Slackware: 2007-324-01 Critical: Mozilla-Thunderbird Memory Issues

slackware

November 21, 2007

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues

Summary

Here are the details from the Slackware 12.0 ChangeLog: patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: https://www.mozilla.org/en-US/security/advisories/mfsa2007-36/ https://www.mozilla.org/en-US/security/advisories/mfsa2007-29/ https://www.cve.org/CVERecord?id=CVE-2007-4841 https://www.cve.org/CVERecord?id=CVE-2007-5339 (* Security fix *)

Topics Covered

security advisory critical memory corruption slackware software fix mozilla-thunderbird

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware -current:

MD5 Signatures

Slackware 10.2 package: fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware 11.0 package: fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware 12.0 package: fd730e111b09e13d1f655ce18681dceb mozilla-thunderbird-2.0.0.9-i686-1.tgz
Slackware -current package: 7b5396dcb1aa23b2fd867177cf905853 mozilla-thunderbird-2.0.0.6-i686-1.tgz

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical memory corruption slackware software fix mozilla-thunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Stop Thunderbird. Upgrade the package as root: # upgradepkg mozilla-thunderbird-2.0.0.6-i686-1.tgz Restart Thunderbird.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware: 2007-324-01 Critical: Mozilla-Thunderbird Memory Issues

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware: 2007-324-01 Critical: Mozilla-Thunderbird Memory Issues

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!