Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 17.04 USN-3321-1 Critical: Thunderbird DoS Threats

ubuntu
Calendar Grey July 5, 2017
Dist Ubuntu Esm H88
Several vulnerabilities addressed in Thunderbird for Ubuntu editions, mitigating possible threats.
Several security issues were fixed in Thunderbird.

Summary

Several security issues were fixed in Thunderbird.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were

tricked in to opening a specially crafted website in a browsing context,

an attacker could potentially exploit these to cause a denial of service,

read uninitialized memory, obtain sensitive information or execute

arbitrary code. (CVE-2017-5470, CVE-2017-5472,

CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754,

CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)

Multiple security issues were discovered in the Graphite 2 library used

by Thunderbird. If a user were tricked in to opening a specially crafted

message, an attacker could potentially exploit these to cause a denial of

service, read uninitialized memory, or execute arbitrary code.

(CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,

CV...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  thunderbird                     1:52.2.1+build1-0ubuntu0.17.04.1

Ubuntu 16.10:
  thunderbird                     1:52.2.1+build1-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  thunderbird                     1:52.2.1+build1-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  thunderbird                     1:52.2.1+build1-0ubuntu0.14.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3321-1

CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750,

CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756,

CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771,

CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,

CVE-2017-7776, CVE-2017-7777, CVE-2017-7778

Severity
critical
Lowest
Low
Medium
High
Critical

July 05, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here