Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0827 iceweasel security update 2 April 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iceweasel Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Request Forgery -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-0816 CVE-2015-0815 CVE-2015-0813 CVE-2015-0807 CVE-2015-0801 Reference: ASB-2015.0028 Original Bulletin: http://www.debian.org/security/2015/dsa-3211 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3211-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 01, 2015 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery. For the stable distribution (wheezy), these problems have been fixed in version 31.6.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.6.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVHBhCAAoJEAVMuPMTQ89ETb4P/RV0Vs+NrOBotabv0dO1QCGE 6u+/4x9ERinOfjw9WblbGEcOvhbdtFV1zP2eaYxtXLAI4dapzoSaD6c3P+cTfEpf 025Kmezg6+RrKUQu9ptM7yjSY03bNPCCvL4OJ1WMDsYcR3bVOytnaJ6xQR1R4pH+ lnYJThEiZKTap//GFGj39hatIwutesbVRid7zv8jAgznO7loVz2p2gZ6SO1FnTS4 mxJ5xGXi6RjAuxTG25Au3uaCAln28p3txwK88obsRBGAYVM9NIAHu+N1nY0HZU4q 7DdGnV9xf8KCrt7oYBcbUFTJrsQp6dxYXtzczMSpiRfQ7t9KnsKMbU8rx7IS18Q9 RmE0EvPyHWzx5Dsu8OzcMxy7T7NMDurSGenBLi7uGWRcJGkOTj1u41PT09TwX7kX 3jwBcySORFSedaLsVqPt6iAKfdiNrhkzYwqqWsUrEpNr52F+p+NZvuZ6mlWgl3o8 2HD6pAdnlrkdIVJ5uJMw9ITx9VRUEoOu0lxe9BYVyLFS0gVMRszFpLAS5vI0XCy6 1qIv1ziI3u+MGplM1Xlc7yj5SEjnBrZSr4MAEKeyaHWMq41RPMKku02YjzBqsDJv ffyy/Op32IlV8UxQTZTvqYPpJG51mzFONhEVPE3yOG9x0022D+D8uF067u6akHFK 935EORvm8+fMEMqXEYa1 =X0IP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVRyFSxLndAQH1ShLAQKbYRAAo6gOksHogHLkKagb6HsdPaMcetzS1eXW us0ae+gxePWor+e8dulqVld1xe0DX6CuRRo2Hqh9rkBK+lwKDAsIK/Xflone6aQ/ yp6M+r+ZXO288TeNkvsvE/oVkgpvOCkpAmFcZVGgWMyt783n3cSe3NtYVdQdLbcp S+maSswchCfy9/NfGHQOYOMEGivZfYKVV0rc7Mn5Ce0bJPWe2ON7N6eBeItryQ6s TfUHR8FsLspAx1+ecdUcUQl0BM+KOnlDunHuhRaoTYENZbaotB/A5apfdXXQWGNL NimjvnpzsTvyGX5yiY87xUoVdj/B7qn48FMOiFGUEn7n/MHM+whsPea72oO6Tzxi 7EvC43MEoLbI+PK/lDikY/5BP77E+eaGDS5OZMmGneMP2yQdxJQxbsb60gAaF327 oJuHl91rY7BLCmu5MaRoW19xp68VxO1AnKjS89C8ASh66wedX58j3idQ903M6D74 RmautlzhR3dnKCpoPVqqQwd0n/ID2PM8v5HfF8kzR0VnUkQ7Q4I2ZXwV43rfPWUd Ae8oXE3flvESCZ8cuz7oxIOJxcdMnKREugD+tv/r35L6oM7EqRqQwonZs+L4HRNt 8FlVXhcatoBwJQ6JSGTxehOA6YLBo9Sg4unGjR9AtFD9nOSZimB6M0QED0YbTCNM crxE1vSOh0k= =7CYp -----END PGP SIGNATURE-----