Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0446
iceweasel security update
26 February 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iceweasel
Publisher: Debian
Operating System: Debian GNU/Linux 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0836 CVE-2015-0831 CVE-2015-0827
CVE-2015-0822
Reference: ASB-2015.0018
ESB-2015.0440
Original Bulletin:
http://www.debian.org/security/2015/dsa-3174
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3174-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2015 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : iceweasel
CVE ID : CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors and
implementation errors may lead to the execution of arbitrary code or
information disclosure.
For the stable distribution (wheezy), these problems have been fixed in
version 31.5.0esr-1~deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 31.5.0esr-1.
We recommend that you upgrade your iceweasel packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU7hmOAAoJEBDCk7bDfE42zmgQAIFBKUlAUkTuqxTIE2JXQlfM
G3CKND9yAsfSS6ZrFQPhD0dAj11yPU0uYbx7sOn65ZMfZV/NDGfwnAKsy4iueTL3
xCGvxkFB7piMWDvm1svJcipZD0fUQTfJy3Vd/tl4uFEEzXKnfKtfy37PSVn1teg0
9Er8GxNLy24arq8iViobaZzXAODlID/8iFJqa2UG0ivTuqA1lQwbkD/fJz2Lv1iv
82uIqX3ihn2nEDr4nRWtZxul+XRa98V7NuPTUspG8/ZV4RUdn6fVCIj/gglfmuGN
UDFB7pd/qTDZgt8ToaPkjOujzc15rr/wSURpi58wXU4gq/prQvwRpL6FJoS8BbTo
GmFNITjrc21wz0LSm3zQKav8IO/01UlxJRWI+e35nmpVB1FHXcIONKL2/rjLqaww
uzsaSE+Mw8JzL9TJT4gYTaTOQDt7M9UOdU00ogznxPUGxsNnDUdpKwm6SKFgDN79
Vd3UIJFIVB74KizOdsm/qAb6zU+ZCsENh1FZ84yuFhsvVSrNJMAcT43+ZOSruoBM
XaBpgtyI2Y0gWz+xqoz0esjLMHumuCaNQyNnd6LSxWtB+LhOVjM1CtAQvWV26wvU
vZN6UGq7q7C/7TprRflYjAqKt05bHQPR8az6gmIvcU90zglDo3lDA522E4BUGha2
GU1Pa5MKIeQyMoS0KwXv
=BqjI
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVO5xhBLndAQH1ShLAQJKqw/+PkcxLM0uEtkkc0Mptzf3h7leiTYh81ZW
gDKi+5Z7XVZu+z7218Ua4+IxLyBXBJca6+V4tt3ds+iDyznqw2YghXxRJpzl5sUp
UQxt46K7o8hK+ZabBmQKx3BCzLnyooG9s0RaW8MjUH7tgD6jHkc/looEISw838i2
vxAOdd3WVnWj7q2SvWA01rxSBxGG2fJNvXXbAGSmJ5XQAu9daII7VVzxR4FJWlGr
jAiQWQOEJsSPueIlHIh/xKrQWkuX7IgZ2indPI9PauT/+AUOfdE9/wykLXIbHfto
1ORBCUSMaNMd3vK6WTD9TXU0Cnh+ww+E1ndIJEJYPmPs1UMLFBx9V0xf09LCgPzQ
meSJqyV9aE6KbPe6Unxe6ed8zgPwLXEzQAHhlTF2TzL8YBifDK2W1cHkzrvT8WYn
Cwcvnfo6IayetaH0W/nkGHWJ/8fablmANgIFtIU4JwpJbPQKbXLix7LzQP4iXhWm
RF8Ej4F5pG2ygs2rIV20TYJM3lTZxX2r2rSAcuwH57kajAKtnJiWYKuRIQbG0dCT
QHBnqPp3c4UHTOVgpWfXK+jfKI6wvmLo5tS8etC+vwUsEngVhYGYnezBP+SN9VFh
k8CiEl7sed5PcFDKX57e4H34ePXqC/OuBS8GZ9r1DmHL0Z/37Qqt+jMYKk7GFdF3
JyNbVbKgkGM=
=kjUf
-----END PGP SIGNATURE-----