-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1424-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 08, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : iceweasel Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives allows cross-site scripting. CVE-2007-5959 Several crashes in the layout engine were discovered, which might allow the execution of arbitrary code. CVE-2007-5960 Gregory Fleischer discovered a race condition in the handling of the "window.location" property, which might lead to cross-site request forgery. The Mozilla products in the oldstable distribution (sarge) are no longer supported with with security updates. For the stable distribution (etch) these problems have been fixed in version 2.0.0.10-0etch1. For the unstable distribution (sid) these problems have been fixed in version 2.0.0.10-2. We recommend that you upgrade your iceweasel packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.dsc Size/MD5 checksum: 1289 30031e99f0594521e649eb8f7f080a54 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10.orig.tar.gz Size/MD5 checksum: 43505088 f016638930a16c0a44fb0b13b6804f99 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.diff.gz Size/MD5 checksum: 186288 75492d134ad78c2a3f8c7a3f851d0e6c Architecture independent packages: http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 54716 09cee6268a092b9300beb2bd1ea7bf67 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 54044 ceeb90ee28309be4785fac53f659d21d http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 239252 b5e1932561074d83a32df5c8dab3f4d8 http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 54186 6fca16650d5396c091e9967330e77c29 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 54076 d6efb7f19184d30db9368338bcf991b5 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 53928 b7c1913d0c2ca87d7ea83b03c0d327c2 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.10-0etch1_all.deb Size/MD5 checksum: 53924 d8b3b367ad11122ce45cd52bb051f04f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_alpha.deb Size/MD5 checksum: 11550394 d1d26a5c528540230f52ff10ac3ae23e http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_alpha.deb Size/MD5 checksum: 51052142 620c82916d4b66a6ee76b87366182089 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_alpha.deb Size/MD5 checksum: 90822 9ac379fc0c601cc8511371201b996698 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_amd64.deb Size/MD5 checksum: 87490 60f83326a7f344fe9834ae3fe8895b62 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_amd64.deb Size/MD5 checksum: 50039638 dabf8ef7580b504a3d196a05636ef088 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_amd64.deb Size/MD5 checksum: 10176298 9119f38cd1ad2f82c431591bf804dc6b arm architecture (ARM) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_arm.deb Size/MD5 checksum: 9228834 e86cffc61612357818ec294a74eabbfa http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_arm.deb Size/MD5 checksum: 49133114 c0e2eb6a0cd133de08bee88f3075f40d http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_arm.deb Size/MD5 checksum: 81260 df61a86635f53be26c54b5f73a1d66fc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_hppa.deb Size/MD5 checksum: 50405944 622c595550e18d27967eeaef510aceb5 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_hppa.deb Size/MD5 checksum: 89206 297ff408640ea7bf6e4054bfef8448b8 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_hppa.deb Size/MD5 checksum: 11025794 465902271fe5791631821748964e2b62 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_i386.deb Size/MD5 checksum: 9091212 0fa199d8de98cfca49325210ed823a6c http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_i386.deb Size/MD5 checksum: 81600 3792ff6da7de4bbcb16470038f10c4a8 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_i386.deb Size/MD5 checksum: 49430176 7d0466681bab9f40177451b6b1a415df ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_ia64.deb Size/MD5 checksum: 14109280 4e2df466b3317d4b7da74056ccd33cf4 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_ia64.deb Size/MD5 checksum: 50384210 cf73c1a8856bc596b59963179ad68c76 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_ia64.deb Size/MD5 checksum: 99796 8183b0bba38858221714bcc64e6b1b96 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mips.deb Size/MD5 checksum: 53825892 6ae638d0442622e981ed0bb739480465 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mips.deb Size/MD5 checksum: 82922 1a07be11a79484b9eed232451979cd5f http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mips.deb Size/MD5 checksum: 10954574 5f794b588d1d987ab39a241a45e380d8 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mipsel.deb Size/MD5 checksum: 52384634 3fc9ee7c2b49bbdce775222bf7a0b5cb http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mipsel.deb Size/MD5 checksum: 10732344 812e9ba923390aeb276f905a149a1447 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mipsel.deb Size/MD5 checksum: 82762 41f283d3cc7c14f11bd1012da2d03fd3 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_powerpc.deb Size/MD5 checksum: 83326 f3dbf30a7aa86ac64a1a586b9861bfd4 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_powerpc.deb Size/MD5 checksum: 51838412 551d3a0549c7f6a633a2c44305464869 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_powerpc.deb Size/MD5 checksum: 9911966 6dd5f24d2b19b60e5193cc3a4a7f6fa4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_s390.deb Size/MD5 checksum: 50714116 5c137d63563275f256e62b4267f1783f http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_s390.deb Size/MD5 checksum: 10333216 35b0ad810916603417fe10344013b5ab http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_s390.deb Size/MD5 checksum: 87698 596716a1ceb5243820b4c644831cb4ad sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_sparc.deb Size/MD5 checksum: 49052450 bcefe06c2296cfd190364b3eff4e0d5c http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_sparc.deb Size/MD5 checksum: 81434 34e0345eb0430e59ad057bb0efcb98c5 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_sparc.deb Size/MD5 checksum: 9119000 1d5327c89d681fcbc7e8b80eaeab3834 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHWoCuXm3vHE4uyloRAjF8AKClHL5xs2Z2ChgU/uVTuSpO8an2aACghec/ AuYsyM9+sPUtfBLlScwWowk= =Vx23 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/