Debian Security Advisory 2528-1

Debian Security Advisory 2528-1: Posted Aug 15, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2012-1948, CVE-2012-1950, CVE-2012-1954, CVE-2012-1967; SHA-256 | 71b51ce0cbe692a4624106eb180f6e02df450db451499c2178a3cc4a7dce2ff3; Download | Favorite | View

Debian Security Advisory 2528-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2528-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
August 14, 2012                        http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1967

Several vulnerabilities were discovered in Icedove, Debian's version
of the Mozilla Thunderbird mail and news client.

CVE-2012-1948
  Multiple unspecified vulnerabilities in the browser engine
  were fixed.

CVE-2012-1950
  The underlying browser engine allows address bar spoofing 
  through drag-and-drop.

CVE-2012-1954
  A use-after-free vulnerability in the nsDocument::AdoptNode
  function allows remote attackers to cause a denial of service
  (heap memory corruption) or possibly execute arbitrary code.

CVE-2012-1967
  An error in the implementation of the Javascript sandbox
  allows execution of Javascript code with improper privileges
  using javascript: URLs.

For the stable distribution (squeeze), these problems have been fixed
in version 3.0.11-1+squeeze12.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 10.0.6-1.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQKqbqAAoJEL97/wQC1SS+IQcIAJ0R0R+4/gPgPwcco+U81PUr
uehr4v0uAiSMuwXqC9NwR1l27AmmT/0S6fqRY7YB1hFxg6IeZPx73594yQsFsqAx
6kHFwfO/YIBLh9HFgQWwCwpl5OJ3VNiST87loMSiPgr57TXpNMGHNRU5MEGomrc4
wX0dpAJgnaI1dLMZn17fguf1ejzXJ6zcejNMpNJEFNbR/10Qi5lpWeE0n8RhfsyQ
9X0RSHGKypXz3hLpio9zuuKoUOvP/8hJ2/S61vqGBh1aOP3JjNdg5rUWVpXS/Szv
2EtOBWWK7zazwrgvaOywYv9Ju52X8B64jYLwtMaBpMVdfJX4WbbtsXt5ZGWzza0=
=tukJ
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 2528-1

Debian Security Advisory 2528-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2528-1

Share This

Debian Security Advisory 2528-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems