Debian Security Advisory DSA 3061-1 (icedove - security update)

Published: 2014-10-30 23:00:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Versions:
icedove on Debian Linux

Recommendations:
For the stable distribution (wheezy), these problems have been fixed in version 31.2.0-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.2.0-1. We recommend that you upgrade your icedove Linux Distribution Packages.

Summary:
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update updates Icedove to the ESR31 series of Thunderbird. In addition Enigmail was updated to version 1.7.2-1~deb7u1 to ensure compatibility with the new upstream release.

Detection Method:
This check tests the installed software version using the apt Linux Distribution Package manager.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2014-1574
https://nvd.nist.gov/vuln/detail/CVE-2014-1576
https://nvd.nist.gov/vuln/detail/CVE-2014-1577
https://nvd.nist.gov/vuln/detail/CVE-2014-1578
https://nvd.nist.gov/vuln/detail/CVE-2014-1581
https://nvd.nist.gov/vuln/detail/CVE-2014-1583
https://nvd.nist.gov/vuln/detail/CVE-2014-1585
https://nvd.nist.gov/vuln/detail/CVE-2014-1586

References:

http://www.debian.org/security/2014/dsa-3061.html

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.