Debian Security Advisory DSA 2499-1 (icedove) Network Vulnerability

Summary

The remote host is missing an update to icedove announced via advisory DSA 2499-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202499-1

Insight

Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issues (CVE-2012-1940). For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze11. We recommend that you upgrade your icedove packages.

Severity

Classification

CVE CVE-2012-1937, CVE-2012-1939, CVE-2012-1940

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 107-1 (jgroff)
Debian Security Advisory DSA 106-1 (rsync)
Debian Security Advisory DSA 1039-1 (blender)
Debian Security Advisory DSA 1005-1 (xine-lib)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)

Take action and discover your vulnerabilities