| ||||||||||||||||
Fedora alert FEDORA-2007-3431 (thunderbird)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-3431 2007-11-16 00:41:13.448056 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 7 Version : 2.0.0.9 Release : 1.fc7 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Updated thunderbird packages that fix several security bugs are now available for Fedora Core 7. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 15 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.9-1 - Update to 2.0.0.9 * Wed Jul 25 2007 Martin Stransky <stransky@redhat.com> 2.0.0.5-2 - added ligature pango fix * Fri Jul 20 2007 Kai Engert <kengert@redhat.com> - 2.0.0.5-1 - 2.0.0.5 * Fri Jun 15 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-1 - 2.0.0.4 * Fri Jun 8 2007 Christopher Aillon <caillon@redhat.com> 2.0.0.4-0.rc1 - 2.0.0.4 rc1 -------------------------------------------------------------------------------- Updated packages: 7bb14b86dafeec69cf601052021e697362e95e2d thunderbird-debuginfo-2.0.0.9-1.fc7.ppc64.rpm 2443f00de62b39ca3c3ad2263ac29e327f6c7e7a thunderbird-2.0.0.9-1.fc7.ppc64.rpm c475ecc57f82c36b80063319102b733f509a7023 thunderbird-debuginfo-2.0.0.9-1.fc7.i386.rpm e70f1df09274e4d73f75ff1bff51b81fbc1ec4a7 thunderbird-2.0.0.9-1.fc7.i386.rpm f3fe2a931beb160c87c342e4ce30278b506e2509 thunderbird-2.0.0.9-1.fc7.x86_64.rpm da06571f6354e02a279e0f865ebd4072d0b64a0c thunderbird-debuginfo-2.0.0.9-1.fc7.x86_64.rpm 856939cfc3bbead10d211f37dfd9fb8ebcfc6bca thunderbird-2.0.0.9-1.fc7.ppc.rpm b9a82af6dc6f2a619185ba61550e7d1412719c4b thunderbird-debuginfo-2.0.0.9-1.fc7.ppc.rpm 877f2a30eec4c894bfc9e2ba2be492a245af6b30 thunderbird-2.0.0.9-1.fc7.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update thunderbird' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||