Lucene search

Gentoo FoundationMGASA-2017-0323

HistorySep 02, 2017 - 12:10 a.m.

Updated iceape packages fix security vulnerabilities

2017-09-0200:10:29

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.935 High

EPSS

Percentile

99.1%

JSON

Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5287, CVE-2016-5288, CVE-2016-5289, CVE-2016-5290, CVE-2016-5292, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9075, CVE-2016-9077, CVE-2016-5291, CVE-2016-9063, CVE-2016-9070, CVE-2016-9071, CVE-2016-9073, CVE-2016-9076, CVE-2016-9078, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393, CVE-2017-5396)

OSVersionArchitecturePackageVersionFilename
Mageia5noarchiceape< 2.48-1iceape-2.48-1.mga5
Mageia6noarchiceape< 2.48-1iceape-2.48-1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	iceape	< 2.48-1	iceape-2.48-1.mga5
Mageia	6	noarch	iceape	< 2.48-1	iceape-2.48-1.mga6

References

bugs.mageia.org/show_bug.cgi?id=21637

www.mozilla.org/en-US/security/advisories/mfsa2016-87/

www.mozilla.org/en-US/security/advisories/mfsa2016-89/

www.mozilla.org/en-US/security/advisories/mfsa2016-91/

www.mozilla.org/en-US/security/advisories/mfsa2016-94/

www.mozilla.org/en-US/security/advisories/mfsa2017-01/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.935 High

EPSS

Percentile

99.1%

JSON

Related for MGASA-2017-0323