| |||||||||||||||||||
|
| |||||||||||||||||||
Ubuntu alert USN-668-1 (mozilla-thunderbird, thunderbird)
=========================================================== Ubuntu Security Notice USN-668-1 November 26, 2008 mozilla-thunderbird, thunderbird vulnerabilities CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1 Ubuntu 7.10: thunderbird 2.0.0.18+nobinonly-0ubuntu0.7.10.1 Ubuntu 8.04 LTS: thunderbird 2.0.0.18+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: thunderbird 2.0.0.18+nobinonly-0ubuntu0.8.10.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. (CVE-2008-5012) Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. (CVE-2008-5014) Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. (CVE-2008-5016, CVE-2008-5017, CVE-2008-5018) A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021) It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022) Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024) Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 457747 5be26d3cef591840492433f185583342 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 1050 acdea9524f1032205f824a34c32fa32b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 38282434 866e2b43ffe7104b1c89bda05e356682 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3593924 734eb2f52a14613367a90ae4c4b8026d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 194994 90981d85a8d481e4431703db75ca458f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 60232 86620a82daec53aa2d2e505c3edf0983 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 12119884 975100452004c7d100cafa8aed7ae944 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3587646 7c927ab551b0d33e7f396ddf176dcd45 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 188410 de95ae96f922ee542665993be9827688 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 55744 2952cfffd570f441bf673b32712c3ca3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 10391486 02fe2861b698f90c0b566546db77a0f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3592840 65503afbd7da3ff4ea329563931908bc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 191710 68a5253aa46db2b1c93d1dc6e5880b78 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 59396 83d304bcc37a8dc24d9a7108942405af http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 11674796 522acde9e08452dfe397177df7f5f896 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 3589436 55ca969d5c1c2f943589754e36f627d0 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 189168 ac79670d7f3bb13d9f9374c9e17a9468 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 57240 79c5fe16bd0c663adde9cb39161208d5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thu... Size/MD5: 10867254 6646c393a0ca6317949564f028ff2eef Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 125726 f122c1aa395b0b0648a58e655c016edb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 1683 084e263ab828f9a0388165e220280e0e http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60170 e13a6f2c009792ced96009e23c7697de http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60158 ebfe1be8932394798c81eb459be3272f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3778158 e85d5ee4752da39491093e0a20e9f388 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 85340 083c31d50e54b78553364ba814b96241 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 12430446 c56dcd7c579dcff72c25f153c366c048 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3766478 7935f84ecb8d0e56aa9ce9ce8b9eda6f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 80678 808e4bb9ca5d57363ec07d6ddf1ebaf0 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 10998112 50d2b60d8776cb2bdb07eb0a7207df81 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3763980 e19ec403dba2baf1e243a080ade7db8d http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 80410 56d0d503fdd06c86467722fb5f10cc44 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 10839356 5d0b3df2b81fcccf64d4d8b613d2b364 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3781972 b33e6f468168b3fc9344d5d494c6810d http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 83714 e7fa740895db98224490099b2bbb38b1 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 12273664 cd5782bcfdc8c5bbe6ecbbda4e912718 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3764092 a49545c0f7907ba760544f4b7a925dc1 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 80100 9b8f94e80c64e52c72c588fda7807700 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 11267210 21ad9196a67145c40187914cc266e3a4 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 129281 da22d925bea92f49027b3fd48a31d83d http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 1681 790e1b1aac02660f0885710cfef219f2 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60452 d135c0defb5ccbd92fb0d1858cefe2e3 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60444 799296d38875d3571d0b2f0bd178dcca amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3779130 d9171422a427701a97a9e6ac4b5fc46f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 85340 afdea56f4073c4028136a63b6e68dd3b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 12411688 02702c51c27743dfdee0825e8fe67a75 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3766724 d75459604954adb12e3c334f36743cef http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 80746 1901789aeb4dfb7a7acee04783a6e01c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 10981948 9cf74eaa67fe16b16560cd84f29e9235 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3764472 aaa8c89450712d7891c228bad111e444 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 80472 58e5d6a22149464d1582e79eae070493 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 10830106 6f30f4c7cbc65b28272a40bb6cb8b3e8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3782746 f74ff19d91f58a41d8db3aac9a00111a http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 83734 101b03d9c892543fe05cd0ef443b2eb9 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 12255198 8c184358831c40a9eb2bab9ee35a846b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3764824 46f91e75caaf854ab7ec9bf705499848 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 80196 fa09830f1e113ed94f95ba61bd3592dc http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 11256224 651a9b6319ccf302d934c92482f28bd5 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 129745 e30f2f080f6dcb2eaccb6c0a4eff805a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 1663 391709b683e1293623ebe172b7f593bf http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 37875008 7f0f8a6bc1bafe30ac54aa544ba2bd01 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60712 5cca6c8dd8b574f3d936286dbca73656 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 60702 906970f27ce5f8ccecb5db25e474d5cd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3736630 737cdd5464d5a714ff6c531bf2902e74 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 85462 99f70751eaaa0323516da9a523a78bf6 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 12431140 fcd9c500becd6832992ead0616663117 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 3720182 d495d41fe16647f2fc26e102c4947267 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 81038 b04aefe5ee83a3b677c2a6b0c21aaa68 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird... Size/MD5: 11039066 8b81b6a53e7747a17d4d1c672bbc8ff5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3717682 c58eac9c7dbbc2a4033541b9553ea123 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 80742 77a7ccb93016d2193ea001f23fce744b http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 10859414 74ff27928474bc2ad399d113dfe1fe0c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3735310 06562d5a6c924dca5a7e1703128e358c http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 83906 608aed74906e5a6aa90e3b9bd11dc2ce http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 12210268 da7e451833a317478d41813cd12c1881 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 3723218 868153e81df604ccce5f13e95dc5c905 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 80778 2a20895e6545b8510ca6799009f826bd http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbi... Size/MD5: 11186020 c6cab348d4f39f1bf05f521975908885 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|
||||||||||||||||||