=========================================================== 
Ubuntu Security Notice USN-582-2             March 06, 2008
mozilla-thunderbird
https://launchpad.net/bugs/197504
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird             1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1

Ubuntu 6.10:
  mozilla-thunderbird             1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1

Ubuntu 7.04:
  mozilla-thunderbird             1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream
fixes were incomplete, and after performing certain actions Thunderbird
would crash due to memory errors. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Thunderbird did not properly set the size of a
 buffer when parsing an external-body MIME-type. If a user were to open
 a specially crafted email, an attacker could cause a denial of service
 via application crash or possibly execute arbitrary code as the user.
 (CVE-2008-0304)
 
 Various flaws were discovered in Thunderbird and its JavaScript
 engine. By tricking a user into opening a malicious message, an
 attacker could execute arbitrary code with the user's privileges.
 (CVE-2008-0412, CVE-2008-0413)
 
 Various flaws were discovered in the JavaScript engine. By tricking
 a user into opening a malicious message, an attacker could escalate
 privileges within Thunderbird, perform cross-site scripting attacks
 and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)
 
 Gerry Eisenhaur discovered that the chrome URI scheme did not properly
 guard against directory traversal. Under certain circumstances, an
 attacker may be able to load files or steal session data. Ubuntu is not
 vulnerable in the default installation. (CVE-2008-0418)
 
 Flaws were discovered in the BMP decoder. By tricking a user into
 opening a specially crafted BMP file, an attacker could obtain
 sensitive information. (CVE-2008-0420)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   457207 42edc049dc6a57799c7762fd69519cef
          Size/MD5:     1677 308921004b21abdec87e7193b1cc1855
          Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  3592366 d46ea4d2567ef29fe2e29d7ea59ebe0f
          Size/MD5:   194738 d64dc9355993ee4e732db61ab7d18142
          Size/MD5:    59978 20504a6b397c381daaf6425c980241c9
          Size/MD5: 12109986 e3f88ccf859f2cb0d4f5786ec84422f8

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  3585640 9a6fb88d3f7606c016694a56ac686c70
          Size/MD5:   188106 7b9b14a14e97870b209b8917b05d6899
          Size/MD5:    55474 7fb01df26f2bb75b34370b547a9d2e5b
          Size/MD5: 10382740 287d5666f26e2cbe9cedf80236967480

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  3591026 db402f32a02f27dd4a7e789da07e9667
          Size/MD5:   191452 a879875dcd1075a9802e0a7cf5485ae6
          Size/MD5:    59076 9d4f1e4f5b2df85487d5cd767e42ca79
          Size/MD5: 11661424 445a2d6d7df3c4c7aa20dc0a6772a283

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  3587542 bc3561318d69fedc0f157ab5728a0545
          Size/MD5:   188922 1a33f8b82f7dd1a6ec36a0fbfcf45894
          Size/MD5:    56976 572056a18fb37c374f201ec398583b2d
          Size/MD5: 10855430 e4c3f65d7dd305e7567a5820133563e6

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   458362 a07bff4dbd70a88e0590a5eaf474b071
          Size/MD5:     1677 a494c4c9b7dba82cfdd26b65618dacf7
          Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  3592214 8deae5034786195f9df37595ef8f9c66
          Size/MD5:   194874 429fdb58bdce69d5b64163679c6721ad
          Size/MD5:    59988 c08085b641b26c1d11c81a3e2ea8a315
          Size/MD5: 12102046 794b27b555370504f3c9d39d70fa0287

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  3589202 576af7e3d35db0291952f461b74f6bb0
          Size/MD5:   189532 81740cf1a82437340ded3dbf8d9bc668
          Size/MD5:    56622 051f5aa4a749078227550fe4d8771759
          Size/MD5: 10842634 24a2f47129e13a115cb612ab7d6cf732

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  3591066 8b12a9ffcc2d9d38198c4bbd19b08b76
          Size/MD5:   191980 dc997f5ea64b0ce5225c08f737d6fab4
          Size/MD5:    59702 15afbb248986b685ef1f7ab59660e133
          Size/MD5: 11792284 06f9647fb71deeee08d27451ecf38ae0

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  3587556 6f575f6e24c7e004c71c3746895288f3
          Size/MD5:   189390 227d5419c43080baf5316d6186246bc1
          Size/MD5:    57044 428a473e879f97fca358e49d363baa4c
          Size/MD5: 11055900 f312edc01dbf038d5d4912e20bb2332e

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   128338 b8fd04ca331e279466c74ee642f37c9d
          Size/MD5:     1677 f3d40a99a1bd698eb8793b05593ef9a1
          Size/MD5: 38264877 4266e1ff163ed81a555a6198a8c2fc45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  3592572 cfd1788e37a527b5b421743a53ed6d4e
          Size/MD5:   195362 1b39d27240963b06c8262159f65fecbb
          Size/MD5:    60482 7cfbfd6ac8e1f90b80f862b8da007cb7
          Size/MD5: 12200898 98d6cadd4934398397d7efac96e5dfa2

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  3589906 52715181859839e6da06ee1d11e23b5b
          Size/MD5:   190018 2b4f148d9e1a17759b53a06d9bf10890
          Size/MD5:    57116 71d8d8d39964a3c1812f169f9c97c5be
          Size/MD5: 10930196 0041f2ae1d9bb1cd903b928409b4b00e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  3593612 671ed2159590ee6b593c175d3264ae27
          Size/MD5:   193502 00a290f2d5693deaaf563562bbce679c
          Size/MD5:    60476 b652ff1af4528c671b58c72edae91af8
          Size/MD5: 12143668 5ba802316344128bf11cab16fefa8d8d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  3589116 d5ba04ed373c0d319707dd46f6451410
          Size/MD5:   189836 7e1688245d345859a81b8985871b8016
          Size/MD5:    57538 084b7c136c7de9b5c873a0ded7260ee0
          Size/MD5: 11157146 15baa6c7a72ce11ca6131f999a99d5c5

Ubuntu: Thunderbird vulnerabilities USN-582-2

March 6, 2008
USN-582-1 fixed several vulnerabilities in Thunderbird

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-582-2 March 06, 2008

Package Information

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved