lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 02 Mar 2011 21:58:20 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com,
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: [USN-1050-1] Thunderbird vulnerabilities

===========================================================
Ubuntu Security Notice USN-1050-1            March 03, 2011
thunderbird vulnerabilities
CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.1.8+build3+nobinonly-0ubuntu0.10.04.1

Ubuntu 10.10:
  thunderbird                     3.1.8+build3+nobinonly-0ubuntu0.10.10.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry
Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several
memory issues in the browser engine. An attacker could exploit these to
crash the browser or possibly run arbitrary code as the user invoking the
program. (CVE-2011-0053, CVE-2011-0062)

Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript
execution in chrome documents. A malicious extension could exploit this to
execute arbitrary code with chrome privlieges. (CVE-2010-1585)

Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2011-0061)


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1.diff.gz
      Size/MD5:    95982 cdeaaffea4ca12f2160643815e6cc607
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1.dsc
      Size/MD5:     2163 a22911ddc374236e594a441f1eb7443c
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly.orig.tar.gz
      Size/MD5: 68664302 67a9fff4dd17b8779e9c01b9a3002cd5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 63019896 fffeb4ba538e6c6efb80a8a0eb258b3c
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5441106 4543c296075d4a179118961fcfdae5b2
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   180958 af349ebf8d97d47b6661b62123f7fd19
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:     9366 61065702e1d54cd3fc9b38abda8edaab
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 12116874 ce12bbca9907c61128bd19059d2e3d89

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 63542472 f2203658dd9881cb76d752ddfeb202a5
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5151432 86175a844c71fdc06a5a7a68579ec7ec
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   180138 2018d052be9a539220a01e7f895b613b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:     9354 832ddf6fe7964608181c2c410abc3b44
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 11118686 e53a3c967a6e60ab9745744ceb2af545

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
      Size/MD5: 64404486 1fd4244414b1a5de9adbd259c01f5ac5
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
      Size/MD5:  5491132 c0bfbad6ccbd5e19027a6b1a1039dd40
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
      Size/MD5:   182474 15ec9e9688250365a9ce2139a5ae7b0f
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
      Size/MD5:     9366 ecb912e4e5e53109bcb6e341d53bef0e
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
      Size/MD5: 10765536 2bf8588caff88d3828b62280b9f5badb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 66035610 aea88a7a520107dba7d1a57f933bb108
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  4986496 3acf9b87eb00f271bedde4f72849f66c
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   186842 019e24d8880cef5b5859b7f37a82d8f9
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:     9356 42ac7f79e0f273fac2c3f18bb062ad2d
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 11930276 e7f8c8770c0c13ee6bdf60275f9b2324

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 62426354 55bbdf4c641b913942247d55f32549f8
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  4953092 10219347d29f7314b053b56297a3ba5e
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   176248 b5fc7d1d288354860f4bf611a297a75d
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:     9362 ee32b0a0a9b90b634f838122274a6a90
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 11142672 12d1abea1dce8f0ae359a405b7357831

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1.diff.gz
      Size/MD5:    97045 b46241e380e4f8ad04c438106418b4fd
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1.dsc
      Size/MD5:     2176 98686947c7966e4e71dba1bdc9437bd5
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly.orig.tar.gz
      Size/MD5: 68664302 67a9fff4dd17b8779e9c01b9a3002cd5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
      Size/MD5: 63024906 44aa196ed969a6c6f2b9757066b5f1ad
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:  5010526 d815968576743ee81ac6f7034cf20b01
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:   181700 74445816eab90ebae77e1536719ed440
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
      Size/MD5:     9378 80d4fa8fc404f1ada33bfff0a78221b0
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
      Size/MD5: 12087952 1935875f953cbf5bfce35b268000f27a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
      Size/MD5: 63541296 cbace9ba234c57aa44877b459ae11b53
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
      Size/MD5:  5149080 9052eaec15cc360d472678f5bd68ccfa
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
      Size/MD5:   180782 7dff08599a57844edc722803d91d17a8
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
      Size/MD5:     9378 03fb41e6d084a2de043e12e4ed866fbf
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
      Size/MD5: 11102278 70b7af3e23c5ec1f7df32ec0f50a5e45

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
      Size/MD5: 66039448 5324cdff37464a66c9b9c9d62dcbde90
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
      Size/MD5:  5668526 fb39543f0e4457cefe5091a4737a36cb
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
      Size/MD5:   188928 b5369ca8b2a4a4d97e734ef64a6d90d5
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
      Size/MD5:     9392 16d9bd7c598b52be079e5725186e0af7
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
      Size/MD5: 10983352 61f45367e7b9d64dbb9cb0adb52396ad

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5: 65848858 8b13cff02583246a2605d4f3893ce5eb
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:  4984440 ac3549907615e90810a061ca278ba5cf
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:   187432 f9ad89507d0bcad280252ad34e6eb7f9
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5:     9376 efd5a0cc9526744b9c5e1493b124cee2
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
      Size/MD5: 11790214 ad669afaa57576ff24c7f42520604bab




Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists