Univention Bugzilla – Bug 38271
Iceweasel: Security issues from 31.6 (4.0)
Last modified: 2015-05-07 17:46:00 CEST
ucs4.0-1 shipped 31.4.0esr-1. A couple of vulnerabilities have been fixed: Fixed in 31.5.0esr-1~deb7u1: * Reading of local files through manipulation of form autocomplete (CVE-2015-0822) * Out-of-bounds read and write while rendering SVG content (CVE-2015-0827) * Use-after-free in IndexedDB (CVE-2015-0831) * Miscellaneous memory safety hazards (CVE-2015-0836) Fixed in 31.5.3esr-1~deb7u1: * Reading and writing of memory allowing for arbitary code execution on the local system (Pwn2Own asm.js exploit) (CVE-2015-0817) * Run arbitrary scripts in a privileged context (Same-origin bypass via SVG hash navigation) (CVE-2015-0818) Fixed in 31.6.0esr-1~deb7u1: * Same-origin bypass through anchor navigation (CVE-2015-0801) * Potential XSRF affecting sendBeacon() requests (CORS requests should not follow 30x redirections after prefligh) (CVE-2015-0807) * Use-after-free when using the Fluendo MP3 GStreamer plugin (CVE-2015-0813) * Memory safety bugs (CVE-2015-0815) * resource:// documents can load privileged pages (CVE-2015-0816) Additionally, rebuilding the package now will fix the exposure to the macro Bug #38250
The DSA version has been imported and built in errata4.0-1. Advisory: 2015-04-15-iceweasel.yaml
Advisory: OK Tests: OK Changelog: OK
<http://errata.univention.de/ucs/4.0/168.html>