[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061121191747.GA10960@outflux.net>
Date: Tue, 21 Nov 2006 11:17:47 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-382-1] Thunderbird vulnerabilities
===========================================================
Ubuntu Security Notice USN-382-1 November 16, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
mozilla-thunderbird 1.5.0.8-0ubuntu0.5.10
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.8-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.8-0ubuntu0.6.10
After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Details follow:
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious email containing JavaScript. Please note that JavaScript is
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.diff.gz
Size/MD5: 451782 957b1eabbb35c399a9150fc148d2c8a1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.dsc
Size/MD5: 960 3352ed8872f185027ac3ee354305eafb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 3523838 b6819a1f54c1c543ae2c6835ba477b6c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 190416 761fe8dc15060c09de3013d856b79dd1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 55640 617b95dd76853f2bd5d1abd60ad842d7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 11981580 188bd293b070ff01101e861eceb690a8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 3516580 b4c65509f97bea7dc2c207df0559651d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 183772 f7e72f8793eb681bd521d6963212947c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 51254 9e1e6d825c46a9831fd4643c846ac861
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 10286996 b1314587b5026e585a1da43c03748076
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 3521222 aa373f9cf0e28313312b4d88d34bb2c4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 187110 07ee014b3874b619ab9252292a771d9d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 54826 04072c4224eaa979b52ac0ce1ea2d62d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 11528020 4e67be3b40ef51e8a3a59170a72d51da
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 3518202 3559d6e77167adf6ad24cf2dc0ea980e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 184568 c77f05b16cb004b4b28d08c87c551591
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 52714 d10e66393f273bd011a4b792aec0e1c6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 10768484 49adf33e01df8b16dfae59539a09f6e4
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.diff.gz
Size/MD5: 454980 86dc6c3f6e7314db7f1862847aab1746
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.dsc
Size/MD5: 960 2d270b24bbe03fc5b642cac8c4183517
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 3528876 4d58793e693a14af93870581bcf5b7d4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 193880 0c731b9fa2fa5556209ed28fdffd59bb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 59120 ea7b9f02aefd49fc79250683fc277783
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 11989558 3ffcc3970cae97b55a6b0ddc09e40b9b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 3520550 2dc76d9073a712a6da29dbd5e1e80d94
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 187250 440d25b5232eab1e15929bf62166ee1a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 54640 8bfe36c400bca1c5fc6a3d6a079d15e7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 10287496 c9e8b30b24ee9c1ea938662ec5c5c829
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 3525980 331fb306bd301e6db588e3ae954682ec
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 190586 6b2cd37ce0d4d218192c1701fedf2d35
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 58236 b9adc16444e5f8a4ba184b896feeddbc
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 11560520 bf03db104a8a34d7623719d9bd2d78dd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 3522432 9f608db55c878301303f11dda557b659
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 188046 80a01d132f407d2cc7bed5fa827f6726
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 56134 a9bb35877246b62480313cacdcaaec62
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 10759610 f8311676b1e447d52a059f673c1c8365
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.diff.gz
Size/MD5: 454992 495051c8a51c3c76f66110a9cc955da1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.dsc
Size/MD5: 960 8de9b896031767eec82c7d4992c6a9ba
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 3528756 59670215a896e4928e90878dc9b04b08
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 194002 8c4679532a5a56d9ae9ef85fc10974b5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 59126 7ae8776fabb53abe898c187cd42b3d05
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 11982018 6b757d203ac93cf892a87ac8ca9a13db
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 3523844 ec316699b80ad08945c58c3c7427aefa
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 188658 beae7465832335242d6da367e8a79019
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 55770 31263c265feb5c09cf2f7a5f692b95e7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 10743540 60f03ab196fcc5160922386b2e0e27d3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3526062 43038d1a52c353ccb64b0553156673b7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 191106 b8861d5299adce77a280852beffa9e4d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 58784 8c26c48f8cc8cf38bc6a0b5e8212936b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 11690926 b727068e620efa13b2c0cd1d3899e271
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 3522380 3c544b8ac310f5ab3789a9f960a85577
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 188512 314b6bcbf287df8eeba2793fb3b2686c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 56190 35ae6cf2ba9e5c68a16c5bfda8b7f0a3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 10955658 c847b48dfa1e26d4a2da0d8378127f64
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists