Debian Security Advisory 2406-1

Debian Security Advisory 2406-1: Posted Feb 10, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2406-1 - Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449; SHA-256 | 8c380c84934737b4f02c7cf785dbda1b2cc651735d0eb54d87525fbaa5777161; Download | Favorite | View

Debian Security Advisory 2406-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2406-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
February 09, 2012                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

Several vulnerabilities have been discovered in Icedove, Debian's
variant of the Mozilla Thunderbird code base.

CVE-2011-3670
  Icedove does not not properly enforce the IPv6 literal address
  syntax, which allows remote attackers to obtain sensitive
  information by making XMLHttpRequest calls through a proxy and
  reading the error messages.

CVE-2012-0442
  Memory corruption bugs could cause Icedove to crash or
    possibly execute arbitrary code.

CVE-2012-0444
  Icedove does not properly initialize nsChildView data
  structures, which allows remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly
  execute arbitrary code via a crafted Ogg Vorbis file.

CVE-2012-0449
  Icedove allows remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute
  arbitrary code via a malformed XSLT stylesheet that is
  embedded in a document

For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze7.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJPM7PyAAoJEL97/wQC1SS+46QH/0NkqnkfapTtEUKV71mvSufA
KSjeYaZqowMJtM1JQcuGdcGQifTeOoXqfm9lBCyXOpoxgGS5ltqOTYkbYRT+2XNr
+sw6SbMA+X5N3+gHIpeuZtDgEqT3hZWlyxoB83LarvVoQfxU+43jfjeR3d4GPNQe
kL0H40v3mt7WneVOdrk+N1LUlqO/EY1KK7lStXhyjSGShTQqOTrWzUXcogKBDcY9
DFT9bR3jKKjPXYKHr1kc4/mEUSGsJ9XHxm0nEAGiXEV6Np+6owB54ANb4BoLV3ON
ZXpYglfqw44ikYi+wDGaPsq91ofmIwb7eqiAadQPBMZTmjUM3BMLKLvumrp1CBY=
=KEq1
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 2406-1

Debian Security Advisory 2406-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2406-1

Share This

Debian Security Advisory 2406-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems