Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Scientific Linux SL5 SL6 Important Thunderbird Update CVE-2012-4194

Scientific Large Esm H446
Important: thunderbird security update
Date: Tue, 23 Oct 2012 11:28:55 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
bind-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-chroot-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-devel-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-libs-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-sdb-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-utils-9.8.2-0.10.rc1.el6_3.4.i686.rpm
cmirror-2.02.95-10.el6_3.2.i686.rpm
device-mapper-1.02.74-10.el6_3.2.i686.rpm
device-mapper-devel-1.02.74-10.el6_3.2.i686.rpm
device-mapper-event-1.02.74-10.el6_3.2.i686.rpm
device-mapper-event-devel-1.02.74-10.el6_3.2.i686.rpm
device-mapper-event-libs-1.02.74-10.el6_3.2.i686.rpm
device-mapper-libs-1.02.74-10.el6_3.2.i686.rpm
docbook-utils-0.6.14-25.el6.noarch.rpm
docbook-utils-pdf-0.6.14-25.el6.noarch.rpm
dracut-004-284.el6_3.1.noarch.rpm
dracut-caps-004-284.el6_3.1.noarch.rpm
dracut-fips-004-284.el6_3.1.noarch.rpm
dracut-fips-aesni-004-284.el6_3.1.noarch.rpm
dracut-generic-004-284.el6_3.1.noarch.rpm
dracut-kernel-004-284.el6_3.1.noarch.rpm
dracut-network-004-284.el6_3.1.noarch.rpm
dracut-tools-004-284.el6_3.1.noarch.rpm
dvd+rw-tools-7.1-6.el6.i686.rpm
file-5.04-15.el6.i686.rpm
file-devel-5.04-15.el6.i686.rpm
file-libs-5.04-15.el6.i686.rpm
file-static-5.04-15.el6.i686.rpm
ftp-0.17-52.el6.i686.rpm
gnome-desktop-2.28.2-11.el6.i686.rpm
gnome-desktop-devel-2.28.2-11.el6.i686.rpm
gnome-keyring-2.28.2-8.el6_3.i686.rpm
gnome-keyring-devel-2.28.2-8.el6_3.i686.rpm
gnome-keyring-pam-2.28.2-8.el6_3.i686.rpm
lvm2-2.02.95-10.el6_3.2.i686.rpm
lvm2-cluster-2.02.95-10.el6_3.2.i686.rpm
lvm2-devel-2.02.95-10.el6_3.2.i686.rpm
lvm2-libs-2.02.95-10.el6_3.2.i686.rpm
mlocate-0.22.2-4.el6.i686.rpm
mod_wsgi-3.2-3.el6.i686.rpm
pcsc-lite-1.5.2-8.el6_3.i686.rpm
pcsc-lite-devel-1.5.2-8.el6_3.i686.rpm
pcsc-lite-doc-1.5.2-8.el6_3.i686.rpm
pcsc-lite-libs-1.5.2-8.el6_3.i686.rpm
perl-GSSAPI-0.26-6.el6.i686.rpm
perl-IPC-Run-0.84-3.el6.noarch.rpm
python-magic-5.04-15.el6.i686.rpm
python-Updateinfo-0.1.5-0.sl6.noarch.rpm
strace-4.5.19-1.11.el6_3.2.i686.rpm
systemtap-1.7-5.el6_3.1.i686.rpm
systemtap-client-1.7-5.el6_3.1.i686.rpm
systemtap-devel-1.7-5.el6_3.1.i686.rpm
systemtap-grapher-1.7-5.el6_3.1.i686.rpm
systemtap-initscript-1.7-5.el6_3.1.i686.rpm
systemtap-runtime-1.7-5.el6_3.1.i686.rpm
systemtap-sdt-devel-1.7-5.el6_3.1.i686.rpm
systemtap-server-1.7-5.el6_3.1.i686.rpm
systemtap-testsuite-1.7-5.el6_3.1.i686.rpm
wget-1.12-1.8.el6.i686.rpm

x86_64:
bind-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
bind-chroot-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
bind-devel-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-devel-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
bind-libs-9.8.2-0.10.rc1.el6_3.4.i686.rpm
bind-libs-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
bind-sdb-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
bind-utils-9.8.2-0.10.rc1.el6_3.4.x86_64.rpm
cmirror-2.02.95-10.el6_3.2.x86_64.rpm
device-mapper-1.02.74-10.el6_3.2.x86_64.rpm
device-mapper-devel-1.02.74-10.el6_3.2.i686.rpm
device-mapper-devel-1.02.74-10.el6_3.2.x86_64.rpm
device-mapper-event-1.02.74-10.el6_3.2.x86_64.rpm
device-mapper-event-devel-1.02.74-10.el6_3.2.i686.rpm
device-mapper-event-devel-1.02.74-10.el6_3.2.x86_64.rpm
device-mapper-event-libs-1.02.74-10.el6_3.2.i686.rpm
device-mapper-event-libs-1.02.74-10.el6_3.2.x86_64.rpm
device-mapper-libs-1.02.74-10.el6_3.2.i686.rpm
device-mapper-libs-1.02.74-10.el6_3.2.x86_64.rpm
docbook-utils-0.6.14-25.el6.noarch.rpm
docbook-utils-pdf-0.6.14-25.el6.noarch.rpm
dracut-004-284.el6_3.1.noarch.rpm
dracut-caps-004-284.el6_3.1.noarch.rpm
dracut-fips-004-284.el6_3.1.noarch.rpm
dracut-fips-aesni-004-284.el6_3.1.noarch.rpm
dracut-generic-004-284.el6_3.1.noarch.rpm
dracut-kernel-004-284.el6_3.1.noarch.rpm
dracut-network-004-284.el6_3.1.noarch.rpm
dracut-tools-004-284.el6_3.1.noarch.rpm
dvd+rw-tools-7.1-6.el6.x86_64.rpm
file-5.04-15.el6.x86_64.rpm
file-devel-5.04-15.el6.i686.rpm
file-devel-5.04-15.el6.x86_64.rpm
file-libs-5.04-15.el6.i686.rpm
file-libs-5.04-15.el6.x86_64.rpm
file-static-5.04-15.el6.x86_64.rpm
ftp-0.17-52.el6.x86_64.rpm
gnome-desktop-2.28.2-11.el6.i686.rpm
gnome-desktop-2.28.2-11.el6.x86_64.rpm
gnome-desktop-devel-2.28.2-11.el6.i686.rpm
gnome-desktop-devel-2.28.2-11.el6.x86_64.rpm
gnome-keyring-2.28.2-8.el6_3.i686.rpm
gnome-keyring-2.28.2-8.el6_3.x86_64.rpm
gnome-keyring-devel-2.28.2-8.el6_3.i686.rpm
gnome-keyring-devel-2.28.2-8.el6_3.x86_64.rpm
gnome-keyring-pam-2.28.2-8.el6_3.i686.rpm
gnome-keyring-pam-2.28.2-8.el6_3.x86_64.rpm
lvm2-2.02.95-10.el6_3.2.x86_64.rpm
lvm2-cluster-2.02.95-10.el6_3.2.x86_64.rpm
lvm2-devel-2.02.95-10.el6_3.2.i686.rpm
lvm2-devel-2.02.95-10.el6_3.2.x86_64.rpm
lvm2-libs-2.02.95-10.el6_3.2.i686.rpm
lvm2-libs-2.02.95-10.el6_3.2.x86_64.rpm
mlocate-0.22.2-4.el6.x86_64.rpm
mod_wsgi-3.2-3.el6.x86_64.rpm
pcsc-lite-1.5.2-8.el6_3.x86_64.rpm
pcsc-lite-devel-1.5.2-8.el6_3.i686.rpm
pcsc-lite-devel-1.5.2-8.el6_3.x86_64.rpm
pcsc-lite-doc-1.5.2-8.el6_3.x86_64.rpm
pcsc-lite-libs-1.5.2-8.el6_3.i686.rpm
pcsc-lite-libs-1.5.2-8.el6_3.x86_64.rpm
perl-GSSAPI-0.26-6.el6.x86_64.rpm
perl-IPC-Run-0.84-3.el6.noarch.rpm
python-magic-5.04-15.el6.x86_64.rpm
python-Updateinfo-0.1.5-0.sl6.noarch.rpm
strace-4.5.19-1.11.el6_3.2.x86_64.rpm
systemtap-1.7-5.el6_3.1.x86_64.rpm
systemtap-client-1.7-5.el6_3.1.x86_64.rpm
systemtap-devel-1.7-5.el6_3.1.x86_64.rpm
systemtap-grapher-1.7-5.el6_3.1.x86_64.rpm
systemtap-initscript-1.7-5.el6_3.1.x86_64.rpm
systemtap-runtime-1.7-5.el6_3.1.x86_64.rpm
systemtap-sdt-devel-1.7-5.el6_3.1.i686.rpm
systemtap-sdt-devel-1.7-5.el6_3.1.x86_64.rpm
systemtap-server-1.7-5.el6_3.1.x86_64.rpm
systemtap-testsuite-1.7-5.el6_3.1.x86_64.rpm
wget-1.12-1.8.el6.x86_64.rpm
Date: Tue, 30 Oct 2012 11:24:16 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
cpio-2.10-11.el6_3.i686.rpm
cpuspeed-1.5-18.el6.i686.rpm
mt-st-1.1-5.el6.i686.rpm
openmotif-2.3.3-5.el6_3.i686.rpm
openmotif-devel-2.3.3-5.el6_3.i686.rpm

x86_64:
cpio-2.10-11.el6_3.x86_64.rpm
cpuspeed-1.5-18.el6.x86_64.rpm
mt-st-1.1-5.el6.x86_64.rpm
openmotif-2.3.3-5.el6_3.i686.rpm
openmotif-2.3.3-5.el6_3.x86_64.rpm
openmotif-devel-2.3.3-5.el6_3.i686.rpm
openmotif-devel-2.3.3-5.el6_3.x86_64.rpm
Date: Tue, 30 Oct 2012 13:06:52 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Important: thunderbird on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: thunderbird security update
Issue Date: 2012-10-29
CVE Numbers: CVE-2012-4194
 CVE-2012-4195
 CVE-2012-4196
--
Multiple flaws were found in the location object implementation in
Thunderbird. Malicious content could be used to perform cross-site
scripting attacks, bypass the same-origin policy, or cause Thunderbird to
execute arbitrary code. (CVE-2012-4194, CVE-2012-4195, CVE-2012-4196)

Note: None of the issues in this advisory can be exploited by a
specially-crafted HTML mail message as JavaScript is disabled by default
for mail messages. They could be exploited another way in Thunderbird, for
example, when viewing the full remote content of an RSS feed.

After installing the update, Thunderbird must be restarted for the changes
to take effect.
--

SL5
 x86_64
 thunderbird-10.0.10-1.el5_8.x86_64.rpm
 i386
 thunderbird-10.0.10-1.el5_8.i386.rpm
SL6
 x86_64
 thunderbird-10.0.10-1.el6_3.x86_64.rpm
 i386
 thunderbird-10.0.10-1.el6_3.i686.rpm

- Scientific Linux Development Team
Your message here