[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1287611484.4562.3.camel@luna>
Date: Wed, 20 Oct 2010 16:51:24 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Subject: [USN-998-1] Thunderbird vulnerabilities
===========================================================
Ubuntu Security Notice USN-998-1 October 20, 2010
thunderbird vulnerabilities
CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179,
CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.0.9+build1+nobinonly-0ubuntu0.10.04.1
Ubuntu 10.10:
thunderbird 3.1.5+build1+nobinonly-0ubuntu0.10.10.1
After a standard system update you need to restart Thunderbird to make all
the necessary changes.
Details follow:
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary
Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered
various flaws in the browser engine. An attacker could exploit this to
crash Thunderbird or possibly run arbitrary code as the user invoking the
program. (CVE-2010-3175, CVE-2010-3176)
Alexander Miller, Sergey Glazunov, and others discovered several flaws in
the JavaScript engine. If JavaScript were enabled, an attacker could
exploit this to crash Thunderbird or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)
Eduardo Vela Nava discovered that Thunderbird could be made to violate the
same-origin policy by using modal calls with JavaScript. If JavaScript were
enabled, an attacker could exploit this to steal information from another
site. (CVE-2010-3178)
Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking the program.
(CVE-2010-3182)
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95097 3b820b97dccc465ea044b7a272fdc8d9
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2412 387aa374c72b37d99e7e318b8e43acbf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly.orig.tar.gz
Size/MD5: 60899014 7d2be2a088f8b4206907b15c864eed52
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64192710 d8b9db9d05a778aeec350ff7c7ea74a4
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5771404 dd7e6b456234ac984e492046c5640225
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 149136 2bb12625422eaa66380afc63abf6705d
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9300 fb69d2b349444b85014ab90278fe247c
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11417872 a8614d1abad929d534157c00f70bbb3a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64523832 6f5f6303f3bae014e5b38ea431ce72c3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5834496 ebdaf198d5e461b79cbff7c65870ae93
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148276 4b96fd44790a55884ab7d965264b3212
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9290 efaad1dfc9ac1164d389406f09f374a6
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10456058 43be1c1e3e25086e4194c65ee9d80f51
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67174194 fd9e7d09bde7484758afbbf853a3d303
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5240444 d9f5eab1821399e37802f2559f299f6d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153468 73f3e25ed341c29828b9b37d1e8fb142
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9304 6da40fbea8cdcebf9c7321001625d78e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11271328 00b609e4563a886410eb81862a2c759b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63719158 b75221c3b7ef3a7066100877a538d5e3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5220982 d75dcceefe7a3aaa20feecdee56815a9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144390 b635c9ecfe7a71057e5e1037423055c6
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9296 a3b49ba9e351f50b756c0966b738ee3f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.9+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10529270 f5c48a60fef599ed65b3f7b2ee155e99
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1.diff.gz
Size/MD5: 98089 6bcacb112e75b1ea6d1f2c03e42a2655
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1.dsc
Size/MD5: 2468 f92fc2b8b92cf814986e0b9b79019510
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly.orig.tar.gz
Size/MD5: 66546029 359e65546b29fb7e417637291393f104
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 62603474 6cb66cd9627f6b2421d213cc541098cf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 5006090 9a0a610fa02d7bb35aa36d5eb404d156
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 181308 1867a97e101e7f97f7ae6ccabc98e1b9
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 9384 3f0d409e02f351c6362da9ddc12f1e05
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 12042310 2d7a2e4ca18e79775b58ee9f03512a3a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 63136006 64326c4d59ff770b9dae52e2b16d4eb2
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 5143614 82b15cecbe0d1602421238f034f5008f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 180446 9c269d8f53b3bc6e715c793717660c91
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 9376 9fba11d210e9364c2f8914cf4e28e23e
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 11061068 a5d79a92d1a504caa03f5b5d3a646af7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 65395550 60846228807534f5aafcd1f85809c51d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 4978992 dac3232b41d546f4bdeadcbb715e49e8
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 187102 ba03adced0f96c0fe84b3dc2edf59636
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 9382 42871e6a679dfcb0403c3d0fd73e3cf3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.5+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 11745480 97c701050c6da23044085945a2bac2a6
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists