lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070307015441.GP9621@outflux.net>
Date: Tue, 6 Mar 2007 17:54:41 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-431-1] Thunderbird vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-431-1             March 07, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.5.10

Ubuntu 6.06 LTS:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.6.06

Ubuntu 6.10:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird to 
effect the necessary changes.

Details follow:

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges.  (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently 
verify the validity of client master keys presented in an SSL client 
certificate. A remote attacker could exploit this to execute arbitrary 
code in a server application that uses the NSS library.  (CVE-2007-0009)

Various flaws have been reported that could allow an attacker to execute 
arbitrary code with user privileges by tricking the user into opening a 
malicious web page.  (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10.diff.gz
      Size/MD5:   451558 9201ce342ac44e7457f9effe0b2260f1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10.dsc
      Size/MD5:      963 096c2f8f7595b063cdb57734aee49fc7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10.orig.tar.gz
      Size/MD5: 36077004 6c3d75d0fb4d1382bb64fb0808eab840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_amd64.deb
      Size/MD5:  3530774 87d19a325390947583e48a0acc1c430e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_amd64.deb
      Size/MD5:   190690 8b94c996f15698e3e4e5f10abeba99f9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_amd64.deb
      Size/MD5:    55902 8df7e608027f16e4dbc52c6df70a935c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_amd64.deb
      Size/MD5: 12060510 bffb0df58665aa9e0bda36e8d2ab0dcf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_i386.deb
      Size/MD5:  3521898 735c894ec6a51acde89e9419537a1af0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_i386.deb
      Size/MD5:   184074 edcad564676152a81a4b03009782fa0f
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_i386.deb
      Size/MD5:    51530 fbacc5e9bdb9fb69e054296da579db55
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_i386.deb
      Size/MD5: 10348302 448cf552030f1e113ef6eecd3db47ec0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_powerpc.deb
      Size/MD5:  3527478 a62c8ea3d17e342c697fba213701fac9
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_powerpc.deb
      Size/MD5:   187408 6b53d9f03e9776f35f55a44b11324219
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_powerpc.deb
      Size/MD5:    55096 6715a4ba6cce73da08932aa035f9f1f6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 11592470 4fde80cd428cf5f962a5fa21a1100c04

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_sparc.deb
      Size/MD5:  3523640 f1950b4c50d02a43f6ab02618c49ce5e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_sparc.deb
      Size/MD5:   184856 ff96fb8e4ac2fbe594199ad554fa14ad
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_sparc.deb
      Size/MD5:    52986 12026f7161124993d7ce057fb653eebb
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_sparc.deb
      Size/MD5: 10831064 1d98f8ff2cca32fc5efdccf6f45d041b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06.diff.gz
      Size/MD5:   454934 3634b0418aa5cbee5e0c194dece32b45
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06.dsc
      Size/MD5:      963 ce0d4a0e906b98b47379417e02acf9d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_amd64.deb
      Size/MD5:  3534786 4048c5389518c3be184a6419b0a92dd3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_amd64.deb
      Size/MD5:   194174 8780af0825be29bfbb9e4c696d973ce0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_amd64.deb
      Size/MD5:    59408 7cb37722b78dfa50bb6e46ab92b53ccc
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_amd64.deb
      Size/MD5: 12070202 f45fd5e505a0536659947aca0de26f8b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_i386.deb
      Size/MD5:  3527078 fc76f9a36e74f02185a97cd5740c7de7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_i386.deb
      Size/MD5:   187538 50b6efcce4b41288152226f3dd611db7
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_i386.deb
      Size/MD5:    54922 d2e14f478a41db1b1aa53bbac4abba4e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_i386.deb
      Size/MD5: 10347054 8422c679127103ee6ea36ce4e9f2ceb5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_powerpc.deb
      Size/MD5:  3532870 8665536250fad703a6e4e6ff181b486e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_powerpc.deb
      Size/MD5:   190880 34d32b90b85048df075b64570bed5d74
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_powerpc.deb
      Size/MD5:    58538 512fe71392f887c32b3f5d096abe3ac4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 11624320 2bff41c1ed67e361243b12dc9bc8cf68

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_sparc.deb
      Size/MD5:  3529076 2c3f05b9709a35fe8a04cb9635ded807
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_sparc.deb
      Size/MD5:   188328 09a45d676c00517e501371978a44ea88
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_sparc.deb
      Size/MD5:    56414 cf685a4cca2d52a949bb4b6ae5644ba4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_sparc.deb
      Size/MD5: 10818756 e2c84d36ac95f59d55e61a165d036cf4

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10.diff.gz
      Size/MD5:   455368 b1b05ec9b0524d9837f9dbc1886ba5db
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10.dsc
      Size/MD5:      963 7d3d9373365c63f81f1893cf1c0343e6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_amd64.deb
      Size/MD5:  3534530 b91a4f3fa51ce679b526b603c53f606c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_amd64.deb
      Size/MD5:   194290 f1316eedba06e1fa05b61bd40661447c
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_amd64.deb
      Size/MD5:    59412 a8d368db2641ad759235f63b60adca94
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_amd64.deb
      Size/MD5: 12068840 097951e9a5ab8c54a9beff73fe38feff

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_i386.deb
      Size/MD5:  3530892 4ffa7353a111fadee3aa3971529a026d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_i386.deb
      Size/MD5:   188958 bf234cf79421a6fff37f1c10a81e4c42
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_i386.deb
      Size/MD5:    56050 ec52c524dacf263fd93b4eb8c88e1a77
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_i386.deb
      Size/MD5: 10804696 67b115670c9a231cbd643d8eb98e3207

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_powerpc.deb
      Size/MD5:  3532760 ddbf679b2c92f5dc8bff86f96f87dfe2
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_powerpc.deb
      Size/MD5:   191388 f1cf1a7112e492784fa822d82d8c70f4
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_powerpc.deb
      Size/MD5:    59058 fe7ae7579b6c325fd5276fdd7085caa1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_powerpc.deb
      Size/MD5: 11753272 51eb235e10f5ce40e75d9eceb1a1a460

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_sparc.deb
      Size/MD5:  3529194 e20b5525b8119e82c6887a363b652c12
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_sparc.deb
      Size/MD5:   188778 f97c647566c1ade50a2d838dd5a0f906
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_sparc.deb
      Size/MD5:    56468 bea9f315b787f5841932a27c61c4ed26
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_sparc.deb
      Size/MD5: 11019700 0bd22175edc692013128f0b278832027


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ