Ubuntu 21.10 USN-5246-1 Moderate Thunderbird Denial Of Service
Jan 21, 2022
•
LinuxSecurity Advisories
2 - 3 min read
Several security issues were fixed in Thunderbird.
=========================================================================Ubuntu Security Notice USN-5246-1 January 21, 2022 thunderbird vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751) It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528) A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538) It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: thunderbird 1:91.5.0+build1-0ubuntu0.21.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: CVE-2021-4126, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2021-44538, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.21.10.1
PREVIOUS
NEXT
Ubuntu 21.10 USN-5246-1 Moderate Thunderbird Denial Of Service
ubuntu
January 21, 2022
Several security issues were fixed in Thunderbird.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: thunderbird 1:91.5.0+build1-0ubuntu0.21.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes.
References
CVE-2021-4126, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528,
CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,
CVE-2021-43546, CVE-2021-44538, CVE-2022-22737, CVE-2022-22738,
CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742,
CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748,
CVE-2022-22751
January 21, 2022
Package Information
https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.21.10.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!