[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090820234226.GB6964@severus.strandboge.com>
Date: Thu, 20 Aug 2009 18:42:26 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-817-1] Thunderbird vulnerabilities
===========================================================
Ubuntu Security Notice USN-817-1 August 20, 2009
thunderbird vulnerabilities
http://launchpad.net/bugs/416646
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1
Ubuntu 8.10:
thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1
Ubuntu 9.04:
thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
Several flaws were discovered in the rendering engine of Thunderbird. If
Javascript were enabled, an attacker could exploit these flaws to crash
Thunderbird.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1.diff.gz
Size/MD5: 129367 a46acd34aed1148759970e2bde6f3059
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1.dsc
Size/MD5: 2368 c8026b30a66814e8b30ff11a2f3f9447
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 60600 8f00ec0ab72a360fdf959c71354ee430
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_all.deb
Size/MD5: 60582 96a1a5d7ceb2f44f2cea477e16e0780b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 3783924 d971905a01230935a998810f974618db
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 85484 3dd1da60dae983f1fb27ee1952026b68
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 12428428 df0d116218353b1ba3b96290081b49ab
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 3770572 533ab5cfdd2ae34b1fee6024aefd9abf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 80880 09ec6e71645d9f3e79388722ae4bbbb5
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_i386.deb
Size/MD5: 11003638 b67d686a0a4648b47f28e7ab2d35eebe
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 3768342 4ad5416dd3eea9ce5c5f4b786655f730
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 80602 05ae7dd7d3e25095f25fdadf2314c723
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 10845236 8951b8f193dfaf7c7136f7ddfbd8d0e9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 3787576 3c2df130b03ed6fa8b70c902816f2273
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 83884 01c5d402bf170d64f6b0ca73bde99bb6
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 12276638 b0122bbece2c205f5c779ece4035f386
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 3768882 5ff11338a4c896da0f85818ec8a2b532
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 80338 90a0da78e2cd9f36a22cf23755e2c089
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 11270488 16cefab6bc5db1cc01133abc56bb63cb
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1.diff.gz
Size/MD5: 130165 ef864ec3b7fd72df9d9067f8d5f7b18b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1.dsc
Size/MD5: 2350 6c90cd4c5e93fba4d98fc5258679bf22
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_all.deb
Size/MD5: 60910 8ed0a0a87761a1c28c6b3d24e133d702
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_all.deb
Size/MD5: 60896 2d68379338f85079755e3b72becbdeee
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 3737338 da38110af9cd09fca38a63253020fb9b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 85670 eb5c0afecca06cd6b2759f7c18e8e31f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 12452620 391798cc82bde47f03cfa36dc1908d9e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
Size/MD5: 3721844 52aaa629acf99b4679a8eca836fc1298
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
Size/MD5: 81244 9cfd61fea4c081ce739b3e80bd0fa702
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_i386.deb
Size/MD5: 11063456 5d3f39340c4395659dd7071706102ac1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 3718464 a8cf6cdea0603a2f01b91c802e602088
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 80974 7718f9d0e6d2a2d4d9df31108f10cbcb
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 10884672 a74bd8bbc62084e0bb116dc6df8bc9f0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 3736294 b55cb4be3f64cd5dbf3317c2030fc1a3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 84126 babaecca5b3aba0671930d5655b8060e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 12237586 ddfa37fe0470074a963165d19e6e7335
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 3724482 7b27b816000018c01fc0287de7cefd89
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 80982 f83d62432c72a9daecf0632b1ed53480
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 11208814 057a3f0ba4a57a3bd75ab0913f17a215
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1.diff.gz
Size/MD5: 131702 801e9b22953c9b0c52f56dee4a51be85
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1.dsc
Size/MD5: 2350 8d6a24a4184da9a7990882302a0a6307
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly.orig.tar.gz
Size/MD5: 36199402 92d3a4a3b497cfcf54c905d0eb1c6e00
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 61296 9cba5c0cdccca15fb5a89bc43adc5e55
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_all.deb
Size/MD5: 61280 ee348a83198fe12025a05063626d235e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3737548 144745fba25b551c4c1c26e535d060b6
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 85992 d2dcb9c02fbd6cea4121830a3604b8c3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 12454082 f4acb886e914b1dec4fe45753b4949cf
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3722432 f263746a1737bf0f9a72723f1dfc9895
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 81666 8acbd084db8f639669bc3a457805a4a5
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_i386.deb
Size/MD5: 11063516 93c795c907a5c9926e6f8d636586c48b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3719022 a67933995250fb75999e73ee543e21b8
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 81384 a5d057a0c064fa93ddcd822e3c80456e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 10884566 967a3e2d408e628df614a07e1f1df672
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3736740 851f46b76c0709100373a3f604fa130f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 84510 1612fc072ba54a5adc97bdf176f09b27
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 12238390 7d23c6ab91f3043a0520b49523074ff1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 3724874 15e59e71ec2a1341df809b85329de3d9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 81274 def10b81b5d9147c1cc2fdd9a8b37145
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 11206998 98346f8838f328191eed05df38d838a7
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists