Secunia Security Advisory - Debian has issued an update for iceape. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
e0abf2971d3bca7bfb7899cc3670bd0a4428d9f5e73da6d34ff64506c2e351e0
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Debian update for iceape
SECUNIA ADVISORY ID:
SA26159
VERIFY ADVISORY:
http://secunia.com/advisories/26159/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, Spoofing, Exposure of sensitive information,
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
DESCRIPTION:
Debian has issued an update for iceape. This fixes some
vulnerabilities, which can be exploited by malicious people to
disclose potentially sensitive information, conduct spoofing and
cross-site scripting attacks, and potentially compromise a user's
system.
For more information:
SA25990
SA26095
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 4.0 alias etch --
Source archives:
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.dsc
Size/MD5 checksum: 1436 a5ddcea94b97d0eb7d88da94a72ca627
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.diff.gz
Size/MD5 checksum: 267008 018274eb404a0e83606ce0d21e87ad01
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4
Architecture independent components:
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 278618 ee0d7c0bf576089522f4e9f72c8c3add
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 3707920 4bea22fd5361596b66969d7858dd3ad4
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 27756 7b7b835dae8ca15c7ec1592ff702ebb6
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 27278 0cc3f8a430af60e0dbcb83576879689e
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26354 d33b0ec877535b4fa4bf1aa07350f932
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26364 ff123607a7884ee5a3865464c76021ea
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26486 4ca53a0ad06db0acb0b879fadfdd4fd5
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26390 2420778740bf3e57de6ecd5d343d65dd
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26390 f6fb1d696a8fbd326204419b73ab98e1
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26374 84203bd26fc8360bbb82535d81a823eb
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26362 440d3f62c74c42ffcbb5ad73f2069e5c
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch1_all.deb
Size/MD5 checksum: 26346 ce97b31d46e18455189a03940aa72b92
Alpha architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 12890534 11930d8d5ba846c22095362a46a3ff74
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 625330 05c5e03df278bc31932846e1d30a00f9
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 60600154 5741efb22728c62acf22154c8a1f3e86
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 196866 c64af9533b850bbbd57f9bb87685f9ca
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 53100 7193be3a3787964216f4bfa83c7b2789
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_alpha.deb
Size/MD5 checksum: 2281920 46540cf88b15c9e7455fce6389be88ed
AMD64 architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 11668032 c3b8626d19c52f840fe80b39232b0cd7
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 608632 f198d453bbbee84201acc69dd9fa5a1a
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 59611854 900bf6f48f9df4d30dfd8313b127cfb3
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 194016 5adc494eaac9ba8f09c16441c5213318
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 52592 4dab2583ccce4830b516fc68ef90bfbd
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_amd64.deb
Size/MD5 checksum: 2090564 2ad1c710c8f3d7e1a5aa4f8b29b469e7
ARM architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 10404318 a3d00ba7cfe0c715fb15bedf1015e601
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 582112 b0b849a2ffcf26a9441ace8ccdc8e398
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 58762556 1a0f50dcbd272bc05c34d254d4507a4b
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 188056 c0b5504ff4183a9e1fef78983a929e67
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 47298 3c45d2f04093d8a0c5fc41a42251ec73
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_arm.deb
Size/MD5 checksum: 1907106 b7918528c3b9213502f528adc95c58ab
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 12968358 ea1453f3ffa54ee3120ac58cfb293a10
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 614490 83b15ddde3c3b657ad44447802c18261
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 60467066 e26575d92f3d6d34e98bd8bab228a010
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 197064 7d50bb4f9866918e3ef4981c738e650b
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 53686 442e54332b114ea0a63fec012912d164
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_hppa.deb
Size/MD5 checksum: 2338858 47f729c72d8843241cb88407e2e99e47
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 10477338 deab48630b8aeb248bfa9397e88fd489
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 587938 2f19c0f151b456a0c0e84b0812cb0dc6
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 58688874 8e26e07fc8e55d38cde9091093e8ff08
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 188700 2b399a919d4ee6ee8c5cf22db90e741c
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 47678 a85d86cd967b44370ec1b3329b9728a5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_i386.deb
Size/MD5 checksum: 1889676 66d798529d1f56ce668f8d7eda66abd6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 15794104 7cce099248b412a4189ad2d3243ed7b7
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 660672 c7a44faa5e50d8e9c4613c482d4815cd
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 59877166 2fe2866b66428866cfed2ab068829bf0
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 203708 775d91256820711eb33d3b4af4c1cfbb
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 61198 5f258d8b03704153bc66d2114d60fe55
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_ia64.deb
Size/MD5 checksum: 2815616 ff8fbcd7ba8273161a4db64af91dd950
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 10913650 a40d4caf40bf9b5d989b0cdbf12e9479
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 594990 bf9e81b7f1498d5c60b673b08ba283a7
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 59826020 60a3a22c5a6e42da3c3981ff89fd40ee
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 190212 bad4a1f57643aa25603d6a1fdf85f83f
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 48982 ec96058415e4b33329b6fc5d481f8c56
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_mipsel.deb
Size/MD5 checksum: 1940378 3a1182500597f8f8d6db4671f187afd2
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 11312338 4f853beb774f7aecaca500031c0e182e
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 595304 4ff550a168faee0f2dffd96b3839c097
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 61603172 37d3070543aae6795d1f95eb1d97b1b1
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 191070 c11775a74df72fe1965aeb50f0f5e2e7
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 48634 031194e9c64f17085308d05dc47de49f
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_powerpc.deb
Size/MD5 checksum: 2005522 2c4907581d26e19441faed3a2a76a87e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 12291720 be79de8e773f1cbf83d34f837f0d3637
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 610698 4f6e4f45769b6cf87a498b7dece5157c
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 60372220 a25f1221df24b6d51d66b5f3d4751210
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 195860 25f6e1809320a9b0d111908cec8e309a
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 53194 754ae50a15664184d0e70de39cee22b5
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_s390.deb
Size/MD5 checksum: 2184640 8dffbcd81a31d460d94243fab5ce8049
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 10657254 83e7468e55d66d7f36d6903f5bb25fcd
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 584296 8a64241ccc10cda38927ad6f15af34ce
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 58501456 3e53e44bd0b33aaed55a6feab1839fc5
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 188616 4807d32457222d895b243cd44e390328
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 47260 3b1cf8ec9939812c886ba3378554e73a
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_sparc.deb
Size/MD5 checksum: 1894688 b8a4207b5edc44f0e24e362db96a6ff7
-- Debian GNU/Linux unstable alias sid --
Fixed in version 1.1.3-1.
ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00100.html
OTHER REFERENCES:
SA25990:
http://secunia.com/advisories/25990/
SA26095:
http://secunia.com/advisories/26095/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------