Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0446 iceweasel security update 26 February 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iceweasel Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-0836 CVE-2015-0831 CVE-2015-0827 CVE-2015-0822 Reference: ASB-2015.0018 ESB-2015.0440 Original Bulletin: http://www.debian.org/security/2015/dsa-3174 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3174-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 25, 2015 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. For the stable distribution (wheezy), these problems have been fixed in version 31.5.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.5.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU7hmOAAoJEBDCk7bDfE42zmgQAIFBKUlAUkTuqxTIE2JXQlfM G3CKND9yAsfSS6ZrFQPhD0dAj11yPU0uYbx7sOn65ZMfZV/NDGfwnAKsy4iueTL3 xCGvxkFB7piMWDvm1svJcipZD0fUQTfJy3Vd/tl4uFEEzXKnfKtfy37PSVn1teg0 9Er8GxNLy24arq8iViobaZzXAODlID/8iFJqa2UG0ivTuqA1lQwbkD/fJz2Lv1iv 82uIqX3ihn2nEDr4nRWtZxul+XRa98V7NuPTUspG8/ZV4RUdn6fVCIj/gglfmuGN UDFB7pd/qTDZgt8ToaPkjOujzc15rr/wSURpi58wXU4gq/prQvwRpL6FJoS8BbTo GmFNITjrc21wz0LSm3zQKav8IO/01UlxJRWI+e35nmpVB1FHXcIONKL2/rjLqaww uzsaSE+Mw8JzL9TJT4gYTaTOQDt7M9UOdU00ogznxPUGxsNnDUdpKwm6SKFgDN79 Vd3UIJFIVB74KizOdsm/qAb6zU+ZCsENh1FZ84yuFhsvVSrNJMAcT43+ZOSruoBM XaBpgtyI2Y0gWz+xqoz0esjLMHumuCaNQyNnd6LSxWtB+LhOVjM1CtAQvWV26wvU vZN6UGq7q7C/7TprRflYjAqKt05bHQPR8az6gmIvcU90zglDo3lDA522E4BUGha2 GU1Pa5MKIeQyMoS0KwXv =BqjI - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVO5xhBLndAQH1ShLAQJKqw/+PkcxLM0uEtkkc0Mptzf3h7leiTYh81ZW gDKi+5Z7XVZu+z7218Ua4+IxLyBXBJca6+V4tt3ds+iDyznqw2YghXxRJpzl5sUp UQxt46K7o8hK+ZabBmQKx3BCzLnyooG9s0RaW8MjUH7tgD6jHkc/looEISw838i2 vxAOdd3WVnWj7q2SvWA01rxSBxGG2fJNvXXbAGSmJ5XQAu9daII7VVzxR4FJWlGr jAiQWQOEJsSPueIlHIh/xKrQWkuX7IgZ2indPI9PauT/+AUOfdE9/wykLXIbHfto 1ORBCUSMaNMd3vK6WTD9TXU0Cnh+ww+E1ndIJEJYPmPs1UMLFBx9V0xf09LCgPzQ meSJqyV9aE6KbPe6Unxe6ed8zgPwLXEzQAHhlTF2TzL8YBifDK2W1cHkzrvT8WYn Cwcvnfo6IayetaH0W/nkGHWJ/8fablmANgIFtIU4JwpJbPQKbXLix7LzQP4iXhWm RF8Ej4F5pG2ygs2rIV20TYJM3lTZxX2r2rSAcuwH57kajAKtnJiWYKuRIQbG0dCT QHBnqPp3c4UHTOVgpWfXK+jfKI6wvmLo5tS8etC+vwUsEngVhYGYnezBP+SN9VFh k8CiEl7sed5PcFDKX57e4H34ePXqC/OuBS8GZ9r1DmHL0Z/37Qqt+jMYKk7GFdF3 JyNbVbKgkGM= =kjUf -----END PGP SIGNATURE-----