lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1279877921.29936.8.camel@luna>
Date: Fri, 23 Jul 2010 11:38:41 +0200
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-927-8] Thunderbird update

===========================================================
Ubuntu Security Notice USN-927-8              July 23, 2010
thunderbird update
https://launchpad.net/bugs/559918
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  thunderbird                     2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

USN-927-1 fixed vulnerabilities in NSS. This update provides the
Thunderbird update to use the new NSS.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2.diff.gz
      Size/MD5:   132955 0102841bd5bde5785c15b237480ee428
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2.dsc
      Size/MD5:     2005 d7f26d2011bee0f258455e7759b4476f
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly.orig.tar.gz
      Size/MD5: 36467375 a952c9895cc90b89f160c4b3694de834

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_all.deb
      Size/MD5:    61492 826b74bb2f2c40eecd6f6c1b176dc5fa
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_all.deb
      Size/MD5:    61478 502b81df6cbbb6e5a5bbe3d92d20a570

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:  3737734 c0cad22955bee427b3dd3851c842ce0e
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:    86204 71f39713af3ab9456dc8fb23f9570539
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_amd64.deb
      Size/MD5: 12455678 0c5e369326a1dec36bf3e5aa919f24b9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_i386.deb
      Size/MD5:  3722882 694bd34099ae603aade32b0f02a2ad65
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_i386.deb
      Size/MD5:    81876 73e11cfb4685c277b05c5084305cdedd
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_i386.deb
      Size/MD5: 11063678 7f7dc17584d0cc8b9165f074d4f46301

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:  3719148 06308143f041903f6876a7fa0e0f81ba
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:    81586 58909872bb592f7d686aa27a886638a8
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_lpia.deb
      Size/MD5: 10885532 ec13a6d1b1ef7f9be53ac56f4a3efd39

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:  3737134 538c6687e2bd3e74796f79afdf729243
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:    84696 433e4dc652a273d550c22c7efaa6b693
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5: 12240738 1481a9d1b860b0b9d6bce91901954f21

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:  3725226 88579bebd29c183025bc819034c40458
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:    81482 86260df3da5d3546e4b4d00b6ab5ed55
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.2_sparc.deb
      Size/MD5: 11208122 b38b91ce5aec383bf75449c2567e2bce




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ