LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New iceape packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1562-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
April 28, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : iceape
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1380

It was discovered that crashes in the Javascript engine of Iceape,
an unbranded version of the Seamonkey internet suite could
potentially lead to the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 1.0.13~pre080323b-0etch3.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.9-2.

We recommend that you upgrade your iceape packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.diff.gz
    Size/MD5 checksum:   272290 65a6cc900463ab3324a42250ce39c10b
  http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz
    Size/MD5 checksum: 42900009 f2a3c50d814f6e7015f779b10494fac8
  http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.dsc
    Size/MD5 checksum:     1439 7e71d648dcc53a64aa9e8675c09021f8

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27638 9ea252e567314297df273d1d0565c081
  http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27636 19e71b334df21b23b2f511830972a0d4
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27682 7bfcf10a1034eefac22ae8657dee9bd2
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27772 36a3464a2d8fd4fc3847039b82dd1f5f
  http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    29034 a9f31dc27b4b17c63b783f07c3f8fd2c
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27650 6894ea2d406646086f60a29c1aba9cbe
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:  3928844 9a28456f31b2b5a06c6e69b175183ab9
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    28606 6e89267d545052a9b053c0b17b02d265
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27676 fed0fa97fb88ec0c975c432003dffaea
  http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:   282388 f6e5876a2562123eb182f44a9d28c0f5
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27644 97fd6c82d0386ed6f1ed8c2b45391634
  http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch3_all.deb
    Size/MD5 checksum:    27658 67afa911887af3df5a081d9bcaeb9e7b

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum:  2281694 6688ce20712749da04e7bc0e1f63b531
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum:    55052 d14150e730a8357b0e2ef81542eb604b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum: 60657374 ebc2656e676b129223a0d7b060205d32
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum: 12886440 aa35edb178dc8812275a005cb0449e7b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum:   627600 a7801c7ba516484aa2028c91646c2504
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_alpha.deb
    Size/MD5 checksum:   199118 44501f7751ab5a2b0e7cab912a132200

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum:   195524 d36d3e4cf9f7442bb550f5e8675b3036
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum:   614288 f1396dbd501a98b181cca52d5ba8e2a8
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum: 59660176 f90d321b0a4599135fe16f53338b362f
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum:  2100064 c626d518a1becbf76a23aa064a3ee2eb
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum: 11692364 6b191980ebc9d493f703b5fedc65081b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_amd64.deb
    Size/MD5 checksum:    53836 8695a98820343b899364083a40b03c1a

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum: 58799260 c243477696e8ea19c4263d2656d97c0c
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum:   586712 0c8a041b5a1d7d41263fa2c27575d607
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum:  1917016 7ceb3becd5be4a158bcd28151bd7ab51
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum:    47860 e65b19737b893676a310b8256e4b3b38
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum: 10426174 2d5f6458ed8aca7ee0f8c5ec643c9964
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_arm.deb
    Size/MD5 checksum:   187162 a08b63a8fb7f448664b01e52f8de9ffb

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum: 12992154 d00f8b54c176ce496f4728c7198d004a
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum:  2349904 356528663fc19599701944ee30afe6ff
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum:    55244 3edf68481a15575131f426a569a171d4
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum:   198650 b7f9775322181a1fd944dd8b3b90681d
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum: 60520216 cf8581572da5dedbbd3696ebbb793ba3
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_hppa.deb
    Size/MD5 checksum:   619710 ef8266cbebfdfdcf659999c8e67ecbaf

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum:   190234 f3f876cbc5cf3efec5ceb50a2c23d8dd
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum: 58741446 e2afabfab01c0a75295864916a20f0ca
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum: 10481106 9f7420c8033d5783cbfdd40ec9dc91ff
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum:    48872 226a49cb7be9ba105ed34ec974dd59c4
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum:   589458 3de29c0ae9e2a230ffbfcd5126822f4a
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_i386.deb
    Size/MD5 checksum:  1892130 05cccfec539b244127470556c51984e5

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum:   662418 ae517af1ffb77c7b51235872f7d80312
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum: 15794624 93cc77d14a609e82d121e56cc2c27bfc
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum:  2817276 41d813a7f813ac4f4b0f41a456cc02f7
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum:    62370 b097cd29fa93c5529673cb6b51dc9fad
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum: 59920168 46992c61685020d55a2d3f5954f4c1dd
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_ia64.deb
    Size/MD5 checksum:   205156 235d6ba67f58d4796d75375ee0c9d488

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum:    50344 34df46c921c10427bd2be8f81a588b67
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum:  1959720 6d82bdd9b96c072b4f693fe578c9366f
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum:   599894 deea3ff0702f70c48628d34dc63c373b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum: 61515672 e493c5a6ac2fca145163c27dddfbeb44
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum:   191488 63738c541fadb3092eead2f3e5f1cd26
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mips.deb
    Size/MD5 checksum: 11157416 e39b38cad58bfca703d7d3a332a63d1b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum:   191704 36ee86fdbd01a7d250ecb028bca5ad5b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum: 59864044 65cb18ae21e9231db157d41b5d91f12c
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum:  1942838 94c7f270fd6fdc8142d41b202df8eefd
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum:    50204 3243edf82c2bcbd7784393cda8a2c1e6
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum: 10911166 7d75c7d1918658e1a6f6435780e0885d
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mipsel.deb
    Size/MD5 checksum:   596506 62a92a8f8a703393df92d595250c5669

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum: 61652008 2891f06dc14d01571cd67c63391aabc2
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum:   596662 5a7f977f5e1ebb9e27d3f1faf969a573
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum:  2006874 aa7cf8f2b5bd5091b889185f55460a40
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum:    49666 0a376f9b57ed80972ba170533623fb7f
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum:   192472 494082cc73ee91c15d8c102015e27357
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_powerpc.deb
    Size/MD5 checksum: 11310932 7995d14bb7fb8ccc76c7b70e9ce93204

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum:    54436 685ac8c473a6d6f2f33d31c74a334238
  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum:  2186280 5db2c2e519c5f8e76061ce6c48d851a3
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum: 60408272 b141b0de2b3e3e9cd2bef50b0a956050
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum: 12288534 1b3cd06388c789d7a977fe9b284b19ab
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum:   197338 8981bee198dad3399e7e5bc293785537
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_s390.deb
    Size/MD5 checksum:   612218 be67de61abb2e447a34c0eaf706498df

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum:  1896522 7212773ff30ee7f0c9c268738f022e46
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum:   190132 8731cfeb8d89d4006f5b53836f25f02b
  http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum:    48478 d131f30545b3aa2ca2008e983ad4ef9f
  http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum:   585808 352c0eb180728a70c5b805839b5a7e67
  http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum: 58543536 92de9dc46e407a7c23f95023ad3a4a91
  http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_sparc.deb
    Size/MD5 checksum: 10660224 c21e2625875cf929b9a01767c203c9cd


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.