Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 21.10: 5168-2 Moderate: Thunderbirds Denial Of Service Threat

ubuntu
Calendar Grey December 1, 2021
Dist Ubuntu Esm H88
A critical flaw in Thunderbird exposes Ubuntu machines to remote code execution via malicious signature handling. Discover the details.
Thunderbird could be made to crash or run programs if it verified a specially crafted signature.

Summary

Thunderbird could be made to crash or run programs if it verified a

specially crafted signature.

Software Description:

- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly

handled verifying DSA/RSA-PSS signatures. A remote attacker could use this

issue to cause Thunderbird to crash, resulting in a denial of service, or

possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  thunderbird                     1:91.3.1+build1-0ubuntu0.21.10.2

Ubuntu 21.04:
  thunderbird                     1:78.14.0+build1-0ubuntu0.21.04.2

Ubuntu 20.04 LTS:
  thunderbird                     1:78.14.0+build1-0ubuntu0.20.04.2

Ubuntu 18.04 LTS:
  thunderbird                     1:78.14.0+build1-0ubuntu0.18.04.2

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5168-2

https://ubuntu.com/security/notices/USN-5168-1

CVE-2021-43527

December 01, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.