Scientific Linux: CVE-2011-2995 Critical: Thunderbird Security Issues

Date: Tue, 27 Sep 2011 08:18:41 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
openldap-2.4.23-15.el6_1.3.i686.rpm
openldap-clients-2.4.23-15.el6_1.3.i686.rpm
openldap-devel-2.4.23-15.el6_1.3.i686.rpm
openldap-servers-2.4.23-15.el6_1.3.i686.rpm
openldap-servers-sql-2.4.23-15.el6_1.3.i686.rpm
phonon-backend-gstreamer-4.6.2-20.el6.i686.rpm
qt-4.6.2-20.el6.i686.rpm
qt-demos-4.6.2-20.el6.i686.rpm
qt-devel-4.6.2-20.el6.i686.rpm
qt-doc-4.6.2-20.el6.noarch.rpm
qt-examples-4.6.2-20.el6.i686.rpm
qt-mysql-4.6.2-20.el6.i686.rpm
qt-odbc-4.6.2-20.el6.i686.rpm
qt-postgresql-4.6.2-20.el6.i686.rpm
qt-sqlite-4.6.2-20.el6.i686.rpm
qt-x11-4.6.2-20.el6.i686.rpm
yum-autoupdate-2-4.1.noarch.rpm

x86_64:
openldap-2.4.23-15.el6_1.3.i686.rpm
openldap-2.4.23-15.el6_1.3.x86_64.rpm
openldap-clients-2.4.23-15.el6_1.3.x86_64.rpm
openldap-devel-2.4.23-15.el6_1.3.i686.rpm
openldap-devel-2.4.23-15.el6_1.3.x86_64.rpm
openldap-servers-2.4.23-15.el6_1.3.x86_64.rpm
openldap-servers-sql-2.4.23-15.el6_1.3.x86_64.rpm
phonon-backend-gstreamer-4.6.2-20.el6.i686.rpm
phonon-backend-gstreamer-4.6.2-20.el6.x86_64.rpm
qt-4.6.2-20.el6.i686.rpm
qt-4.6.2-20.el6.x86_64.rpm
qt-demos-4.6.2-20.el6.x86_64.rpm
qt-devel-4.6.2-20.el6.i686.rpm
qt-devel-4.6.2-20.el6.x86_64.rpm
qt-doc-4.6.2-20.el6.noarch.rpm
qt-examples-4.6.2-20.el6.x86_64.rpm
qt-mysql-4.6.2-20.el6.i686.rpm
qt-mysql-4.6.2-20.el6.x86_64.rpm
qt-odbc-4.6.2-20.el6.i686.rpm
qt-odbc-4.6.2-20.el6.x86_64.rpm
qt-postgresql-4.6.2-20.el6.i686.rpm
qt-postgresql-4.6.2-20.el6.x86_64.rpm
qt-sqlite-4.6.2-20.el6.i686.rpm
qt-sqlite-4.6.2-20.el6.x86_64.rpm
qt-x11-4.6.2-20.el6.i686.rpm
qt-x11-4.6.2-20.el6.x86_64.rpm
yum-autoupdate-2-4.1.noarch.rpm
Date: Thu, 29 Sep 2011 10:42:10 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Critical: thunderbird on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: thunderbird security update
Issue Date: 2011-09-28
CVE Numbers: CVE-2011-2995
 CVE-2011-2999
 CVE-2011-3000
 CVE-2011-2372
 CVE-2011-2998

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML content. An
HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code with the privileges of
the user running Thunderbird. (CVE-2011-2995)

A flaw was found in the way Thunderbird processed the "Enter" keypress
event. A malicious HTML mail message could present a download dialog
while the key is pressed, activating the default "Open" action. A remote
attacker could exploit this vulnerability by causing the mail client to
open malicious web content. (CVE-2011-2372)

A flaw was found in the way Thunderbird handled Location headers in
redirect responses. Two copies of this header with different values
could be a symptom of a CRLF injection attack against a vulnerable
server. Thunderbird now treats two copies of the Location,
(CVE-2011-3000)

A flaw was found in the way Thunderbird handled frame objects with
certain names. An attacker could use this flaw to cause a plug-in to
grant its content access to another site or the local file system,
violating the same-origin policy. (CVE-2011-2999)

An integer underflow flaw was found in the way Thunderbird handled large
JavaScript regular expressions. An HTML mail message containing
malicious JavaScript could cause Thunderbird to access already freed
memory, causing Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2011-2998)

All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.

SL6:
 i386
 thunderbird-3.1.15-1.el6_1.i686.rpm
 thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm
 x86_64
 thunderbird-3.1.15-1.el6_1.x86_64.rpm
 thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm

- Scientific Linux Development Team