Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1768 iceweasel security update 6 July 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iceweasel Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Impact/Access: Access Privileged Data -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-4000 CVE-2015-2743 CVE-2015-2740 CVE-2015-2739 CVE-2015-2738 CVE-2015-2737 CVE-2015-2736 CVE-2015-2735 CVE-2015-2734 CVE-2015-2731 CVE-2015-2728 CVE-2015-2724 Reference: ASB-2015.0066 ESB-2015.1739 ESB-2015.1443 ESB-2015.1432 ESB-2015.1425 Original Bulletin: http://www.debian.org/security/2015/dsa-3300 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3300-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability. For the oldstable distribution (wheezy), this problem has been fixed in version 31.8.0esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 31.8.0esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 38.1.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVlwcNAAoJEBDCk7bDfE423YUP/jMCjFkgYL0Ky89PzBZ48FLz C2hL8LuRYamhXO3ZbvcktEABX9hJxoRUfrcDRjjoSEGgThhmOEzqC/R1TTz/8ExW 2lX326be5sNc4VEfNs5B2Sm2e/jYmwgghvYQUFlRnS/dSUpXuiqdgRc3+eteeCBU CRmYreptEAvMf2QaXJJIb8g+jGd1NQiklkCXpUIWdQP4jm5K6xyM9+pxhFhMAVkM 0vw6fy566WJqMhjFyTQeXYR+fE32GVJ3wZmR5OSWrBQh5Rt1FrJ2mSA17HsGTCRG T3CgfTRVbPHg5w7C7k83GlQeXZbJUgHZp47t3+YZr17N6BeeSHHWTwap9eM/rHd4 qn0jDMhgWAjCK0Z975Z+1ZblP2hvyr/PJF1Zwm6dJbjWP3mMsfdrYBnoeXupI9Y7 xA+LbXjKUW//6fGkuEAbOHJO45XrTE+OrbZ5+jAS3BIpyk+JuWh7M6q/UggMe+v7 ZUZanLxM3aaw6dVca9TLhFzOs3cpe8vCqavPpQWm0S1dszkH23IkoaKT8zWRqwIt rxFhFoymGbtsJn6W481DO3cY/ujaJUVWWXteB4LYU8QboQ9BdVXFSqedF87jIsRy aqnhltYQZ23SsQX3elsbQY6OOmYMUXWyb4xRkAZ2xTtCDlHI8Fe5pQftldg3LNyP Cnr+4/67BJCGy4qYH9VU =7/pR - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVZoNOn6ZAP0PgtI9AQJkPhAAn1xGZBw4bVUIfGVfY6cgcOOWZGImZgea 3EpHHUqIQmj6L+DqTq0tjtJzGTCzy7IdbzdKtg2OwY6v8ZftTPE0bUu+LEXZOUQE GjKNi2Y2RyqGDvd+7m4nZBdEFupAurT+Vvli86Xic6ONHX1q4ojM6RwSyXWzuGoj obYoynFBx0z3F3tHU8ZA8ZkqqCGcNt+ctwplbW+1bA2Z5GVpQYuW+B2cPWiOLB6M yqOP5IFc4TVPW3Padl4QPI7ua3e2dNqBXJ5kkGOR6BNl3COA8BQKO75h5v8h3maJ mIiYcBuW66R39XH7F/zbyR/Wm2B0Dn6sE7kgjnmYW9eQqW8wO+H71iNEjWrhhBz/ cPIUWlgKNqNOr3FTCk9fHb9nS88/LloruZMDPQpbH3sYolJwxJNXSWpbQSs0Y1CG yBCJLwQRF1CSBMtcJ+SOgMb4EWlTyCkbIlgmJlyQCioTD7RiMw0XMSNrQ4IBhecw D8l/vwcZBrvhrq+WHEmFIE6Oh7QxvwxE/QY3NK/ZvBhAc4zmkBccAE/pjisUw4h8 LCiJKqyGZy3piB0BgSmfGRr9yq0UAYVmGFQeZ9Ikxwh04l2lR2IZEsiEswPnCAvi VPqgXwNqlMSWQIpYw9hiERUjJuR0gMxGuWRgOiA/sq7eB/gfivvs4H5tvviFQo6H 2AwqGtYPeq8= =3ukF -----END PGP SIGNATURE-----