drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in iceweasel
Name: |
Mehrere Probleme in iceweasel |
|
ID: |
DSA-2400-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian lenny, Debian sid, Debian squeeze |
|
Datum: |
Fr, 3. Februar 2012, 09:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442 |
|
Applikationen: |
Mozilla Firefox |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2400-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 02, 2012 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : iceweasel Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
CVE-2011-3670
Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure.
CVE-2012-0442
Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.
CVE-2012-0444
"regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code.
CVE-2012-0449
Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-13 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-12.
For the unstable distribution (sid), this problem has been fixed in version 10.0-1.
We recommend that you upgrade your iceweasel packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8q6TMACgkQXm3vHE4uylqMswCeMV4Nq6gQqwfUTMujLmalqYJ7 UhwAn0Nt1srFBPJXBdThe/EEeFGDOlpq =H+3+ -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20120202195215.GA8155@pisco.westfalen.local
|
|
|
|