| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Ubuntu alert USN-200-1 (mozilla-thunderbird)
| From: | Martin Pitt <martin.pitt@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-200-1] Thunderbird vulnerabilities | |
| Date: | Tue, 11 Oct 2005 08:00:28 +0200 | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-200-1 October 11, 2005 mozilla-thunderbird vulnerabilities CAN-2005-2701, CAN-2005-2702, CAN-2005-2703, CAN-2005-2704, CAN-2005-2705, CAN-2005-2706, CAN-2005-2707, CAN-2005-2968 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-thunderbird The problem can be corrected by upgrading the affected package to version 1.0.7-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.7-0ubuntu05.04 (for Ubuntu 5.04). After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. (CAN-2005-2701) Mats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained "zero-width non-joiner" characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. (CAN-2005-2702) Georgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. (CAN-2005-2705) Peter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for "mailto:" URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968) This update also fixes some less critical issues which are described at http://www.mozilla.org/security/announce/mfsa2005-58.html. (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707) The "enigmail" plugin has been updated to work with the new Thunderbird and Mozilla versions. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 79613 f9bde38c0670fa1425a90cb8ce4b0185 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 942 707e6e98a71dee959646fc729323fcf8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 17273 13d3e8b980bacb933f76c5705f507af2 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 892 5072d001bb1b206877d11508a069f13f http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3345028 b04933e0f9cad6333998a0dfae666173 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 144016 156792439201556a8fd6bf9c1a6d985f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26556 015d82c959ee206ceb2c09220a0fd6f4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 81636 f9331c7d54dc993721c18934398732e4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 12260290 5c5df9f4ca8502a0d6d084145989649f http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 326932 eaad6317faffbfe400f49969137b718e http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 332914 a523cf68e0f4a123919f160efc27146b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3338654 c0abd1899e6a8359a4f6793ccd8ea4af http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 139126 190afe37f6e2da0fa3dc2d8104be281c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26552 ab522a27164827f14ef71cb132e290ef http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 79288 0613543b80f24e73e91e5b2e271b62dc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 11342604 a55bf50bc133c38da9fb2fd29fcf783d http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 310660 3234927815cbf29ba5e185c9b9b95b11 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 318280 4fd58af2f3741c214b423a5c56574a80 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3333802 030aced3c33f475e172db83e791df525 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 137894 2716caa9d79e6eedaaaa2d56a53ddc9a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26552 d7a3b05a93f84b2a1fc3dbcf088a2639 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 73418 03b28536712653dc9394972399121cae http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 10896852 2e40122393db4aec2ecb17758464bd48 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 312894 b76c35805b1a190d35a82ae36e79faf4 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 320138 603c5ef819898111cc7534c8a2ade052 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 79568 927f7fb3e2fa0d91e3e2929a3fbb022f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 942 e644b0e7b01047b3014b63fc9a334a45 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 17263 bc977ffccd94a895507a89fab00c0740 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 892 8c5e2196917a692743a46aeee4c1742a http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/en... Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3344886 15f56aecc9a8c76a69479f75f0559ee4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 144006 4e60bcf3fb0c32d57a0b24d162feb23a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26524 b2b1b1e7f6b7432c44b9e46f13528d1f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 81504 89cfb1ce5708c1c3cf41082bc486c403 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 11953616 80eaa1ccacbd8bbc343ed05603431c7b http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 326942 358d55b0964721b909d0a5d1c7f99d41 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 332960 91f90a97e9ad7dd36e91daf95d48068a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3338534 c23ffedc8034495f9c4b672597b3301c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 139102 8dfdcc3cecd98f6553c2f6e1294f3131 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26520 7ddb9e9fa4bd2a4a4b25a74c49fbffea http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 79248 13adc727d9bf951eff938d3c352f7fc9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 10901960 96bdb11e0ac8fe09cf83ccc49ae19351 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 310688 8513c0c249978caa18d56b2e8a8141be http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 318308 61e86fa897f1b3a9609769633c63485a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3333732 d0914dd3b69c3d16e3e5404d8eb69e7b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 137880 9656e69890c3d1abe624e530b1480c25 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 26530 d58893a55c9d6da837223e868d2ef523 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 73480 52011db0bc524f75ec78f69d1dc2736e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 10447288 6289932038b021a33926ff180990c755 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmai... Size/MD5: 313004 5174b8c1afd1063b80d638f14d0dfe9c http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mo... Size/MD5: 320088 90895e1af1e604ded4ff5e9eb9eec95a -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...
(Log in to post comments)