-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0827
                         iceweasel security update
                               2 April 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iceweasel
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Request Forgery      -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-0816 CVE-2015-0815 CVE-2015-0813
                   CVE-2015-0807 CVE-2015-0801 

Reference:         ASB-2015.0028

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3211

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3211-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
April 01, 2015                         http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : iceweasel
CVE ID         : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 
                 CVE-2015-0816

Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code, the bypass of security restrictions, denial
of service or cross-site request forgery.

For the stable distribution (wheezy), these problems have been fixed in
version 31.6.0esr-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 31.6.0esr-1.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVHBhCAAoJEAVMuPMTQ89ETb4P/RV0Vs+NrOBotabv0dO1QCGE
6u+/4x9ERinOfjw9WblbGEcOvhbdtFV1zP2eaYxtXLAI4dapzoSaD6c3P+cTfEpf
025Kmezg6+RrKUQu9ptM7yjSY03bNPCCvL4OJ1WMDsYcR3bVOytnaJ6xQR1R4pH+
lnYJThEiZKTap//GFGj39hatIwutesbVRid7zv8jAgznO7loVz2p2gZ6SO1FnTS4
mxJ5xGXi6RjAuxTG25Au3uaCAln28p3txwK88obsRBGAYVM9NIAHu+N1nY0HZU4q
7DdGnV9xf8KCrt7oYBcbUFTJrsQp6dxYXtzczMSpiRfQ7t9KnsKMbU8rx7IS18Q9
RmE0EvPyHWzx5Dsu8OzcMxy7T7NMDurSGenBLi7uGWRcJGkOTj1u41PT09TwX7kX
3jwBcySORFSedaLsVqPt6iAKfdiNrhkzYwqqWsUrEpNr52F+p+NZvuZ6mlWgl3o8
2HD6pAdnlrkdIVJ5uJMw9ITx9VRUEoOu0lxe9BYVyLFS0gVMRszFpLAS5vI0XCy6
1qIv1ziI3u+MGplM1Xlc7yj5SEjnBrZSr4MAEKeyaHWMq41RPMKku02YjzBqsDJv
ffyy/Op32IlV8UxQTZTvqYPpJG51mzFONhEVPE3yOG9x0022D+D8uF067u6akHFK
935EORvm8+fMEMqXEYa1
=X0IP
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVRyFSxLndAQH1ShLAQKbYRAAo6gOksHogHLkKagb6HsdPaMcetzS1eXW
us0ae+gxePWor+e8dulqVld1xe0DX6CuRRo2Hqh9rkBK+lwKDAsIK/Xflone6aQ/
yp6M+r+ZXO288TeNkvsvE/oVkgpvOCkpAmFcZVGgWMyt783n3cSe3NtYVdQdLbcp
S+maSswchCfy9/NfGHQOYOMEGivZfYKVV0rc7Mn5Ce0bJPWe2ON7N6eBeItryQ6s
TfUHR8FsLspAx1+ecdUcUQl0BM+KOnlDunHuhRaoTYENZbaotB/A5apfdXXQWGNL
NimjvnpzsTvyGX5yiY87xUoVdj/B7qn48FMOiFGUEn7n/MHM+whsPea72oO6Tzxi
7EvC43MEoLbI+PK/lDikY/5BP77E+eaGDS5OZMmGneMP2yQdxJQxbsb60gAaF327
oJuHl91rY7BLCmu5MaRoW19xp68VxO1AnKjS89C8ASh66wedX58j3idQ903M6D74
RmautlzhR3dnKCpoPVqqQwd0n/ID2PM8v5HfF8kzR0VnUkQ7Q4I2ZXwV43rfPWUd
Ae8oXE3flvESCZ8cuz7oxIOJxcdMnKREugD+tv/r35L6oM7EqRqQwonZs+L4HRNt
8FlVXhcatoBwJQ6JSGTxehOA6YLBo9Sg4unGjR9AtFD9nOSZimB6M0QED0YbTCNM
crxE1vSOh0k=
=7CYp
-----END PGP SIGNATURE-----