeb6d0e95df3cbe98899e3103 http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 188526 4b3615b67bda657d68b2922a6a1dffe8 http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 47082 4089406c7cefccf3692c8d4dba2119a7 http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_sparc.deb Size/MD5 checksum: 1894500 9a1ce67eca6cfbc42c2394783ed10234 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGaGd1Xm3vHE4uyloRAtH7AKClPnM3e436w+E2fVRpU94CkPdcNgCgw1ZZ RkET7viqTwTrf9/ZMcjI5to= =AO3n -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/