Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Ubuntu 15.04 LTS USN-2603-1 Moderate: Thunderbird Security Flaws

ubuntu
Calendar Grey May 18, 2015
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-2603-1 reports critical vulnerabilities in Thunderbird, urging users to upgrade via the package manager to enhance security risks.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered

multiple memory safety issues in Thunderbird. If a user were tricked in to

opening a specially crafted message with scripting enabled, an attacker

could potentially exploit these to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Thunderbird. (CVE-2015-2708)

Atte Kettunen discovered a buffer overflow during the rendering of SVG

content with certain CSS properties in some circumstances. If a user were

tricked in to opening a specially crafted message with scripting enabled,

an attacker could potentially exploit this to cause a denial of service

via application crash, or execute arbitrary code with the privileges of

the user invoking Thunderbird. (CVE-2015-2710)

Scott Bell discove...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  thunderbird                     1:31.7.0+build1-0ubuntu0.15.04.1

Ubuntu 14.10:
  thunderbird                     1:31.7.0+build1-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  thunderbird                     1:31.7.0+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  thunderbird                     1:31.7.0+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2603-1

CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716

May 18, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.