Bug 9693 - security updates in iceape 2.17
: security updates in iceape 2.17
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
:
: MGA2-64-OK mga2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-04-11 00:54 CEST by Bill Wilkinson
Modified: 2013-04-18 00:28 CEST (History)
6 users (show)

See Also:
Source RPM:
CVE:


Attachments

Description Bill Wilkinson 2013-04-11 00:54:18 CEST
Multiple security updates for Iceape in seamonkey 2.17

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-04-11 19:28:18 CEST
iceape-2.17-1.mga2 is in updates_testing from Funda since yesterday.
Comment 2 Bill Wilkinson 2013-04-12 16:10:27 CEST
I see the package (indeed, I'm using it now) but I'm not seeing it in the QA list yet.
Comment 3 Christiaan Welvaart 2013-04-13 03:13:15 CEST
No package ready for testing, please remove or revert if you installed some 2.17 package.
Comment 4 Christiaan Welvaart 2013-04-14 14:02:47 CEST
Updated packages are ready for testing:

Source RPM:
iceape-2.17-1.mga2.src.rpm

Binary RPMs:
iceape-2.17-1.mga2.i586.rpm
iceape-2.17-1.mga2.x86_64.rpm

For these packages the "Build identifier" in Help->About is 2013040200 .

Proposed Advisory:


Updated iceape packages fix security issues:

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. (CVE-2013-0787)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2013-0788)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. (CVE-2013-0789)

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. (CVE-2013-0796)

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. (CVE-2013-0795)

Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. (CVE-2013-0794)

Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. (CVE-2013-0793)

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. (CVE-2013-0792)


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
Comment 5 Bill Wilkinson 2013-04-15 16:24:35 CEST
Basing CVEs on recent firefox/thunderbird updates, so testing general use.

Sunspider and java OK

general browsing OK

flash video OK--several youtube videos

send/receive and move to folders under smtp/imap OK

chatzilla for IRC OK
Comment 6 Bill Wilkinson 2013-04-15 17:23:44 CEST
testing mga2-32

sunspider and java OK

General browsing OK

Flash video OK-several youtube videos

Send/receive and move to folders under smtp/imap OK

Chatzilla for IRC OK.

Validating.

Can someone from the sysadmin team please push from core/updates_testing to core updates?

Advisory and srpm list in comment 4.
Comment 7 David Walser 2013-04-15 20:20:51 CEST
Might want to hold this...there's a 2.17.1 available upstream.
Comment 8 Thomas Backlund 2013-04-18 00:28:40 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0120

Note You need to log in before you can comment on or make changes to this bug.