DSA 1424-1: New iceweasel packages fix several vulnerabilities
Posted on: 12/08/2007 01:45 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1424-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : iceweasel
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-5947

Jesse Ruderman and Petko D. Petkov discovered that the URI handler
for JAR archives allows cross-site scripting.

CVE-2007-5959

Several crashes in the layout engine were discovered, which might
allow the execution of arbitrary code.

CVE-2007-5960

Gregory Fleischer discovered a race condition in the handling of
the "window.location" property, which might lead to cross-site
request forgery.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.

For the stable distribution (etch) these problems have been fixed in
version 2.0.0.10-0etch1.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0.10-2.

We recommend that you upgrade your iceweasel packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.dsc
Size/MD5 checksum: 1289 30031e99f0594521e649eb8f7f080a54
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10.orig.tar.gz
Size/MD5 checksum: 43505088 f016638930a16c0a44fb0b13b6804f99
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.diff.gz
Size/MD5 checksum: 186288 75492d134ad78c2a3f8c7a3f851d0e6c

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54716 09cee6268a092b9300beb2bd1ea7bf67
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54044 ceeb90ee28309be4785fac53f659d21d
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 239252 b5e1932561074d83a32df5c8dab3f4d8
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54186 6fca16650d5396c091e9967330e77c29
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54076 d6efb7f19184d30db9368338bcf991b5
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 53928 b7c1913d0c2ca87d7ea83b03c0d327c2
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 53924 d8b3b367ad11122ce45cd52bb051f04f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 11550394 d1d26a5c528540230f52ff10ac3ae23e
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 51052142 620c82916d4b66a6ee76b87366182089
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 90822 9ac379fc0c601cc8511371201b996698

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 87490 60f83326a7f344fe9834ae3fe8895b62
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 50039638 dabf8ef7580b504a3d196a05636ef088
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 10176298 9119f38cd1ad2f82c431591bf804dc6b

arm architecture (ARM)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 9228834 e86cffc61612357818ec294a74eabbfa
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 49133114 c0e2eb6a0cd133de08bee88f3075f40d
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 81260 df61a86635f53be26c54b5f73a1d66fc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 50405944 622c595550e18d27967eeaef510aceb5
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 89206 297ff408640ea7bf6e4054bfef8448b8
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 11025794 465902271fe5791631821748964e2b62

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 9091212 0fa199d8de98cfca49325210ed823a6c
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 81600 3792ff6da7de4bbcb16470038f10c4a8
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 49430176 7d0466681bab9f40177451b6b1a415df

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 14109280 4e2df466b3317d4b7da74056ccd33cf4
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 50384210 cf73c1a8856bc596b59963179ad68c76
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 99796 8183b0bba38858221714bcc64e6b1b96

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 53825892 6ae638d0442622e981ed0bb739480465
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 82922 1a07be11a79484b9eed232451979cd5f
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 10954574 5f794b588d1d987ab39a241a45e380d8

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 52384634 3fc9ee7c2b49bbdce775222bf7a0b5cb
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 10732344 812e9ba923390aeb276f905a149a1447
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 82762 41f283d3cc7c14f11bd1012da2d03fd3

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 83326 f3dbf30a7aa86ac64a1a586b9861bfd4
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 51838412 551d3a0549c7f6a633a2c44305464869
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 9911966 6dd5f24d2b19b60e5193cc3a4a7f6fa4

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 50714116 5c137d63563275f256e62b4267f1783f
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 10333216 35b0ad810916603417fe10344013b5ab
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 87698 596716a1ceb5243820b4c644831cb4ad

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 49052450 bcefe06c2296cfd190364b3eff4e0d5c
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 81434 34e0345eb0430e59ad057bb0efcb98c5
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 9119000 1d5327c89d681fcbc7e8b80eaeab3834


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHWoCuXm3vHE4uyloRAjF8AKClHL5xs2Z2ChgU/uVTuSpO8an2aACghec/
AuYsyM9+sPUtfBLlScwWowk=
=Vx23
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1424_1_new_iceweasel_packages_fix_several_vulnerabilities.html)