lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20060828053014.9D0CAFDB5@finlandia.home.infodrom.org>
Date: Mon, 28 Aug 2006 07:30:14 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Cc: 
Subject: [SECURITY] [DSA 1159-1] New Mozilla Thunderbird
	packages fix several problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1159-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
August 28th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807
                 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs    : 18228 19181

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2006-2779

    Mozilla team members discovered several crashes during testing of
    the browser engine showing evidence of memory corruption which may
    also lead to the execution of arbitrary code.  The last bit of
    this problem will be corrected with the next update.  You can
    prevent any trouble by disabling Javascript.  [MFSA-2006-32]

CVE-2006-3805

    The Javascript engine might allow remote attackers to execute
    arbitrary code.  [MFSA-2006-50]

CVE-2006-3806

    Multiple integer overflows in the Javascript engine might allow
    remote attackers to execute arbitrary code.  [MFSA-2006-50]

CVE-2006-3807

    Specially crafted Javascript allows remote attackers to execute
    arbitrary code.  [MFSA-2006-51]

CVE-2006-3808

    Remote AutoConfig (PAC) servers could execute code with elevated
    privileges via a specially crafted PAC script.  [MFSA-2006-52]

CVE-2006-3809

    Scripts with the UniversalBrowserRead privilege could gain
    UniversalXPConnect privileges and possibly execute code or obtain
    sensitive data.  [MFSA-2006-53]

CVE-2006-3810

    A cross-site scripting vulnerability allows remote attackers to
    inject arbitrary web script or HTML.  [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8b.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.dsc
      Size/MD5 checksum:     1003 04d64af96e791f70b148b47369e78fa8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.diff.gz
      Size/MD5 checksum:   485519 ee4edfac117a53c5af08ed97fe85fe55
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum: 12848642 4c5bcb9649ff7eec7d4ad6409fccfbce
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:  3279330 5de619881da404d6846a64e1ab100198
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:   151606 aca457a945d7a89cc5ad25952db6d32b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    33038 f219f0a68ebce04be1a448d582330e36
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_alpha.deb
      Size/MD5 checksum:    88998 349021463f3a1fca2c269044cf3e66ca

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum: 12255144 bacce34b5bc0e00ae8dfdcb6db7effee
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:  3280524 68041a19610600cd691914971d72e915
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:   150580 d4cd554373b8cf9695e11b172ccd018c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    33032 5c7cc39d0f91f8cbd7dfbcd62f5233ea
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_amd64.deb
      Size/MD5 checksum:    88794 ef6eb382de91c862944b1486e5c343a7

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum: 10342700 42ebac688dbc2943768353f381c48af5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:  3271408 8d1d920dbc27c50d3cef51653ae67571
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:   142784 14df28e047604532f99d28d57fd66555
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    33052 441a28a0673a0b4a341ea3d2685ef7a7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_arm.deb
      Size/MD5 checksum:    80852 608e1e053e2bfd73099f6e853cdc3b11

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum: 11563882 b41abc362fc0ed424a3a4cd6c4fa8ca6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:  3507108 6c5268e655733613500ee2173f1012ec
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:   146250 ba9d20e519d188c237b4b7cef17d3bbe
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    33052 ef87f87b1ec09d8b1e66591e69895233
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_i386.deb
      Size/MD5 checksum:    87606 925e4a236ba4230a8e32216a064c3f06

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum: 14624106 a3b234485952ea02ccfdd68133a2cf35
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:  3291038 a15a8ff3fbc471ed4969bb86e67c3c4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   154934 96ab243eb1e9340a6c04743d761febe8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:    33034 ef4ff45411db444879bd8171814989e0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_ia64.deb
      Size/MD5 checksum:   106730 975838d769c3c4e9821ee2f2db1f180a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum: 13565080 e4e770db9c3257e4082f6ba9a4b17942
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:  3284790 cd7b3d8fa65712084108545b06bf5cf8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:   152812 a850d4bbfc5412356adb8999e4afd3a2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    33046 4b2d523df0b35eaf49c2ee670040a746
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_hppa.deb
      Size/MD5 checksum:    96926 49c2664125f88dcbcf8fc370490f1783

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum: 10791242 efe7adeef2105ee962f60eb09d32be04
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:  3270798 a64399e4e34ec761ddb064e650432d47
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:   144566 c368a1f6bda4a639c799903d3bed7c86
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    33066 3992b0cab96e959ecea687899f8ef05f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_m68k.deb
      Size/MD5 checksum:    82094 b13852c78fa4f46ff993f3c1e98680dc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum: 11943796 cb93a2f2fc4dd706defeaea3c18a6b6f
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:  3278794 9acf4f9583972ed1fe2d453e8330233b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:   147496 07472047d17dabe204412c357bb21169
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    33042 b7f0219fc847c1a52b3336aea10b1523
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mips.deb
      Size/MD5 checksum:    84296 de6058169bdcaac13f4e44e50d86fcfa

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum: 11811180 7a90700b755f8a9628743c00c5658e01
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:  3279738 b7599c5e7cb743cfe02f60402beeef4c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:   147050 e648ba4dcabf8cd85415d259d19f9dc5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    33034 9892f5d7755b7b013b825acf7d239b9a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mipsel.deb
      Size/MD5 checksum:    84184 08802c45278f5d135118b15c261d60ff

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum: 10908332 b4899f52b0b1555eef1a52e29f7ccff0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:  3269376 138a349de0a5a33317fb12e38fa7048d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:   144570 8a5fbabc69454577f95fca69d6922183
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    33046 eab66e527293d35eeec5a2aa21e34988
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_powerpc.deb
      Size/MD5 checksum:    80956 110bbacc7e5b85d32966e8b095d18e49

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum: 12701528 e77cc46c7784b4678e00158c4067fb13
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:  3279814 9f614f520b7d24b584b4dfdde4d6856c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:   150872 8ec4f9059a17b2e75afd8cb472dfd7d4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    33030 1a9dd5360add1b5c7d3940e44efc72f4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_s390.deb
      Size/MD5 checksum:    88798 c1fc3eda5995f50df821da0913447ffa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum: 11176418 d9291799bae4c157fe7f0a9dd86ebcf4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:  3275086 2a78bb9f76059b034dd1232cdd82dee6
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:   144214 0f03b8b13d7cb6ae6c0eebbec1da6d2b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    33056 4b9864766f12b2328b9e6fdfd98a4d0e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_sparc.deb
      Size/MD5 checksum:    82648 c02d426a3ab8f7e704f946d0b0fee7c8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE8n9lW5ql+IAeqTIRAgpiAKCTSJG8bf98rWgKM1d1zfQY78HNCQCghAW6
yE3zyT2KfVUR036bLnDdZo0=
=bqG2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ