[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
Date: Wed, 13 Jun 2007 19:34:11 +0200
From: Moritz Muehlenhoff <jmm@debian.org.>
Subject: [SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
Priority: urgent
Resent-Message-ID: <iNUK4B.A.TwF.8pCcGB@murphy.>
Reply-To: [email protected]
Mail-Followup-To: [email protected]
To: [email protected]
Resent-Date: Wed, 13 Jun 2007 17:33:48 +0000 (UTC)
Resent-From: [email protected] (Mailing List Manager)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1305-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
June 13th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : icedove
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-1558 CVE-2007-2867 CVE-2007-2868
Several remote vulnerabilities have been discovered in the Icedove mail client,
an unbranded version of the Thunderbird client. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2007-1558
Gatan Leurent discovered a cryptographical weakness in APOP
authentication, which reduces the required efforts for an MITM attack
to intercept a password. The update enforces stricter validation, which
prevents this attack.
CVE-2007-2867
Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn
Wargers and Olli Pettay discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2007-2868
Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant
discovered crashes in the Javascript engine, which might allow the execution of
arbitrary code. Generally, enabling Javascript in Icedove is not recommended.
Fixes for the oldstable distribution (sarge) are not available. While there
will be another round of security updates for Mozilla products, Debian doesn't
have the ressources to backport further security fixes to the old Mozilla
products. You're strongly encouraged to upgrade to stable as soon as possible.
For the stable distribution (etch) these problems have been fixed in version
1.5.0.12.dfsg1-0etch1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your icedove packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.dsc
Size/MD5 checksum: 1904 782de141f4201acfdb3f64649e8633c1
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.diff.gz
Size/MD5 checksum: 638452 0b382503b7932c6a125a539ad36a9b56
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1.orig.tar.gz
Size/MD5 checksum: 33092818 246c0b87e4bd5b5f81df9bc4ad51f918
Architecture independent components:
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28294 f99aeeb33759ba7db937725c1257dc3c
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28304 f89eb9a9aaa76fb692f870e4865947ab
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28308 0fe7b986606e09ccbc06d35b41c22061
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28286 3c896128dee950a2a718d21e0e839e62
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28276 eed67c8b54582ca5bfec91b72c52a232
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28278 1959e478ec9c1a77619b01873ff822f6
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28300 959ee006281d442ce95ef229641ce827
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28290 5ecf563aca0d85c16e197c222100995b
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28306 c4d49ed78de21cb6112f38d189b93bc6
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
Size/MD5 checksum: 28264 f951d0f14dd81bf7684d8129814f1a68
Alpha architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 13441302 9e9c3111c0bae2d3b951d2d5a242a9f4
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 52274362 fc61f6dd4176c30e40ce7d1c240b2d04
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 3904592 506da6d9493a19303806e4e4599d245e
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 51900 718719afe0bc423d1353efa0aaccaf18
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 200108 3391daf25055064eb6764c290515a593
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_alpha.deb
Size/MD5 checksum: 64016 8f71e349f0776572f1b47a0430c293ee
AMD64 architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 12139602 c6589e27cfac81ddad462cfcc5dd1a20
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 51380120 b958a63e854cca7a442ee0207206bfd3
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 3625224 099909dc279e37cbfabba5b165b31f88
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 51780 8d98858fe2412be2d3d3b3b2efb20f48
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 195302 5dd2cea99bb81707d2fb3eb437b522f7
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_amd64.deb
Size/MD5 checksum: 60724 24d81815f6ade2ca9e5505bb2be1a1dc
ARM architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 10829726 11a5ea81b564b5b2a66d666a94448da1
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 50725554 f3f0d6ef0eaa89c94998033cd909298f
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 3621960 dbef27a6cbcff0fb0a3b1b71ab38b12d
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 47306 b66e3e1280ad688ff19c846dba1d3e79
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 189468 56ba9915760e9e1d7b3e67ebf8080e9f
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_arm.deb
Size/MD5 checksum: 58506 6ea7bef2259e0bcd5e5e2e90289bda7e
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 13567948 0c42a2559ba36becc3280ed6e4847b39
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 52188544 61673b2091252f8941434c39dd533849
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 3633974 6dcd7d0f6ebacd6963adca1c8d67f3a3
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 53128 3ebf0f6649342d5d0eed34da1b8f8b66
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 198222 888abaea2f5d82483409fb0559ab39f8
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_hppa.deb
Size/MD5 checksum: 64392 889538b4f36141d736e6bd8255335265
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 10876072 4798da0589b3eda451189f4ee837daa6
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 50636714 7cf5cf91aa41e12962a9b54cfcbc1f95
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 3619896 8b82595f5dd7722df603604522e8fe77
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 47684 442980b3b4af19981d3cefeab4c7be16
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 190362 aeebbabe4cd629c53e0b4457909672c5
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_i386.deb
Size/MD5 checksum: 57716 8a4994ffe091c7856528272c7819677e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 16500728 09d49b0442fd424b4aed1b19cf03c17f
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 51672952 ca7a8a748836b8c7e18f5477fa0ccbd4
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 3674838 4c056de3d838a4b6fd798534134fda83
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 59168 88f4bd4ab03c5114cf877b20d256b136
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 204384 f81bf3f095059110035b527083d21513
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_ia64.deb
Size/MD5 checksum: 73782 0e0446628f65f1971d610f8ea5eb55a8
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 11547504 cb91bfc37e93e7ad7758d8bc88f1ea3b
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 53010312 c000535f52bf6cf0882c24ffb1aa8f99
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 3629758 404d00290b34e0dccbe535486d15d2ef
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 48860 beeb138cb257900367f1a3515663a9bb
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 192122 51ba670ff72d85f5d268e76938ef3e1a
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mips.deb
Size/MD5 checksum: 58236 48a92291ff311b4baaa5127ed05fabd2
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 11324984 054ea1a49b85b8ef1c96378a7e374d0d
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 51571486 a8f34224277f5c1ae2a0f61b70d02593
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 3629510 2e916487ac92b5fcf526448f059ba705
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 48698 21fa0e18cf48698b639a42a118f069c4
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 191618 0ea2fb530662a75f87c4900eed37e580
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mipsel.deb
Size/MD5 checksum: 58298 7dbf75a88f7a731046b6e030f39fcb2e
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 11771646 28848cf3b4daa66182ea2e6b3cc9f923
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 53187512 5c06f5751cf333896cefd8cd716d6ee0
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 3625032 e8da32f365cb833338a5f02ef1bd3854
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 49320 a51244d6bcad918b35045910efd3ee41
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 192360 22505d425d81e8c9cfc080e28385bf17
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_powerpc.deb
Size/MD5 checksum: 60046 f5537d555c091d6b21ed376cb285d618
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 12798692 f6c0fdd711173ad917b5ad6a519c39ef
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 52048216 a1b5a704d041b321d381192cc36ec16b
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 3628374 004598a21c81cd2d7c246eae41f8083a
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 52374 ef69f9ba492cc13cb34e7e5ffba9ffd6
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 197070 0910dede4859dc42492de82b278af585
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_s390.deb
Size/MD5 checksum: 61830 4c3b615eeda0bd9ce6563a9c147047c7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 11083210 15ca31506f5fc73c238fec8c744db051
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 50536416 5da4451d0af12a06d57de7910393b93e
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 3618046 3e22307aa970e88dc69f9e459ee8993e
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 47856 81b806db6c0fe39763603af6758bc76d
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 189880 bf1d05dfd15fbb91a5f4aa369f3802f1
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_sparc.deb
Size/MD5 checksum: 57790 cb8c6d9edd31af176b32dfcf5a6a88a5
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGcCpNXm3vHE4uyloRAly4AJ98IF87LBnkxez/YsOp13kH0mTESwCfZqIk
X6BZRBrnMJzMDbQK9rdXoec=
=rmeM
-----END PGP SIGNATURE-----