Debians sikkerhedsbulletin
DSA-1305-1 icedove -- flere sårbarheder
- Rapporteret den:
- 13. jun 2007
- Berørte pakker:
- icedove
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2007-1558, CVE-2007-2867, CVE-2007-2868.
- Yderligere oplysninger:
-
Flere fjernudnytbare sårbarheder er opdaget i postprogrammet Icedove, en version af Thunderbird-programmet. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:
- CVE-2007-1558
Gatan Leurent opdagede en kryptografisk svaghed i APOP-autentification, hvilket formindskede det arbejde, der skulle til at gennemføre et "manden i midten"-angreb (MITM) til at opsnappe en adgangskode. Denne opdatering håndhæver en strengere kontrol, hvilket forhindrer dette angreb.
- CVE-2007-2867
Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers og Olli Pettay opdagede nedbrud i layoutmaskinen, hvilket kunne gøre det muligt at udføre vilkårlig kode.
- CVE-2007-2868
Brendan Eich, Igor Bukanov, Jesse Ruderman,
moz_bug_r_a4
og Wladimir Palant opdagede nedbrud i JavaScript-maskinen, hvilket kunne gøre det muligt at udføre vilkårlig kode.
Rettelser til den gamle stabile distribution (sarge) er ikke tilgængelige. Debian har ikke ressourcerne til at tilbageføre yderligere sikkerhedsrettelser til de gamle Mozilla-produktuer. Du opfordres kraftigt til så snart som muligt at opgradere til den stabile distribution.
I den stabile distribution (etch) er disse problemer rettet i version 1.5.0.12.dfsg1-0etch1.
I ustabile distribution (sid) vil disse problemer snart blive rettet.
Vi anbefaler at du opgraderer dine icedove-pakker.
- CVE-2007-1558
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.dsc
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.diff.gz
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1.orig.tar.gz
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
- http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_alpha.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_amd64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_arm.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_hppa.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_i386.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_ia64.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_ia64.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mips.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_s390.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_sparc.deb
- http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.