Sicherheit: Mehrere Probleme in iceape

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1697-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 07, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : iceape
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-0016 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798
CVE-2008-2799 CVE-2008-2800
CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807
CVE-2008-2808 CVE-2008-2809
CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836
CVE-2008-3837 CVE-2008-4058
CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065
CVE-2008-4067 CVE-2008-4068
CVE-2008-4069 CVE-2008-4070 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014
CVE-2008-5017 CVE-2008-0017
CVE-2008-5021 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506
CVE-2008-5507 CVE-2008-5508
CVE-2008-5511 CVE-2008-5512

Several remote vulnerabilities have been discovered in Iceape an
unbranded version of the Seamonkey internet suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0016

Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the
execution of arbitrary code. (MFSA 2008-37)

CVE-2008-0304

It was discovered that a buffer overflow in MIME decoding can lead
to the execution of arbitrary code. (MFSA 2008-26)

CVE-2008-2785

It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
(MFSA 2008-34)

CVE-2008-2798

Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code. (MFSA 2008-21)

CVE-2008-2799

Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary
code. (MFSA 2008-21)

CVE-2008-2800

"moz_bug_r_a4" discovered several cross-site scripting
vulnerabilities.
(MFSA 2008-22)

CVE-2008-2801

Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context or signed JAR archives. (MFSA 2008-23)

CVE-2008-2802

"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
(MFSA 2008-24)

CVE-2008-2803

"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceape itself is not affected, but
some addons are. (MFSA 2008-25)

CVE-2008-2805

Claudio Santambrogio discovered that missing access validation in
DOM parsing allows malicious web sites to force the browser to
upload local files to the server, which could lead to information
disclosure. (MFSA 2008-27)

CVE-2008-2807

Daniel Glazman discovered that a programming error in the code for
parsing .properties files could lead to memory content being
exposed to addons, which could lead to information disclosure.
(MFSA 2008-29)

CVE-2008-2808

Masahiro Yamada discovered that file URLS in directory listings
were insufficiently escaped. (MFSA 2008-30)

CVE-2008-2809

John G. Myers, Frank Benkstein and Nils Toedtmann discovered that
alternate names on self-signed certificates were handled
insufficiently, which could lead to spoofings of secure connections.
(MFSA 2008-31)

CVE-2008-2810

It was discovered that URL shortcut files could be used to bypass the
same-origin restrictions. This issue does not affect current Iceape,
but might occur with additional extensions installed. (MFSA 2008-32)

CVE-2008-2811

Greg McManus discovered a crash in the block reflow code, which might
allow the execution of arbitrary code. (MFSA 2008-33)

CVE-2008-2933

Billy Rios discovered that passing an URL containing a pipe symbol
to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35)

CVE-2008-3835

"moz_bug_r_a4" discovered that the same-origin check in
nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)

CVE-2008-3836

"moz_bug_r_a4" discovered that several vulnerabilities in
feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)

CVE-2008-3837

Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop. (MFSA 2008-40)

CVE-2008-4058

"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

CVE-2008-4059

"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

CVE-2008-4060

Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling. (MFSA 2008-41)

CVE-2008-4061

Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code. (MFSA 2008-42)

CVE-2008-4062

Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
discovered crashes in the Javascript engine, which might allow the
execution of arbitrary code. (MFSA 2008-42)

CVE-2008-4065

Dave Reed discovered that some Unicode byte order marks are
stripped from Javascript code before execution, which can result in
code being executed, which were otherwise part of a quoted string.
(MFSA 2008-43)

CVE-2008-4067

Boris Zbarsky discovered that resource: URls allow directory
traversal when using URL-encoded slashes. (MFSA 2008-44)

CVE-2008-4068

Georgi Guninski discovered that resource: URLs could bypass local
access restrictions. (MFSA 2008-44)

CVE-2008-4069

Billy Hoffman discovered that the XBM decoder could reveal
uninitialised memory. (MFSA 2008-45)

CVE-2008-4070

It was discovered that a buffer overflow could be triggered via a
long header in a news article, which could lead to arbitrary code
execution. (MFSA 2008-46)

CVE-2008-5012

Georgi Guninski, Michal Zalewski and Chris Evan discovered that
the canvas element could be used to bypass same-origin
restrictions. (MFSA 2008-48)

CVE-2008-5013

It was discovered that insufficient checks in the Flash plugin glue
code could lead to arbitrary code execution. (MFSA 2008-49)

CVE-2008-5014

Jesse Ruderman discovered that a programming error in the
window.__proto__.__proto__ object could lead to arbitrary code
execution. (MFSA 2008-50)

CVE-2008-5017

It was discovered that crashes in the layout engine could lead to
arbitrary code execution. (MFSA 2008-52)

CVE-2008-0017

Justin Schuh discovered that a buffer overflow in http-index-format
parser could lead to arbitrary code execution. (MFSA 2008-54)

CVE-2008-5021

It was discovered that a crash in the nsFrameManager might lead to
the execution of arbitrary code. (MFSA 2008-55)

CVE-2008-5022

"moz_bug_r_a4" discovered that the same-origin check in
nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
(MFSA 2008-56)

CVE-2008-5024

Chris Evans discovered that quote characters were improperly
escaped in the default namespace of E4X documents. (MFSA 2008-58)

CVE-2008-4582

Liu Die Yu discovered an information leak through local shortcut
files. (MFSA 2008-59)

CVE-2008-5500

Jesse Ruderman discovered that the layout engine is vulnerable to
DoS attacks that might trigger memory corruption and an integer
overflow. (MFSA 2008-60)

CVE-2008-5503

Boris Zbarsky discovered that an information disclosure attack could
be performed via XBL bindings. (MFSA 2008-61)

CVE-2008-5506

Marius Schilder discovered that it is possible to obtain sensible
data via a XMLHttpRequest. (MFSA 2008-64)

CVE-2008-5507

Chris Evans discovered that it is possible to obtain sensible data
via a JavaScript URL. (MFSA 2008-65)

CVE-2008-5508

Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)

CVE-2008-5511

It was discovered that it is possible to perform cross-site scripting
attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)

CVE-2008-5512

It was discovered that it is possible to run arbitrary JavaScript
with chrome privileges via unknown vectors. (MFSA 2008-68)

For the stable distribution (etch) these problems have been fixed in
version 1.0.13~pre080614i-0etch1.

For the upcoming stable distribution (lenny) distribution these problems
will be fixed soon.

For the unstable (sid) distribution these problems have been fixed in
version 1.1.14-1.

We recommend that you upgrade your iceape packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel,
powerpc, s390 and sparc.

Source archives:

iceape_1.0.13~pre080614i-0etch1.dsc
Size/MD5 checksum: 2104 b780c722d772cde416bfbda0e6750e3f
iceape_1.0.13~pre080614i-0etch1.diff.gz
Size/MD5 checksum: 2033694 fadf6ae5717e05ff353c52b8e90825d0
iceape_1.0.13~pre080614i.orig.tar.gz
Size/MD5 checksum: 42978498 b5f28ad30d5e15dc67efa370c7f9ee59

Architecture independent packages:

mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29248 3c5939146bfc6801b54a5e0584dca482
mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29224 8027c7b507f7029d558846ad1e38db99
iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 281076 80fcf72ee4e4392b44e32f052ea70456
mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29232 ffa20451394a1d05f5da58116f133916
iceape-dev_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 3667564 aec7efa1351f2f41289ec6edc5d1da6c
mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 30218 3a26ed7bbcdefc06ec0f34256733ad4e
mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29358 b764c962b7bc3a9fc2a2c6c723b3129c
mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29222 dc21b8434b9b72375e8df9fa94a7709d
mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29260 9f827631e7c410da840ca7ae095ebe2d
iceape_1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 30676 a508e9e68d99676fd897ecb1095486b7
mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29244 33e0809ea09959c467e1379206e605ab
mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
Size/MD5 checksum: 29264 fc07419a1397db4a1f65f42123864c76

alpha architecture (DEC Alpha)

iceape-dbg_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 60708202 67b1488b6549084cccfe2939ad6da1c0
iceape-mailnews_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 2282516 c3e6e1ec7cd869c1205a79de1e090d7a
iceape-gnome-support_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 56706 44defee7a96a0a632744acdec128e152
iceape-dom-inspector_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 200546 69a5be2dfec4f6690041bad98e80331e
iceape-browser_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 12894314 ae3d3ef615ea4e13363a274912e1e99c
iceape-calendar_1.0.13~pre080614i-0etch1_alpha.deb
Size/MD5 checksum: 629450 96d8b62fdaffdbd48ade90b1e3e4e032

amd64 architecture (AMD x86_64 (AMD64))

iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 2094958 d25528c803f38c309c74427d5e0769c1
iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 11683136 aff467dd69f1272dbcc1be14f0d96295
iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 55488 62268a914d78526df611190dbab5e6ca
iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 612120 45ce3f797e175feff8cbd20526008f7b
iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 59742704 2c7625187ee32f93a01b0f822face8f7
iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
Size/MD5 checksum: 197202 50ea3e1f957a8c6ca761f651f25cba39

hppa architecture (HP PA RISC)

iceape-gnome-support_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 56794 383de80565c8737055cbb7f854bfda21
iceape-dom-inspector_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 200226 f22a4d3ab31ce54792c41166669ecc66
iceape-dbg_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 60588594 5ddfcb5e1feca41bef601a181ab7c86c
iceape-browser_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 13002074 0ba6c8340786bcd476e450fd9c227444
iceape-mailnews_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 2352360 74c84da1042f6509e7061f64779d37a6
iceape-calendar_1.0.13~pre080614i-0etch1_hppa.deb
Size/MD5 checksum: 621258 e017d448d1cbdf589c4cbc1381187ff2

i386 architecture (Intel ia32)

iceape-browser_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 10493838 6ae4594756d565e0e8cbd5df76011736
iceape-dom-inspector_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 192010 9cc79d018eedc49931af793d1828bd95
iceape-dbg_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 58802216 6469dd02ef7db7da6e5ab347e6ce7d60
iceape-mailnews_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 1894534 519c11b7d16a9b18f2210808ae1d0d92
iceape-gnome-support_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 50552 dd9e3a6356e265592d5eea54c4e44c21
iceape-calendar_1.0.13~pre080614i-0etch1_i386.deb
Size/MD5 checksum: 591248 2e54c039929b804d0d7d1fd5df38171a

ia64 architecture (Intel ia64)

iceape-calendar_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 664100 38ab3addca82ff3cd814265777814a89
iceape-dom-inspector_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 206798 41237d984441d52d39fedc62d58514cf
iceape-dbg_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 59993870 48724db6f24e5b198ccd296ab5eae79d
iceape-browser_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 15810684 ab38e3d118ee39b7f77bd0d6920f5f62
iceape-mailnews_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 2819586 5b71efd5233db1081bc5c71bed2c19e5
iceape-gnome-support_1.0.13~pre080614i-0etch1_ia64.deb
Size/MD5 checksum: 64056 0841d4d6a5a5958a3ea3549f2536cbc7

mips architecture (MIPS (Big Endian))

iceape-dom-inspector_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 193922 fa7ef5ff71177f2ddd6842c335ff6b0e
iceape-browser_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 11140164 9188919a54175217153ad1b7900397cd
iceape-dbg_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 61581874 31636d074d991a80a0e7b7d314999fd2
iceape-calendar_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 601582 bdee14d2f4f81f6afa2d9b58be1d0c94
iceape-gnome-support_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 52124 2f6b4f92e32bc1f1afb7ee1563faad8f
iceape-mailnews_1.0.13~pre080614i-0etch1_mips.deb
Size/MD5 checksum: 1958828 84d9804ceea7404e213e883a970810eb

mipsel architecture (MIPS (Little Endian))

iceape-browser_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 10925674 27894883c1de817d54cc4907a382d980
iceape-calendar_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 598084 83e4d5bb9ac0d4d8e47ca121e99866ce
iceape-mailnews_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 1944652 32c2318db8b4bcaa5845b532d72de713
iceape-dom-inspector_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 193434 b3e49574473fe47d0017da5ebe20d7bc
iceape-dbg_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 59935110 dc8551b52c078a10192b9693a16ffe3b
iceape-gnome-support_1.0.13~pre080614i-0etch1_mipsel.deb
Size/MD5 checksum: 51936 96f5aca01dcedbd47c0576cbb72c8b6c

powerpc architecture (PowerPC)

iceape-dbg_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 61714000 86246588c13b8ec2a2c678d2d22fb9c2
iceape-calendar_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 598244 a800be58f01cfb5e95e2fad048f1d698
iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 2008442 ba78c3982162ae34e75fec4c5a942a85
iceape-gnome-support_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 51290 70f98cf9e61d4a05282be3b751064c86
iceape-dom-inspector_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 194126 ed1919113692ba5fa791fa488a4f4439
iceape-browser_1.0.13~pre080614i-0etch1_powerpc.deb
Size/MD5 checksum: 11325232 77ae05048976e57731e988f141ae5bec

s390 architecture (IBM S/390)

iceape-calendar_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 614074 89cf267528c6f7c35e39935d2ed4040c
iceape-dbg_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 60468932 ef714afc155664d90f19528a9fc3ecc0
iceape-mailnews_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 2187836 38740bf0c2f5c87205ab9c990ea4177d
iceape-gnome-support_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 56036 9b3deb1020cde420c9abf02fd66efd2f
iceape-dom-inspector_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 199010 115d1e007cf3f8731421eed4cfc6e90a
iceape-browser_1.0.13~pre080614i-0etch1_s390.deb
Size/MD5 checksum: 12300536 2811d12c7dee00fadcd9eb5c58ec8f4f

sparc architecture (Sun SPARC/UltraSPARC)

iceape-browser_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 10694130 88813d3246501a19f576e420968f688b
iceape-dom-inspector_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 190218 c47a2036511b7338e757b2e42e035e7c
iceape-gnome-support_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 49148 cec70f901ce76c3710026a2635315af0
iceape-calendar_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 590140 ff8c1213e52c2d2bb0bab134db93f840
iceape-mailnews_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 1904008 6b2327e75595ba38f48139a7fc4776a0
iceape-dbg_1.0.13~pre080614i-0etch1_sparc.deb
Size/MD5 checksum: 58609342 8c945ce7ad5f770c780ec63653c8c033

These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkllIRQACgkQXm3vHE4uylpBjACdFteFcAr5MP75xXIpW78X+mVP
Kj0AoNrlHNonnWlikx2TuYSgAs3xCnBU
=Qq6H
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org