Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Ubuntu 15.04: USN-2673-1 Moderate: Thunderbird Denial Of Service

ubuntu
Calendar Grey July 20, 2015
Scroller Ubuntu Esm H88
Numerous vulnerabilities addressed in Thunderbird impacting various Ubuntu releases. Perform updates to reduce potential threats.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Karthikeyan Bhargavan discovered that NSS incorrectly handled state

transitions for the TLS state machine. If a remote attacker were able to

perform a man-in-the-middle attack, this flaw could be exploited to skip

the ServerKeyExchange message and remove the forward-secrecy property.

(CVE-2015-2721)

Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered

multiple memory safety issues in Thunderbird. If a user were tricked in to

opening a specially crafted website in a browsing context, an attacker

could potentially exploit these to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Thunderbird. (CVE-2015-2724)

Ronald Crane discovered multiple security vulnerabilities. If a user were

tricked in to opening a specially crafted website ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  thunderbird                     1:31.8.0+build1-0ubuntu0.15.04.1

Ubuntu 14.10:
  thunderbird                     1:31.8.0+build1-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  thunderbird                     1:31.8.0+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  thunderbird                     1:31.8.0+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2673-1

CVE-2015-2721, CVE-2015-2724, CVE-2015-2734, CVE-2015-2735,

CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,

CVE-2015-2740, CVE-2015-4000

July 20, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.