Pardus alert 2010-30 (thunderbird)
| From: | Eren Turkay <eren@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2010-30] Thunderbird: Multiple Vulnerabilities | |
| Date: | Tue, 9 Feb 2010 22:56:09 +0200 (EET) | |
| Message-ID: | <20100209205609.7AB29A7ACF1@lider.pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-30 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-09 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in Thunderbird. Description =========== MFSA 2009-67 Integer overflow, crash in libtheora video library: Security researcher Dan Kaminsky reported an integer overflow in the Theora video library. A video's dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim's computer. MFSA 2009-66 Memory safety fixes in liboggplay media library: Mozilla discovered several bugs in liboggplay which posed potential memory safety issues. The bugs which were fixed could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. MFSA 2009-65 Crashes with evidence of memory corruption: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Affected packages: Pardus 2009: thunderbird, all before 3.0.1-51-8 Resolution ========== There are update(s) for thunderbird. You can update them via Package Manager or with a single command from console: pisi up thunderbird References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12146 * http://www.mozilla.org/security/known-vulnerabilities/thu... ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security