lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061121191747.GA10960@outflux.net>
Date: Tue, 21 Nov 2006 11:17:47 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-382-1] Thunderbird vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-382-1          November 16, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mozilla-thunderbird                      1.5.0.8-0ubuntu0.5.10

Ubuntu 6.06 LTS:
  mozilla-thunderbird                      1.5.0.8-0ubuntu0.6.06

Ubuntu 6.10:
  mozilla-thunderbird                      1.5.0.8-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.

Details follow:

USN-352-1 fixed a flaw in the verification of PKCS certificate 
signatures. Ulrich Kuehn discovered a variant of the original attack 
which the original fix did not cover. (CVE-2006-5462)

Various flaws have been reported that allow an attacker to execute 
arbitrary code with user privileges by tricking the user into opening a 
malicious email containing JavaScript. Please note that JavaScript is 
disabled by default for emails, and it is not recommended to enable it. 
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.diff.gz
      Size/MD5:   451782 957b1eabbb35c399a9150fc148d2c8a1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.dsc
      Size/MD5:      960 3352ed8872f185027ac3ee354305eafb
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
      Size/MD5:  35621218 a3b77b068da31275611ef46862c0316a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:  3523838 b6819a1f54c1c543ae2c6835ba477b6c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:   190416 761fe8dc15060c09de3013d856b79dd1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5:    55640 617b95dd76853f2bd5d1abd60ad842d7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5: 11981580 188bd293b070ff01101e861eceb690a8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:  3516580 b4c65509f97bea7dc2c207df0559651d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:   183772 f7e72f8793eb681bd521d6963212947c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5:    51254 9e1e6d825c46a9831fd4643c846ac861
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5: 10286996 b1314587b5026e585a1da43c03748076

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  3521222 aa373f9cf0e28313312b4d88d34bb2c4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:   187110 07ee014b3874b619ab9252292a771d9d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5:    54826 04072c4224eaa979b52ac0ce1ea2d62d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 11528020 4e67be3b40ef51e8a3a59170a72d51da

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:  3518202 3559d6e77167adf6ad24cf2dc0ea980e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:   184568 c77f05b16cb004b4b28d08c87c551591
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5:    52714 d10e66393f273bd011a4b792aec0e1c6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5: 10768484 49adf33e01df8b16dfae59539a09f6e4

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.diff.gz
      Size/MD5:   454980 86dc6c3f6e7314db7f1862847aab1746
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.dsc
      Size/MD5:      960 2d270b24bbe03fc5b642cac8c4183517
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
      Size/MD5:  35621218 a3b77b068da31275611ef46862c0316a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:  3528876 4d58793e693a14af93870581bcf5b7d4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:   193880 0c731b9fa2fa5556209ed28fdffd59bb
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5:    59120 ea7b9f02aefd49fc79250683fc277783
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 11989558 3ffcc3970cae97b55a6b0ddc09e40b9b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:  3520550 2dc76d9073a712a6da29dbd5e1e80d94
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:   187250 440d25b5232eab1e15929bf62166ee1a
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5:    54640 8bfe36c400bca1c5fc6a3d6a079d15e7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 10287496 c9e8b30b24ee9c1ea938662ec5c5c829

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  3525980 331fb306bd301e6db588e3ae954682ec
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   190586 6b2cd37ce0d4d218192c1701fedf2d35
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    58236 b9adc16444e5f8a4ba184b896feeddbc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 11560520 bf03db104a8a34d7623719d9bd2d78dd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:  3522432 9f608db55c878301303f11dda557b659
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:   188046 80a01d132f407d2cc7bed5fa827f6726
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5:    56134 a9bb35877246b62480313cacdcaaec62
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 10759610 f8311676b1e447d52a059f673c1c8365

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.diff.gz
      Size/MD5:   454992 495051c8a51c3c76f66110a9cc955da1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.dsc
      Size/MD5:      960 8de9b896031767eec82c7d4992c6a9ba
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
      Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_amd64.deb
      Size/MD5:  3528756 59670215a896e4928e90878dc9b04b08
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_amd64.deb
      Size/MD5:   194002 8c4679532a5a56d9ae9ef85fc10974b5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_amd64.deb
      Size/MD5:    59126 7ae8776fabb53abe898c187cd42b3d05
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_amd64.deb
      Size/MD5: 11982018 6b757d203ac93cf892a87ac8ca9a13db

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_i386.deb
      Size/MD5:  3523844 ec316699b80ad08945c58c3c7427aefa
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_i386.deb
      Size/MD5:   188658 beae7465832335242d6da367e8a79019
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_i386.deb
      Size/MD5:    55770 31263c265feb5c09cf2f7a5f692b95e7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_i386.deb
      Size/MD5: 10743540 60f03ab196fcc5160922386b2e0e27d3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_powerpc.deb
      Size/MD5:  3526062 43038d1a52c353ccb64b0553156673b7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   191106 b8861d5299adce77a280852beffa9e4d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_powerpc.deb
      Size/MD5:    58784 8c26c48f8cc8cf38bc6a0b5e8212936b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 11690926 b727068e620efa13b2c0cd1d3899e271

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_sparc.deb
      Size/MD5:  3522380 3c544b8ac310f5ab3789a9f960a85577
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_sparc.deb
      Size/MD5:   188512 314b6bcbf287df8eeba2793fb3b2686c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_sparc.deb
      Size/MD5:    56190 35ae6cf2ba9e5c68a16c5bfda8b7f0a3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_sparc.deb
      Size/MD5: 10955658 c847b48dfa1e26d4a2da0d8378127f64


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ