Operating System:

[Debian]

Published:

01 May 2014

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2014.0627 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0627
                         iceweasel security update
                                1 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iceweasel
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-1532 CVE-2014-1531 CVE-2014-1530
                   CVE-2014-1529 CVE-2014-1524 CVE-2014-1523
                   CVE-2014-1518  

Reference:         ASB-2014.0056
                   ESB-2014.0616

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2918

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2918-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
April 30, 2014                         http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : iceweasel
CVE ID         : CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 
                 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532

Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors, 
buffer overflows, missing permission checks, out of bound reads, 
use-after-frees and other implementation errors may lead to the 
execution of arbitrary code, privilege escalation, cross-site scripting
or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 24.5.0esr-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 24.5.0esr-1.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTYQBaAAoJEBDCk7bDfE42Yv8QALDC2UaCZKFg5DpbmEdDkj1j
jxqv8C824SzA1SGvh8TvOHqDxKOxsa0wuPATKSS2jAzIajM3kjoL4lh5wSUHzDhr
EZb1Pw3TKBYD63weEzgYhUhERZM2tCJfNoYozPMNYIj7dwABy9FpWk6bunbV+3f2
oaXX1ytyj6WWZJ384bu+ne38lqTzSQ/k8I9CqfUXw4FQu4fGc+0GD4He0kR9KB0D
PLbWfv7eweeLkwkvm805J0mIb+8+dJsRE1/sAjZMegVB8xwH4GdWdZtXrO1138tx
CaUmenRFmM5KYZIWHnkL2r5t8eH4kFYxDw9ctjz9vxVBTX4VuIVUcfP8WgkwdO2Y
NHxx7AohF40AJSJAP3bkixdaX4MHmqPcN7VyaewH031nwIIVTSIPDppIQMfGA20s
Zl3yryDKPPv+1tXK7jDo/YVJc0tWGpPqdezV1UqQYjWb3Ux0D/wbUsH1ImBpp2lx
S/27gzFj4KGRK+UYApjkfp+a0nnk73glTZlerHUvrIqpUjQeoDPbNddSfKcA98aB
FdNdIw1Pqan8eAdEiYfkM+PSh4st0ZXQ57he1e19fyemvvU9IjbIZhl/qu9VXq3w
xx71e0F51swq2YduEVddANAYTXjp1y8cORj8k/Aic5ojzhhPbUEeqAMc88+97cnw
6WDoYshGWfe4VzwU7J6O
=SJwv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU2GdpxLndAQH1ShLAQJC3w//TBpKpXL5M/blomYkgWjdmUICGigKeqAJ
wPDZdZmOCdnJkySCQAbw8oafwmAdEotQQnS16Js/nYcvE1f6XXtcWwnbNynCqVCh
IffpkhEwbUTKr/jmTUcDVFyghBoic9Plrjm3oDEzXUropO7Rdl5OVOuHsh7dwgiH
CeJ3Npd3h442g/gqdCce53SAFCLvrh2VQ+rCbffUB3Xof4o/X2Ftlo4d4/X0JVpw
dmLPtGyOWHN9yMvUXXtzN02QMO9BJqwAUUJsOCG5fLBgGXPeJFE7e4IgQiR9JVIE
uYINLzgnXQb0SrZX+sBFopArLhTwx8ned76KuYVnNP1BMS/mrHAH3YlkhE7peI0k
EtSVq3lUO5vzvU5e4eoP1amZ6iQg1ICC+Gx5+e9Gzmmfb2ifNPPhEqVFpPi41AT1
ewA3q+abKBOanKThem7O8f8BreFByH7F1Mzk+E+283VU850e849w0MC5xOk+oTRJ
c4Wt9aCUmoadvQ764rkPxaB7Bpw0kNy7/hhbWCZLbm3BblmvOo0BONLo/GQyYT51
8iciSeajUoewl9WAy7Z2LTuaMUenXIYfKUw1/eOGcQDU3xXLBTfypztQj43C3JUs
4RCXYelG/XpaDJ27a6MVeD1zcaqm+BuizdHpIJtaq/2E5eZwAqkcPxykSmasaG8/
HNbH+0PsoqI=
=QIZr
-----END PGP SIGNATURE-----