ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-503-1] Thunderbird vulnerabilities (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Sun, 26 Aug 2007 23:02:40 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-503-1] Thunderbird vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20070827060240.GP10512@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-503-1 August 24, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844,
CVE-2007-3845
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.10
Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13-0ubuntu0.7.04
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 455132 d8467a49fa9749a12d06330212cb0fa5
Size/MD5: 1603 ec53fcdf9b56d3f3d46266c249ebd597
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 3586642 2c36816d1f7a03ef145ce5d30e60d418
Size/MD5: 194370 cf8d5d4dfb807f09bddaa39c3787de7a
Size/MD5: 59612 752bdd32f219cbc227d5481d217dddcb
Size/MD5: 12095766 6a8064a3040e2ceba8d23d4215511503
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 3578708 fa6953c372876d3475a57fe7698f0efb
Size/MD5: 187744 53f0bec282e4901d673d4052b9cf76c0
Size/MD5: 55134 ccd78eca24e17b788416d06b5cd970b9
Size/MD5: 10369278 597f681fcf328b6e17bb9ba00301b238
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 3584414 956c1a25ec9285efb111ae8001c14fff
Size/MD5: 191098 ebb6fa00a8ba29a16b45266b9be70822
Size/MD5: 58742 8aae905e454ae490b27c1d35f717235a
Size/MD5: 11650578 2cc2f06a14cf7c6b77d4f913ef57ac34
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 3580718 d5d9508759e3c19cd6b1c9a02ca91adc
Size/MD5: 188542 5a4ee0e188ef31a759ab183d833d4685
Size/MD5: 56626 3dbbd7cd060a11112a5fd1a7fd23cd35
Size/MD5: 10844686 de165e9bb539e3ae662676a4ca3029e7
Updated packages for Ubuntu 6.10:
Source archives:
Size/MD5: 455992 38afdbcb0d339c8ee3b1cab8f33b6fa1
Size/MD5: 1601 0a8019db6f355e5ccc2b5eb6a704a73f
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 3586466 426017c63f2dc362c8c5a664b5a906b1
Size/MD5: 194496 4c7c6349b9829de611db2e8222f9150a
Size/MD5: 59626 f5d323ecafeae46ae34cac71706d99d5
Size/MD5: 12091050 61350cf3dc12e29dbac243fc9e911be5
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 3582338 319eb753f7570f045e9de39795bf0646
Size/MD5: 189152 687f5583b93df5db616ab8fe7f8eb3e8
Size/MD5: 56258 6cfcdbb6d930e8a4f535fb5ca5d476f0
Size/MD5: 10829290 a3c2ca0abeccef3570fccacd3a05c60e
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 3584542 717064f808322f7ca11bc22551ee2127
Size/MD5: 191580 3fd254e0d0ec073832e01af8db9656e7
Size/MD5: 59334 3f0c56850ed5f96888c3feffc75fd96b
Size/MD5: 11779014 0b7e4785c95d1fd0b8c16bac50686349
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 3580676 e5ecded833e695d40fb0ae30b84ca685
Size/MD5: 188984 367b43b2719cf830d1a318de5315bf46
Size/MD5: 56682 46103432a77551215c77c935d08e6b42
Size/MD5: 11041104 984bf1c75968dd40149956254f94fabb
Updated packages for Ubuntu 7.04:
Source archives:
Size/MD5: 126635 4c85da89acdf347587cfcfb3d9433304
Size/MD5: 1601 d306cbba411cc32f7f579acfb559c9b0
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 3587044 0780090e7e421d87ab8bcc5137d2922c
Size/MD5: 195006 415f02a983531cd65f0f15a895f1e0d0
Size/MD5: 60144 74c446643a9674a3dd3c1a2f04861c8e
Size/MD5: 12187948 f85553218e76dbb5178358b2cf0b65d9
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 3583270 7657f360e3b57b77d7955051e435175b
Size/MD5: 189648 20ee57f83d22e2b39e4d0d9d71ac7065
Size/MD5: 56760 58a55ba7a1f760ca76fd3b9142ab42a0
Size/MD5: 10916670 f13212b9d47949ed8b854348e14dfed2
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 3587820 ece8b66570abedc631dd58b37b586ab7
Size/MD5: 193120 c472b0175bea62f0d228770c0ab9e261
Size/MD5: 60128 71c1d1364c88ae38f43953e51b06a72f
Size/MD5: 12131446 829c93637e9e61864e5303adb36a602f
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 3582290 c14265f81e5fbc21022e0f91a6b12603
Size/MD5: 189470 c47268c61b56f5bebf845d06585a9bfa
Size/MD5: 57188 511ca6c3e342af386da76fab926f697f
Size/MD5: 11143012 43b4637793f6994d92e8bdff215cb183
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070826/2c1f6cd7/attachment-0001.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 35, Issue 11
********************************************************
No comments:
Post a Comment