DSA 1339-1: New iceape packages fix several vulnerabilities
Posted on: 07/24/2007 01:05 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1339-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 23rd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : iceape
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

Michal Zalewski discovered that same-origin policies for wyciwyg://
documents are insufficiently enforced.

CVE-2007-3734

Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.

CVE-2007-3735

Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

"moz_bug_r_a4" discovered that the addEventListener() and setTimeout()
functions allow cross-site scripting.

CVE-2007-3737

"moz_bug_r_a4" discovered that a programming error in event handling
allows privilege escalation.

CVE-2007-3738

"shutdown" and "moz_bug_r_a4" discovered that the XPCNativeWrapper allows
the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
1.0.10~pre070720-0etch1. A build for the mips architecture is not yet available,
it will be provided later.

For the unstable distribution (sid) these problems have been fixed in version
1.1.3-1.

We recommend that you upgrade your iceape packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.dsc
Size/MD5 checksum: 1436 a5ddcea94b97d0eb7d88da94a72ca627
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.diff.gz
Size/MD5 checksum: 267008 018274eb404a0e83606ce0d21e87ad01
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4

Architecture independent components:

http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 278618 ee0d7c0bf576089522f4e9f72c8c3add
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 3707920 4bea22fd5361596b66969d7858dd3ad4
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 27756 7b7b835dae8ca15c7ec1592ff702ebb6
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 27278 0cc3f8a430af60e0dbcb83576879689e
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26354 d33b0ec877535b4fa4bf1aa07350f932
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26364 ff123607a7884ee5a3865464c76021ea
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26486 4ca53a0ad06db0acb0b879fadfdd4fd5
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26390 2420778740bf3e57de6ecd5d343d65dd
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26390 f6fb1d696a8fbd326204419b73ab98e1
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26374 84203bd26fc8360bbb82535d81a823eb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26362 440d3f62c74c42ffcbb5ad73f2069e5c
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26346 ce97b31d46e18455189a03940aa72b92

Alpha architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 12890534 11930d8d5ba846c22095362a46a3ff74
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 625330 05c5e03df278bc31932846e1d30a00f9
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 60600154 5741efb22728c62acf22154c8a1f3e86
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 196866 c64af9533b850bbbd57f9bb87685f9ca
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 53100 7193be3a3787964216f4bfa83c7b2789
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 2281920 46540cf88b15c9e7455fce6389be88ed

AMD64 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 11668032 c3b8626d19c52f840fe80b39232b0cd7
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 608632 f198d453bbbee84201acc69dd9fa5a1a
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 59611854 900bf6f48f9df4d30dfd8313b127cfb3
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 194016 5adc494eaac9ba8f09c16441c5213318
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 52592 4dab2583ccce4830b516fc68ef90bfbd
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 2090564 2ad1c710c8f3d7e1a5aa4f8b29b469e7

ARM architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 10404318 a3d00ba7cfe0c715fb15bedf1015e601
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 582112 b0b849a2ffcf26a9441ace8ccdc8e398
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 58762556 1a0f50dcbd272bc05c34d254d4507a4b
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 188056 c0b5504ff4183a9e1fef78983a929e67
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 47298 3c45d2f04093d8a0c5fc41a42251ec73
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 1907106 b7918528c3b9213502f528adc95c58ab

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 12968358 ea1453f3ffa54ee3120ac58cfb293a10
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 614490 83b15ddde3c3b657ad44447802c18261
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 60467066 e26575d92f3d6d34e98bd8bab228a010
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 197064 7d50bb4f9866918e3ef4981c738e650b
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 53686 442e54332b114ea0a63fec012912d164
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 2338858 47f729c72d8843241cb88407e2e99e47

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 10477338 deab48630b8aeb248bfa9397e88fd489
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 587938 2f19c0f151b456a0c0e84b0812cb0dc6
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 58688874 8e26e07fc8e55d38cde9091093e8ff08
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 188700 2b399a919d4ee6ee8c5cf22db90e741c
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 47678 a85d86cd967b44370ec1b3329b9728a5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 1889676 66d798529d1f56ce668f8d7eda66abd6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 15794104 7cce099248b412a4189ad2d3243ed7b7
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 660672 c7a44faa5e50d8e9c4613c482d4815cd
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 59877166 2fe2866b66428866cfed2ab068829bf0
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 203708 775d91256820711eb33d3b4af4c1cfbb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 61198 5f258d8b03704153bc66d2114d60fe55
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 2815616 ff8fbcd7ba8273161a4db64af91dd950

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 10913650 a40d4caf40bf9b5d989b0cdbf12e9479
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 594990 bf9e81b7f1498d5c60b673b08ba283a7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 59826020 60a3a22c5a6e42da3c3981ff89fd40ee
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 190212 bad4a1f57643aa25603d6a1fdf85f83f
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 48982 ec96058415e4b33329b6fc5d481f8c56
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 1940378 3a1182500597f8f8d6db4671f187afd2

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 11312338 4f853beb774f7aecaca500031c0e182e
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 595304 4ff550a168faee0f2dffd96b3839c097
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 61603172 37d3070543aae6795d1f95eb1d97b1b1
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 191070 c11775a74df72fe1965aeb50f0f5e2e7
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 48634 031194e9c64f17085308d05dc47de49f
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 2005522 2c4907581d26e19441faed3a2a76a87e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 12291720 be79de8e773f1cbf83d34f837f0d3637
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 610698 4f6e4f45769b6cf87a498b7dece5157c
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 60372220 a25f1221df24b6d51d66b5f3d4751210
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 195860 25f6e1809320a9b0d111908cec8e309a
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 53194 754ae50a15664184d0e70de39cee22b5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 2184640 8dffbcd81a31d460d94243fab5ce8049

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 10657254 83e7468e55d66d7f36d6903f5bb25fcd
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 584296 8a64241ccc10cda38927ad6f15af34ce
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 58501456 3e53e44bd0b33aaed55a6feab1839fc5
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 188616 4807d32457222d895b243cd44e390328
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 47260 3b1cf8ec9939812c886ba3378554e73a
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 1894688 b8a4207b5edc44f0e24e362db96a6ff7


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGpUB+Xm3vHE4uyloRAtK+AKCFyK4tO8NzTFh/dsfPkCjMt+kYmgCg52na
gYCMrox+ckaLZhG90jKyiXM=
=OOIl
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1339_1_new_iceape_packages_fix_several_vulnerabilities.html)