lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090820234226.GB6964@severus.strandboge.com>
Date: Thu, 20 Aug 2009 18:42:26 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-817-1] Thunderbird vulnerabilities

===========================================================
Ubuntu Security Notice USN-817-1            August 20, 2009
thunderbird vulnerabilities
http://launchpad.net/bugs/416646
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  thunderbird                     2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
  thunderbird                     2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
  thunderbird                     2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Several flaws were discovered in the rendering engine of Thunderbird. If
Javascript were enabled, an attacker could exploit these flaws to crash
Thunderbird.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
      Size/MD5:   129367 a46acd34aed1148759970e2bde6f3059
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1.dsc
      Size/MD5:     2368 c8026b30a66814e8b30ff11a2f3f9447
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
      Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60600 8f00ec0ab72a360fdf959c71354ee430
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60582 96a1a5d7ceb2f44f2cea477e16e0780b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  3783924 d971905a01230935a998810f974618db
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    85484 3dd1da60dae983f1fb27ee1952026b68
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5: 12428428 df0d116218353b1ba3b96290081b49ab

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  3770572 533ab5cfdd2ae34b1fee6024aefd9abf
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    80880 09ec6e71645d9f3e79388722ae4bbbb5
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5: 11003638 b67d686a0a4648b47f28e7ab2d35eebe

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  3768342 4ad5416dd3eea9ce5c5f4b786655f730
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    80602 05ae7dd7d3e25095f25fdadf2314c723
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5: 10845236 8951b8f193dfaf7c7136f7ddfbd8d0e9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  3787576 3c2df130b03ed6fa8b70c902816f2273
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    83884 01c5d402bf170d64f6b0ca73bde99bb6
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5: 12276638 b0122bbece2c205f5c779ece4035f386

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:  3768882 5ff11338a4c896da0f85818ec8a2b532
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:    80338 90a0da78e2cd9f36a22cf23755e2c089
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5: 11270488 16cefab6bc5db1cc01133abc56bb63cb

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1.diff.gz
      Size/MD5:   130165 ef864ec3b7fd72df9d9067f8d5f7b18b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1.dsc
      Size/MD5:     2350 6c90cd4c5e93fba4d98fc5258679bf22
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
      Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60910 8ed0a0a87761a1c28c6b3d24e133d702
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60896 2d68379338f85079755e3b72becbdeee

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:  3737338 da38110af9cd09fca38a63253020fb9b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    85670 eb5c0afecca06cd6b2759f7c18e8e31f
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5: 12452620 391798cc82bde47f03cfa36dc1908d9e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:  3721844 52aaa629acf99b4679a8eca836fc1298
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    81244 9cfd61fea4c081ce739b3e80bd0fa702
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5: 11063456 5d3f39340c4395659dd7071706102ac1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:  3718464 a8cf6cdea0603a2f01b91c802e602088
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    80974 7718f9d0e6d2a2d4d9df31108f10cbcb
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5: 10884672 a74bd8bbc62084e0bb116dc6df8bc9f0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:  3736294 b55cb4be3f64cd5dbf3317c2030fc1a3
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    84126 babaecca5b3aba0671930d5655b8060e
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5: 12237586 ddfa37fe0470074a963165d19e6e7335

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:  3724482 7b27b816000018c01fc0287de7cefd89
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    80982 f83d62432c72a9daecf0632b1ed53480
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5: 11208814 057a3f0ba4a57a3bd75ab0913f17a215

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1.diff.gz
      Size/MD5:   131702 801e9b22953c9b0c52f56dee4a51be85
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1.dsc
      Size/MD5:     2350 8d6a24a4184da9a7990882302a0a6307
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
      Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    61296 9cba5c0cdccca15fb5a89bc43adc5e55
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    61280 ee348a83198fe12025a05063626d235e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:  3737548 144745fba25b551c4c1c26e535d060b6
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    85992 d2dcb9c02fbd6cea4121830a3604b8c3
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5: 12454082 f4acb886e914b1dec4fe45753b4949cf

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:  3722432 f263746a1737bf0f9a72723f1dfc9895
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    81666 8acbd084db8f639669bc3a457805a4a5
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5: 11063516 93c795c907a5c9926e6f8d636586c48b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:  3719022 a67933995250fb75999e73ee543e21b8
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    81384 a5d057a0c064fa93ddcd822e3c80456e
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5: 10884566 967a3e2d408e628df614a07e1f1df672

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  3736740 851f46b76c0709100373a3f604fa130f
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    84510 1612fc072ba54a5adc97bdf176f09b27
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5: 12238390 7d23c6ab91f3043a0520b49523074ff1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:  3724874 15e59e71ec2a1341df809b85329de3d9
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    81274 def10b81b5d9147c1cc2fdd9a8b37145
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5: 11206998 98346f8838f328191eed05df38d838a7



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ