[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070827060240.GP10512@outflux.net>
Date: Sun, 26 Aug 2007 23:02:40 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-503-1] Thunderbird vulnerabilities
===========================================================
Ubuntu Security Notice USN-503-1 August 24, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844,
CVE-2007-3845
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.13-0ubuntu0.6.10
Ubuntu 7.04:
mozilla-thunderbird 1.5.0.13-0ubuntu0.7.04
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06.diff.gz
Size/MD5: 455132 d8467a49fa9749a12d06330212cb0fa5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06.dsc
Size/MD5: 1603 ec53fcdf9b56d3f3d46266c249ebd597
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_amd64.deb
Size/MD5: 3586642 2c36816d1f7a03ef145ce5d30e60d418
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_amd64.deb
Size/MD5: 194370 cf8d5d4dfb807f09bddaa39c3787de7a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_amd64.deb
Size/MD5: 59612 752bdd32f219cbc227d5481d217dddcb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_amd64.deb
Size/MD5: 12095766 6a8064a3040e2ceba8d23d4215511503
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_i386.deb
Size/MD5: 3578708 fa6953c372876d3475a57fe7698f0efb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_i386.deb
Size/MD5: 187744 53f0bec282e4901d673d4052b9cf76c0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_i386.deb
Size/MD5: 55134 ccd78eca24e17b788416d06b5cd970b9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_i386.deb
Size/MD5: 10369278 597f681fcf328b6e17bb9ba00301b238
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_powerpc.deb
Size/MD5: 3584414 956c1a25ec9285efb111ae8001c14fff
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_powerpc.deb
Size/MD5: 191098 ebb6fa00a8ba29a16b45266b9be70822
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_powerpc.deb
Size/MD5: 58742 8aae905e454ae490b27c1d35f717235a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_powerpc.deb
Size/MD5: 11650578 2cc2f06a14cf7c6b77d4f913ef57ac34
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.06_sparc.deb
Size/MD5: 3580718 d5d9508759e3c19cd6b1c9a02ca91adc
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.06_sparc.deb
Size/MD5: 188542 5a4ee0e188ef31a759ab183d833d4685
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.06_sparc.deb
Size/MD5: 56626 3dbbd7cd060a11112a5fd1a7fd23cd35
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.06_sparc.deb
Size/MD5: 10844686 de165e9bb539e3ae662676a4ca3029e7
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10.diff.gz
Size/MD5: 455992 38afdbcb0d339c8ee3b1cab8f33b6fa1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10.dsc
Size/MD5: 1601 0a8019db6f355e5ccc2b5eb6a704a73f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_amd64.deb
Size/MD5: 3586466 426017c63f2dc362c8c5a664b5a906b1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_amd64.deb
Size/MD5: 194496 4c7c6349b9829de611db2e8222f9150a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_amd64.deb
Size/MD5: 59626 f5d323ecafeae46ae34cac71706d99d5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_amd64.deb
Size/MD5: 12091050 61350cf3dc12e29dbac243fc9e911be5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_i386.deb
Size/MD5: 3582338 319eb753f7570f045e9de39795bf0646
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_i386.deb
Size/MD5: 189152 687f5583b93df5db616ab8fe7f8eb3e8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_i386.deb
Size/MD5: 56258 6cfcdbb6d930e8a4f535fb5ca5d476f0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_i386.deb
Size/MD5: 10829290 a3c2ca0abeccef3570fccacd3a05c60e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3584542 717064f808322f7ca11bc22551ee2127
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_powerpc.deb
Size/MD5: 191580 3fd254e0d0ec073832e01af8db9656e7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_powerpc.deb
Size/MD5: 59334 3f0c56850ed5f96888c3feffc75fd96b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_powerpc.deb
Size/MD5: 11779014 0b7e4785c95d1fd0b8c16bac50686349
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.6.10_sparc.deb
Size/MD5: 3580676 e5ecded833e695d40fb0ae30b84ca685
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.6.10_sparc.deb
Size/MD5: 188984 367b43b2719cf830d1a318de5315bf46
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.6.10_sparc.deb
Size/MD5: 56682 46103432a77551215c77c935d08e6b42
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.6.10_sparc.deb
Size/MD5: 11041104 984bf1c75968dd40149956254f94fabb
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04.diff.gz
Size/MD5: 126635 4c85da89acdf347587cfcfb3d9433304
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04.dsc
Size/MD5: 1601 d306cbba411cc32f7f579acfb559c9b0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13.orig.tar.gz
Size/MD5: 36080566 62b37f8d4777f305146623d7437e3ccd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_amd64.deb
Size/MD5: 3587044 0780090e7e421d87ab8bcc5137d2922c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_amd64.deb
Size/MD5: 195006 415f02a983531cd65f0f15a895f1e0d0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_amd64.deb
Size/MD5: 60144 74c446643a9674a3dd3c1a2f04861c8e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_amd64.deb
Size/MD5: 12187948 f85553218e76dbb5178358b2cf0b65d9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_i386.deb
Size/MD5: 3583270 7657f360e3b57b77d7955051e435175b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_i386.deb
Size/MD5: 189648 20ee57f83d22e2b39e4d0d9d71ac7065
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_i386.deb
Size/MD5: 56760 58a55ba7a1f760ca76fd3b9142ab42a0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_i386.deb
Size/MD5: 10916670 f13212b9d47949ed8b854348e14dfed2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_powerpc.deb
Size/MD5: 3587820 ece8b66570abedc631dd58b37b586ab7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_powerpc.deb
Size/MD5: 193120 c472b0175bea62f0d228770c0ab9e261
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_powerpc.deb
Size/MD5: 60128 71c1d1364c88ae38f43953e51b06a72f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_powerpc.deb
Size/MD5: 12131446 829c93637e9e61864e5303adb36a602f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.13-0ubuntu0.7.04_sparc.deb
Size/MD5: 3582290 c14265f81e5fbc21022e0f91a6b12603
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.13-0ubuntu0.7.04_sparc.deb
Size/MD5: 189470 c47268c61b56f5bebf845d06585a9bfa
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.13-0ubuntu0.7.04_sparc.deb
Size/MD5: 57188 511ca6c3e342af386da76fab926f697f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.13-0ubuntu0.7.04_sparc.deb
Size/MD5: 11143012 43b4637793f6994d92e8bdff215cb183
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists