Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in icedove
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in icedove
ID: DSA-2464-1
Distribution: Debian
Plattformen: Debian squeeze
Datum: Do, 3. Mai 2012, 22:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
Applikationen: Mozilla Thunderbird

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2464-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 02, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 
                 CVE-2012-0479

Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client.

CVE-2012-0467

   Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary
   Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,
   and Olli Pettay discovered memory corruption bugs, which may lead
   to the execution of arbitrary code.

CVE-2012-0470

   Atte Kettunen discovered that a memory corruption bug in
   gfxImageSurface may lead to the execution of arbitrary code.

CVE-2012-0471

   Anne van Kesteren discovered that incorrect multibyte octet
   decoding may lead to cross-site scripting.

CVE-2012-0477

   Masato Kinugawa discovered that incorrect encoding of
   Korean and Chinese character sets may lead to cross-site scripting.

CVE-2012-0479

   Jeroen van der Gun discovered a spoofing vulnerability in the
   presentation of Atom and RSS feeds over HTTPS.

For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze9.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+hWBsACgkQXm3vHE4uylpUpgCePI+7qkAjfvp/Ml8PKfatTwDL
ih4AmQFWRb0ykHkec0yI5AgH0V54TfVS
=tNcW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Archive: http://lists.debian.org/20120503154546.GA3675@pisco.westfalen.local
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung