[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070307015441.GP9621@outflux.net>
Date: Tue, 6 Mar 2007 17:54:41 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-431-1] Thunderbird vulnerabilities
===========================================================
Ubuntu Security Notice USN-431-1 March 07, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
mozilla-thunderbird 1.5.0.10-0ubuntu0.5.10
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.10-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.10-0ubuntu0.6.10
After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Details follow:
The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)
The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library. (CVE-2007-0009)
Various flaws have been reported that could allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious web page. (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10.diff.gz
Size/MD5: 451558 9201ce342ac44e7457f9effe0b2260f1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10.dsc
Size/MD5: 963 096c2f8f7595b063cdb57734aee49fc7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10.orig.tar.gz
Size/MD5: 36077004 6c3d75d0fb4d1382bb64fb0808eab840
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_amd64.deb
Size/MD5: 3530774 87d19a325390947583e48a0acc1c430e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_amd64.deb
Size/MD5: 190690 8b94c996f15698e3e4e5f10abeba99f9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_amd64.deb
Size/MD5: 55902 8df7e608027f16e4dbc52c6df70a935c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_amd64.deb
Size/MD5: 12060510 bffb0df58665aa9e0bda36e8d2ab0dcf
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_i386.deb
Size/MD5: 3521898 735c894ec6a51acde89e9419537a1af0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_i386.deb
Size/MD5: 184074 edcad564676152a81a4b03009782fa0f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_i386.deb
Size/MD5: 51530 fbacc5e9bdb9fb69e054296da579db55
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_i386.deb
Size/MD5: 10348302 448cf552030f1e113ef6eecd3db47ec0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_powerpc.deb
Size/MD5: 3527478 a62c8ea3d17e342c697fba213701fac9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_powerpc.deb
Size/MD5: 187408 6b53d9f03e9776f35f55a44b11324219
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_powerpc.deb
Size/MD5: 55096 6715a4ba6cce73da08932aa035f9f1f6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_powerpc.deb
Size/MD5: 11592470 4fde80cd428cf5f962a5fa21a1100c04
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.5.10_sparc.deb
Size/MD5: 3523640 f1950b4c50d02a43f6ab02618c49ce5e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.5.10_sparc.deb
Size/MD5: 184856 ff96fb8e4ac2fbe594199ad554fa14ad
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.5.10_sparc.deb
Size/MD5: 52986 12026f7161124993d7ce057fb653eebb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.5.10_sparc.deb
Size/MD5: 10831064 1d98f8ff2cca32fc5efdccf6f45d041b
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06.diff.gz
Size/MD5: 454934 3634b0418aa5cbee5e0c194dece32b45
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06.dsc
Size/MD5: 963 ce0d4a0e906b98b47379417e02acf9d9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_amd64.deb
Size/MD5: 3534786 4048c5389518c3be184a6419b0a92dd3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_amd64.deb
Size/MD5: 194174 8780af0825be29bfbb9e4c696d973ce0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_amd64.deb
Size/MD5: 59408 7cb37722b78dfa50bb6e46ab92b53ccc
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_amd64.deb
Size/MD5: 12070202 f45fd5e505a0536659947aca0de26f8b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_i386.deb
Size/MD5: 3527078 fc76f9a36e74f02185a97cd5740c7de7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_i386.deb
Size/MD5: 187538 50b6efcce4b41288152226f3dd611db7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_i386.deb
Size/MD5: 54922 d2e14f478a41db1b1aa53bbac4abba4e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_i386.deb
Size/MD5: 10347054 8422c679127103ee6ea36ce4e9f2ceb5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_powerpc.deb
Size/MD5: 3532870 8665536250fad703a6e4e6ff181b486e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_powerpc.deb
Size/MD5: 190880 34d32b90b85048df075b64570bed5d74
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_powerpc.deb
Size/MD5: 58538 512fe71392f887c32b3f5d096abe3ac4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_powerpc.deb
Size/MD5: 11624320 2bff41c1ed67e361243b12dc9bc8cf68
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.06_sparc.deb
Size/MD5: 3529076 2c3f05b9709a35fe8a04cb9635ded807
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.06_sparc.deb
Size/MD5: 188328 09a45d676c00517e501371978a44ea88
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.06_sparc.deb
Size/MD5: 56414 cf685a4cca2d52a949bb4b6ae5644ba4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.06_sparc.deb
Size/MD5: 10818756 e2c84d36ac95f59d55e61a165d036cf4
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10.diff.gz
Size/MD5: 455368 b1b05ec9b0524d9837f9dbc1886ba5db
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10.dsc
Size/MD5: 963 7d3d9373365c63f81f1893cf1c0343e6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_amd64.deb
Size/MD5: 3534530 b91a4f3fa51ce679b526b603c53f606c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_amd64.deb
Size/MD5: 194290 f1316eedba06e1fa05b61bd40661447c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_amd64.deb
Size/MD5: 59412 a8d368db2641ad759235f63b60adca94
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_amd64.deb
Size/MD5: 12068840 097951e9a5ab8c54a9beff73fe38feff
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_i386.deb
Size/MD5: 3530892 4ffa7353a111fadee3aa3971529a026d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_i386.deb
Size/MD5: 188958 bf234cf79421a6fff37f1c10a81e4c42
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_i386.deb
Size/MD5: 56050 ec52c524dacf263fd93b4eb8c88e1a77
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_i386.deb
Size/MD5: 10804696 67b115670c9a231cbd643d8eb98e3207
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3532760 ddbf679b2c92f5dc8bff86f96f87dfe2
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_powerpc.deb
Size/MD5: 191388 f1cf1a7112e492784fa822d82d8c70f4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_powerpc.deb
Size/MD5: 59058 fe7ae7579b6c325fd5276fdd7085caa1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_powerpc.deb
Size/MD5: 11753272 51eb235e10f5ce40e75d9eceb1a1a460
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.10-0ubuntu0.6.10_sparc.deb
Size/MD5: 3529194 e20b5525b8119e82c6887a363b652c12
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.10-0ubuntu0.6.10_sparc.deb
Size/MD5: 188778 f97c647566c1ade50a2d838dd5a0f906
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.10-0ubuntu0.6.10_sparc.deb
Size/MD5: 56468 bea9f315b787f5841932a27c61c4ed26
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.10-0ubuntu0.6.10_sparc.deb
Size/MD5: 11019700 0bd22175edc692013128f0b278832027
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists