DebianDEBIAN:DSA-3832-1:2645B[SECURITY] [DSA 3832-1] icedove security update
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
Low
0.935 High
EPSS
Percentile
99.1%
Debian Security Advisory DSA-3832-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017 https://www.debian.org/security/faq
Package : icedove
CVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378
CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
CVE-2017-5410
Multiple security issues have been found in Thunderbird, which may may
lead to the execution of arbitrary code or information leaks.
With this update, the Icedove packages are de-branded back to the official
Mozilla branding. With the removing of the Debian branding the packages
are also renamed back to the official names used by Mozilla.
The Thunderbird package is using a different default profile folder,
the default profile folder is now '$(HOME)/.thunderbird'.
The users profile folder, that was used in Icedove, will get migrated
to the new profile folder on the first start, that can take a little bit
more time.
Please read README.Debian for getting more information about the
changes.
For the stable distribution (jessie), these problems have been fixed in
version 1:45.8.0-3~deb8u1.
We recommend that you upgrade your icedove packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | all | firefox-esr-l10n-sk | < 45.7.0esr-1~deb7u1 | firefox-esr-l10n-sk_45.7.0esr-1~deb7u1_all.deb |
| Debian | 7 | all | iceweasel-l10n-mk | < 1:45.7.0esr-1~deb7u1 | iceweasel-l10n-mk_1:45.7.0esr-1~deb7u1_all.deb |
| Debian | 7 | all | firefox-esr-l10n-sq | < 45.7.0esr-1~deb7u1 | firefox-esr-l10n-sq_45.7.0esr-1~deb7u1_all.deb |
| Debian | 7 | all | iceweasel-l10n-ast | < 1:45.7.0esr-1~deb7u1 | iceweasel-l10n-ast_1:45.7.0esr-1~deb7u1_all.deb |
| Debian | 7 | all | icedove-l10n-es-es | < 1:45.8.0-3~deb7u1 | icedove-l10n-es-es_1:45.8.0-3~deb7u1_all.deb |
| Debian | 8 | all | iceweasel-l10n-uz | < 1:45.7.0esr-1~deb8u1 | iceweasel-l10n-uz_1:45.7.0esr-1~deb8u1_all.deb |
| Debian | 7 | all | icedove-l10n-ta-lk | < 1:45.8.0-3~deb7u1 | icedove-l10n-ta-lk_1:45.8.0-3~deb7u1_all.deb |
| Debian | 7 | all | lightning-l10n-el | < 1:45.8.0-3~deb7u1 | lightning-l10n-el_1:45.8.0-3~deb7u1_all.deb |
| Debian | 7 | all | lightning-l10n-pl | < 1:45.8.0-3~deb7u1 | lightning-l10n-pl_1:45.8.0-3~deb7u1_all.deb |
| Debian | 7 | armel | thunderbird-dev | < 1:45.8.0-3~deb7u1 | thunderbird-dev_1:45.8.0-3~deb7u1_armel.deb |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
Low
0.935 High
EPSS
Percentile
99.1%