----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for iceweasel

SECUNIA ADVISORY ID:
SA32853

VERIFY ADVISORY:
http://secunia.com/advisories/32853/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Exposure of system information, Exposure of
sensitive information, System access

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
or compromise a user's system.

For more information:
SA32693

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.diff.gz
Size/MD5 checksum: 186777 18d2492164c72b846fab74bd75a69e1b
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18.orig.tar.gz
Size/MD5 checksum: 47266681 ad1a208d95dedeafddbe7377de88d4d9
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.dsc
Size/MD5 checksum: 1289 84983c4e7f053c1f0eb3ea3d154bc6ad

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 54478 73ed36d6990d6b86e8fccef00a9029b1
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 54626 bcc4bd1443fe23e5311396949bac9f32
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 54596 62200645f81cd0e505fd40382333d010
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 54742 045a9714ca0a04061cee79bc16b4b940
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 55274 09fdae147e16b09ad51544ab1fd218e6
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 239810 beeee1e8cab02ec9a70d89df8db4610b
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.18-0etch1_all.deb
Size/MD5 checksum: 54480 15636d866284ca7caf11bd939792df97

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_alpha.deb
Size/MD5 checksum: 11587524 82c7dae5efa5f21333843c5204036f9d
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_alpha.deb
Size/MD5 checksum: 51194740 8a6f236c8bef5e6b0b16df05a7fd866d
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_alpha.deb
Size/MD5 checksum: 90332 8791b1fcc9a3bbfcaac993d65b1b77cd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_amd64.deb
Size/MD5 checksum: 88014 4e4a404cb859067e8804b793b06b1a5a
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_amd64.deb
Size/MD5 checksum: 50189682 3fe64a570e13497a49ac77972ead0ac0
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_amd64.deb
Size/MD5 checksum: 10213098 a38d4ae01ab60abab641411ee7aedba1

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_hppa.deb
Size/MD5 checksum: 50566700 b1c063d6d40829a2301eecef32549f5e
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_hppa.deb
Size/MD5 checksum: 89800 967a00e25f5584ba2790e6f00a716c4e
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_hppa.deb
Size/MD5 checksum: 11119984 683938c6cedee58201ec5d9428360f6a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_i386.deb
Size/MD5 checksum: 9126828 d2dd8a62f98c9136bbce2c52919c637a
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_i386.deb
Size/MD5 checksum: 82124 2d965fe0779f11d12157babf407a25a0
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_i386.deb
Size/MD5 checksum: 49579624 c543f12165ffc2034cae25d36b258c83

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_ia64.deb
Size/MD5 checksum: 14163520 5d3f1430543e78579bfa7aa390ac6d80
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_ia64.deb
Size/MD5 checksum: 50533560 361db4abc1d5427fad23619ba2308286
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_ia64.deb
Size/MD5 checksum: 100336 64b08280ff519215f2c6c77eb20ffed7

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_mipsel.deb
Size/MD5 checksum: 52534114 eb211ddd6ef9fca7daa921913772a50a
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_mipsel.deb
Size/MD5 checksum: 10768188 333f49d0aaea41be09d14dc518e9a215
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_mipsel.deb
Size/MD5 checksum: 83286 e95b3453554c0b62411967cd8489595b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_powerpc.deb
Size/MD5 checksum: 83850 f58384f43ff563f835c0076959ef40b8
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_powerpc.deb
Size/MD5 checksum: 51988102 3b89980f834495425e20a2b6f145339e
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_powerpc.deb
Size/MD5 checksum: 9942022 b7be7ce0eec7a276351f6308a1a8c2ae

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_s390.deb
Size/MD5 checksum: 50865174 5142df57b35fad2b1654ff9cae873a69
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_s390.deb
Size/MD5 checksum: 10369888 0aa6fbd381a6259ff95d3257199ab372
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_s390.deb
Size/MD5 checksum: 88268 5a027d5880f4499e399d75e9424c8ef2

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_sparc.deb
Size/MD5 checksum: 49199006 210022771108894873f4f2becf3675b9
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_sparc.deb
Size/MD5 checksum: 82072 2a76c78e38d756f2261da449f8215fe4
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_sparc.deb
Size/MD5 checksum: 9205774 1a6ea528bb676aaaf88ad8d44f5d76c6

-- Debian GNU/Linux unstable alias sid --

Fixed in version 3.0.4-1 of iceweasel and version 1.9.0.4-1 of
xulrunner.

ORIGINAL ADVISORY:
DSA-1671-1:
http://lists.debian.org/debian-security-announce/2008/msg00263.html

OTHER REFERENCES:
SA32693:
http://secunia.com/advisories/32693/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------