News

Loading...

Monday, August 27, 2007

ubuntu-security-announce Digest, Vol 35, Issue 11

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-503-1] Thunderbird vulnerabilities (Kees Cook)


----------------------------------------------------------------------

Message: 1
Date: Sun, 26 Aug 2007 23:02:40 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-503-1] Thunderbird vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070827060240.GP10512@outflux.net>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-503-1 August 24, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844,
CVE-2007-3845
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.06

Ubuntu 6.10:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.10

Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13-0ubuntu0.7.04

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06.diff.gz

Size/MD5: 455132 d8467a49fa9749a12d06330212cb0fa5

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06.dsc

Size/MD5: 1603 ec53fcdf9b56d3f3d46266c249ebd597

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz

Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_amd64.deb

Size/MD5: 3586642 2c36816d1f7a03ef145ce5d30e60d418

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_amd64.deb

Size/MD5: 194370 cf8d5d4dfb807f09bddaa39c3787de7a

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_amd64.deb

Size/MD5: 59612 752bdd32f219cbc227d5481d217dddcb

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_amd64.deb

Size/MD5: 12095766 6a8064a3040e2ceba8d23d4215511503

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_i386.deb

Size/MD5: 3578708 fa6953c372876d3475a57fe7698f0efb

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_i386.deb

Size/MD5: 187744 53f0bec282e4901d673d4052b9cf76c0

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_i386.deb

Size/MD5: 55134 ccd78eca24e17b788416d06b5cd970b9

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_i386.deb

Size/MD5: 10369278 597f681fcf328b6e17bb9ba00301b238

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_powerpc.deb

Size/MD5: 3584414 956c1a25ec9285efb111ae8001c14fff

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_powerpc.deb

Size/MD5: 191098 ebb6fa00a8ba29a16b45266b9be70822

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_powerpc.deb

Size/MD5: 58742 8aae905e454ae490b27c1d35f717235a

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_powerpc.deb

Size/MD5: 11650578 2cc2f06a14cf7c6b77d4f913ef57ac34

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_sparc.deb

Size/MD5: 3580718 d5d9508759e3c19cd6b1c9a02ca91adc

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_sparc.deb

Size/MD5: 188542 5a4ee0e188ef31a759ab183d833d4685

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_sparc.deb

Size/MD5: 56626 3dbbd7cd060a11112a5fd1a7fd23cd35

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_sparc.deb

Size/MD5: 10844686 de165e9bb539e3ae662676a4ca3029e7

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10.diff.gz

Size/MD5: 455992 38afdbcb0d339c8ee3b1cab8f33b6fa1

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10.dsc

Size/MD5: 1601 0a8019db6f355e5ccc2b5eb6a704a73f

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz

Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_amd64.deb

Size/MD5: 3586466 426017c63f2dc362c8c5a664b5a906b1

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_amd64.deb

Size/MD5: 194496 4c7c6349b9829de611db2e8222f9150a

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_amd64.deb

Size/MD5: 59626 f5d323ecafeae46ae34cac71706d99d5

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_amd64.deb

Size/MD5: 12091050 61350cf3dc12e29dbac243fc9e911be5

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_i386.deb

Size/MD5: 3582338 319eb753f7570f045e9de39795bf0646

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_i386.deb

Size/MD5: 189152 687f5583b93df5db616ab8fe7f8eb3e8

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_i386.deb

Size/MD5: 56258 6cfcdbb6d930e8a4f535fb5ca5d476f0

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_i386.deb

Size/MD5: 10829290 a3c2ca0abeccef3570fccacd3a05c60e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_powerpc.deb

Size/MD5: 3584542 717064f808322f7ca11bc22551ee2127

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_powerpc.deb

Size/MD5: 191580 3fd254e0d0ec073832e01af8db9656e7

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_powerpc.deb

Size/MD5: 59334 3f0c56850ed5f96888c3feffc75fd96b

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_powerpc.deb

Size/MD5: 11779014 0b7e4785c95d1fd0b8c16bac50686349

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_sparc.deb

Size/MD5: 3580676 e5ecded833e695d40fb0ae30b84ca685

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_sparc.deb

Size/MD5: 188984 367b43b2719cf830d1a318de5315bf46

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_sparc.deb

Size/MD5: 56682 46103432a77551215c77c935d08e6b42

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_sparc.deb

Size/MD5: 11041104 984bf1c75968dd40149956254f94fabb

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04.diff.gz

Size/MD5: 126635 4c85da89acdf347587cfcfb3d9433304

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04.dsc

Size/MD5: 1601 d306cbba411cc32f7f579acfb559c9b0

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz

Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_amd64.deb

Size/MD5: 3587044 0780090e7e421d87ab8bcc5137d2922c

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_amd64.deb

Size/MD5: 195006 415f02a983531cd65f0f15a895f1e0d0

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_amd64.deb

Size/MD5: 60144 74c446643a9674a3dd3c1a2f04861c8e

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_amd64.deb

Size/MD5: 12187948 f85553218e76dbb5178358b2cf0b65d9

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_i386.deb

Size/MD5: 3583270 7657f360e3b57b77d7955051e435175b

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_i386.deb

Size/MD5: 189648 20ee57f83d22e2b39e4d0d9d71ac7065

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_i386.deb

Size/MD5: 56760 58a55ba7a1f760ca76fd3b9142ab42a0

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_i386.deb

Size/MD5: 10916670 f13212b9d47949ed8b854348e14dfed2

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_powerpc.deb

Size/MD5: 3587820 ece8b66570abedc631dd58b37b586ab7

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_powerpc.deb

Size/MD5: 193120 c472b0175bea62f0d228770c0ab9e261

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_powerpc.deb

Size/MD5: 60128 71c1d1364c88ae38f43953e51b06a72f

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_powerpc.deb

Size/MD5: 12131446 829c93637e9e61864e5303adb36a602f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_sparc.deb

Size/MD5: 3582290 c14265f81e5fbc21022e0f91a6b12603

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_sparc.deb

Size/MD5: 189470 c47268c61b56f5bebf845d06585a9bfa

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_sparc.deb

Size/MD5: 57188 511ca6c3e342af386da76fab926f697f

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_sparc.deb

Size/MD5: 11143012 43b4637793f6994d92e8bdff215cb183

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070826/2c1f6cd7/attachment-0001.pgp


------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 35, Issue 11
********************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive