Debian DSA-3410-1 : icedove - security update
critical Nessus Plugin ID 87164
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.Solution
Upgrade the icedove packages.For the oldstable distribution (wheezy), these problems have been fixed in version 38.4.0-1~deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 38.4.0-1~deb8u1.
In addition enigmail has been updated to a release compatible with the new ESR38 series.
See Also
https://packages.debian.org/source/wheezy/icedove
Plugin Details
Severity: Critical
ID: 87164
File Name: debian_DSA-3410.nasl
Version: 2.14
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 12/2/2015
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:icedove, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 12/1/2015
Vulnerability Publication Date: 8/15/2015
Reference Information
CVE: CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
DSA: 3410