Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0196 iceweasel security update 28 January 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iceweasel Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-1935 CVE-2016-1930 CVE-2015-7575 Reference: ASB-2016.0006 ASB-2016.0004 Original Bulletin: http://www.debian.org/security/2016/dsa-3457 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3457-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. For the oldstable distribution (wheezy), these problems have been fixed in version 38.6.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.6.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 44.0-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWqS74AAoJEBDCk7bDfE42NUMP/1LbDy+0wzOSElJCckSFOy2L toURmyCxjqdoENA2NgB+slL18wVAFp3xK5G4lPVxCIkAPjY206MqsgIUumJfo6JQ pahW3WuIZknmAjOnbqtGyzowqlH6AMCazQX/3TXQmuBMpZSj8aqm6WGqZC4s+NRH sg0WTqzYvHGIdfZXdaItT4oPZ4c0hZSjtspNX62f1Zf/Mkz3Fuhz4T1qcI3Hk1NY 2kv77+RVdwGiGUyD2/RyjHnqji+6DQA3Wqc/+Dob1gtaAZJ/2durx9PMt1bqHCer hPLRb2karobDR4y86LLYu0Ju/yLavkk3i9KlV8Hkf0GJ1l1gInE7zuuzHg6AtBfE ueTqENbc9J6pdeIpi6SkX3V0Uq8xzRZGWR8vczDJ7p5cBGxFSz527vVFy0ip3gCX +YYaabJY4tOr1wXS3o27Um8MTmz6AarFVarPXTAdLBi1AoaihZ+U9Pf7Rj+ix/MG 4zP9USDbArewP/510Yiax6w5FxS4+/YSB1W++By7mA0TM7YqYToUtTL27dVDlruC 7/CihyIovtA1tXQulP7xIA8jE/wr1Rtmst6p9CeOkTVWnIAoV3Hg42BIPdp2sIQu Wo3J2aNkidA4FqSaPZUQau2E5Ur7QEBJUtRzPXi6mvhneS5SNKBVU3y9z/kZryIY Yl5jXCmPIFFLQQp+TXMN =mwsR - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVqlycH6ZAP0PgtI9AQIkDQ//bts8CkJ4PMPuCD3k4BkrzHfwfVVzS3kn lIO7IEVw+VOE4TPID2vfMDxw29apYeEPZSWQdHqxwZinhkt/IdGtAwCPqrCU4vCG +SimvzeWelxRZaPItUJC3nHsMgECzQIaThBRMK4TlKdnjI0de/5EvXV+fZAH4nXG 34wlFoNNBA/jp2KVVZR44140b9yyGTHzBlo/P4XCadMzvZeKunAqVby4RncASkr2 bV/J2/oWmS+/TK1aRJqLMD/YEXQ0JmX+vUTtMcQ3TDkaCFGWhdCrsEKHobV36wMq 2TW6xvGPBtN+la6+wsSJ8sKR9RvtDKMfse2gZxoJWPpXng16wQAfxNO6Upggn9W9 aqNGYRHvWQ6M+M0ih6d4B18Y3aMrF2A2Q88jbtsKSpLm8myWyLDTJ5gmxzF4aVn+ 2e2cvCCJmxFHiGwbXtj3TCxnz8GIo3SDP6vuXKC2xW6QLMkjuJEgSlYFGOC42FnU wjsElHlzS0/tzLfci1OqogP4I8+oAq7dCA9hDEz9ILx8fki7XBnTfLu0bu96VjaH X/DoSURVsuJE8T28DKKwjviMqox+8BBc0ADzm0TZkWeiMtuAusHpPI4whUxRtxDh 6y+l/qQeHADsaPomN5kc0VM207MEY5ez+zfZaklQmvvavP9MClixECj2dqwViJ9w bh9sghjTjms= =qK6r -----END PGP SIGNATURE-----