Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702762
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2762-1 (icedove - several vulnerabilities)
Summary:Multiple security issues have been found in Icedove, Debian's version of;the Mozilla Thunderbird mail and news client. Multiple memory safety;errors and buffer overflows may lead to the execution of arbitrary code.;;The Icedove version in the oldstable distribution (squeeze) is no longer;supported with full security updates. However, it should be noted that;almost all security issues in Icedove stem from the included browser engine.;These security problems only affect Icedove if scripting and HTML mails;are enabled. If there are security issues specific to Icedove (e.g. a;hypothetical buffer overflow in the IMAP implementation) we'll make an;effort to backport such fixes to oldstable.
Description:Summary:
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client. Multiple memory safety
errors and buffer overflows may lead to the execution of arbitrary code.

The Icedove version in the oldstable distribution (squeeze) is no longer
supported with full security updates. However, it should be noted that
almost all security issues in Icedove stem from the included browser engine.
These security problems only affect Icedove if scripting and HTML mails
are enabled. If there are security issues specific to Icedove (e.g. a
hypothetical buffer overflow in the IMAP implementation) we'll make an
effort to backport such fixes to oldstable.

Affected Software/OS:
icedove on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 17.0.9-1~
deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1722
BugTraq ID: 62460
http://www.securityfocus.com/bid/62460
Debian Security Information: DSA-2762 (Google Search)
http://www.debian.org/security/2013/dsa-2762
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19031
RedHat Security Advisories: RHSA-2013:1268
http://rhn.redhat.com/errata/RHSA-2013-1268.html
RedHat Security Advisories: RHSA-2013:1269
http://rhn.redhat.com/errata/RHSA-2013-1269.html
SuSE Security Announcement: openSUSE-SU-2013:1491 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
SuSE Security Announcement: openSUSE-SU-2013:1493 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
SuSE Security Announcement: openSUSE-SU-2013:1495 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
SuSE Security Announcement: openSUSE-SU-2013:1496 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html
SuSE Security Announcement: openSUSE-SU-2013:1499 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://www.ubuntu.com/usn/USN-1951-1
http://www.ubuntu.com/usn/USN-1952-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1730
BugTraq ID: 62473
http://www.securityfocus.com/bid/62473
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19022
Common Vulnerability Exposure (CVE) ID: CVE-2013-1737
BugTraq ID: 62475
http://www.securityfocus.com/bid/62475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18789
Common Vulnerability Exposure (CVE) ID: CVE-2013-1718
BugTraq ID: 62463
http://www.securityfocus.com/bid/62463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18939
Common Vulnerability Exposure (CVE) ID: CVE-2013-1732
BugTraq ID: 62469
http://www.securityfocus.com/bid/62469
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18520
Common Vulnerability Exposure (CVE) ID: CVE-2013-1736
BugTraq ID: 62478
http://www.securityfocus.com/bid/62478
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18856
Common Vulnerability Exposure (CVE) ID: CVE-2013-1735
BugTraq ID: 62479
http://www.securityfocus.com/bid/62479
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18443
Common Vulnerability Exposure (CVE) ID: CVE-2013-1725
BugTraq ID: 62467
http://www.securityfocus.com/bid/62467
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19025
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.