[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1288280488.12068.133.camel@luna>
Date: Thu, 28 Oct 2010 11:41:28 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Subject: [USN-1011-2] Thunderbird vulnerability
===========================================================
Ubuntu Security Notice USN-1011-2 October 28, 2010
thunderbird vulnerability
CVE-2010-3765
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2
Ubuntu 9.10:
thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3
Ubuntu 10.04 LTS:
thunderbird 3.0.10+build1+nobinonly-0ubuntu0.10.04.1
Ubuntu 10.10:
thunderbird 3.1.6+build1+nobinonly-0ubuntu0.10.10.1
After a standard system update you need to restart Thunderbird to make all
the necessary changes.
Details follow:
USN-1011-1 fixed a vulnerability in Firefox. This update provides the
corresponding update for Thunderbird.
Original advisory details:
Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a
user were tricked into navigating to a malicious site, an attacker could
cause a denial of service or possibly execute arbitrary code as the user
invoking the program.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2.diff.gz
Size/MD5: 135344 65f4200c11b26938606868f62a8d2e9c
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2.dsc
Size/MD5: 2023 d469c783863d1aa6854f06d9120fc922
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly.orig.tar.gz
Size/MD5: 36467375 a952c9895cc90b89f160c4b3694de834
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_all.deb
Size/MD5: 60704 a3e34cc47420bc08d6500693dc6a4239
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_all.deb
Size/MD5: 60692 58678f544f5e589e05bf8082c1fdd031
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 3783938 8c3cb217fd93573e0ef5444fd7c3c1ed
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 85598 e1330e49ccd441d22d170083f55cdc58
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 12430288 e17ba8ebe6d78c51616676244445d45f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb
Size/MD5: 3770650 b9e77865977d27880628b12737771560
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb
Size/MD5: 80998 2c80a17d24f08a211634377eb8b9f95a
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb
Size/MD5: 11005712 427412d5d3b7fd4a0879307ed7ee1675
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 3768392 72225aa57e7b2e7ef5aa19ce2156bc3b
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 80726 20ff6852e11950aca2bc387af451a7ce
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 10846838 55f4216e76a2e649f09f505dde4095ea
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 3787750 598d436d80e2069996949e0a59295773
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 84000 3291f026b952fbb6bb75295590d8755f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 12278838 dce8d1367041e0e68ea2562467416a81
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 3769106 e9e108c76f54532d44f4d1ecc4bb46d5
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 80452 5cb3aee14bbdfe033aceea8219aec5a2
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 11272312 b07f181effe52741d37374729de193b5
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3.diff.gz
Size/MD5: 139794 6178e684a63637e591dcb0c5a51e87d0
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3.dsc
Size/MD5: 2016 a87cc283e219d1ef38fc8d41f3f0d58c
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly.orig.tar.gz
Size/MD5: 36467375 a952c9895cc90b89f160c4b3694de834
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_all.deb
Size/MD5: 62282 2e3eb9e4750760bf4ebdef5bf5b724f9
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_all.deb
Size/MD5: 62270 84fa4339f6a6e1e73bdc3b6e5cb04362
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb
Size/MD5: 3738524 085c4d8ad03488b31bc9176b39957a69
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb
Size/MD5: 62624 ccf69337dfec18809bd21d04a3cb1b56
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb
Size/MD5: 12558838 deabe656c3d5fab133909a30fbc2842e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb
Size/MD5: 3722498 2886fb6db5dfb050c53a389c8fbd2117
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb
Size/MD5: 62622 b8aef7afb9ed066f60963f845012d361
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb
Size/MD5: 11177956 702ea6e9ce7da1fbed157f50ca7371bb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb
Size/MD5: 3720614 3575d74e4f79bced93088e279ac4e082
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb
Size/MD5: 62622 28776579a1438dcf5e5fa53623597076
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb
Size/MD5: 11024958 e91c5909fa8dd1fce3032d500877ab00
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb
Size/MD5: 3729916 e6724eac509597db73d7627143e92c21
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb
Size/MD5: 62626 bc84c3ade7e4e284bf6da0b8a361018a
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb
Size/MD5: 12297258 ffee214b87741593f4776c54fa89a727
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb
Size/MD5: 3725816 e681691f109e05e9c39c4d43c81f4a9a
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb
Size/MD5: 62626 c4b8a7e000bbdad0d2239df26d8c6e5d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb
Size/MD5: 11193546 e489fda9685dd5d8775875f69aa05004
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95159 f106080454d7676c4fa99bf696a10af5
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2419 d729adbc5b0b0ffad42276ba91ded0cb
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly.orig.tar.gz
Size/MD5: 60902559 d56878bc5134ab5c440c0b7a1d032230
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 64190280 f3e3914f37f7cb1b5b613ed51b467b9f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5244158 45c21b48950e89c10c82c0ee27880178
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 149124 8ff4cb0e04e8c2faa618138deff8e1a7
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9292 861e3d74d132293fcbdc26c187b22283
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 11391222 e6b7605eaee79a11f9dde41a0c2da8e3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 64537058 ec2dbe88bf69546ca94d96bde4a211b3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5312852 8d83fba7e4082a9241d89a59b0261ca2
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 148276 32e3b620b7c70b96dece969bab1d7b2b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9290 411cd34175930301351c622b2a539d50
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 10419292 571f515042c417a1182258126acde046
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 67172554 d9556f7acaa3e2f9aea0d841579edf29
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 5241258 708df770a46e8ea2bc4fd624f36a18a3
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 153462 7d4b63bb5bbedd95c43615ea3604df06
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9294 cda8e1df7151dd2fb8dbb4359c48b59b
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11271258 788de99c10e1a9461ac27f3fd976eb35
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 63720598 227b2df2b84411603073ca401c051e1e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 5221140 0f62d3ed8961ba99336e3d4bb9c5e372
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 144382 a8ec1427b26f47d38a11ee7101348f80
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9296 1c1bca56a179eda092b72c847d276327
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 10529432 b4d59156206a1f3a7439c0b6e5296eda
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1.diff.gz
Size/MD5: 98232 b2dc8ac011b072853f4cd498e3e65fcc
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1.dsc
Size/MD5: 2468 ce3e808db8b45c8a56cb80378710c98f
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly.orig.tar.gz
Size/MD5: 66540747 46dca1bd27f0dc400998914f92447c36
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 62593152 c4874b01482a32364a896701461c3ddf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 5002236 0b64fddc48bad18820413944d81cf860
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 181306 27211d6a1d1bebd1d69fe8e6e4a07693
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 9376 e9698f308cc3aaa9840cf24aed579418
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 12042628 2bcc2525f79592ab59dafa483a5c8e5b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 63132362 3cc813280f4f8ed0f03cdf209455827b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 5141838 e8f55094bd63027f7cf4de71954eaef2
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 180428 ead1a493de66441def0552ad58f1c293
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 9374 94f851743f1aa6a3ff7774e6ee7f70f3
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 11061082 9568e3a98f2f4c09ac29e93aa2ce3b6f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 65393692 badbe7f0fb00fc21e7cf9291c62bd0df
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 4975196 8eb461385dd0f82a6b07df1d7970b265
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 187098 2d25ffda1e0fc7625b90fbb4c7d60ee6
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 9378 d99180fde27fe717b91599a2a87433aa
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 11745172 c359630cc9e639685a664d15bd21686a
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists