=========================================================== 
Ubuntu Security Notice USN-431-1             March 07, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.5.10

Ubuntu 6.06 LTS:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.6.06

Ubuntu 6.10:
  mozilla-thunderbird                      1.5.0.10-0ubuntu0.6.10

After a standard system upgrade you need to restart Thunderbird to 
effect the necessary changes.

Details follow:

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges.  (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently 
verify the validity of client master keys presented in an SSL client 
certificate. A remote attacker could exploit this to execute arbitrary 
code in a server application that uses the NSS library.  (CVE-2007-0009)

Various flaws have been reported that could allow an attacker to execute 
arbitrary code with user privileges by tricking the user into opening a 
malicious web page.  (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777)


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   451558 9201ce342ac44e7457f9effe0b2260f1
          Size/MD5:      963 096c2f8f7595b063cdb57734aee49fc7
          Size/MD5: 36077004 6c3d75d0fb4d1382bb64fb0808eab840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  3530774 87d19a325390947583e48a0acc1c430e
          Size/MD5:   190690 8b94c996f15698e3e4e5f10abeba99f9
          Size/MD5:    55902 8df7e608027f16e4dbc52c6df70a935c
          Size/MD5: 12060510 bffb0df58665aa9e0bda36e8d2ab0dcf

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:  3521898 735c894ec6a51acde89e9419537a1af0
          Size/MD5:   184074 edcad564676152a81a4b03009782fa0f
          Size/MD5:    51530 fbacc5e9bdb9fb69e054296da579db55
          Size/MD5: 10348302 448cf552030f1e113ef6eecd3db47ec0

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  3527478 a62c8ea3d17e342c697fba213701fac9
          Size/MD5:   187408 6b53d9f03e9776f35f55a44b11324219
          Size/MD5:    55096 6715a4ba6cce73da08932aa035f9f1f6
          Size/MD5: 11592470 4fde80cd428cf5f962a5fa21a1100c04

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  3523640 f1950b4c50d02a43f6ab02618c49ce5e
          Size/MD5:   184856 ff96fb8e4ac2fbe594199ad554fa14ad
          Size/MD5:    52986 12026f7161124993d7ce057fb653eebb
          Size/MD5: 10831064 1d98f8ff2cca32fc5efdccf6f45d041b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   454934 3634b0418aa5cbee5e0c194dece32b45
          Size/MD5:      963 ce0d4a0e906b98b47379417e02acf9d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  3534786 4048c5389518c3be184a6419b0a92dd3
          Size/MD5:   194174 8780af0825be29bfbb9e4c696d973ce0
          Size/MD5:    59408 7cb37722b78dfa50bb6e46ab92b53ccc
          Size/MD5: 12070202 f45fd5e505a0536659947aca0de26f8b

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:  3527078 fc76f9a36e74f02185a97cd5740c7de7
          Size/MD5:   187538 50b6efcce4b41288152226f3dd611db7
          Size/MD5:    54922 d2e14f478a41db1b1aa53bbac4abba4e
          Size/MD5: 10347054 8422c679127103ee6ea36ce4e9f2ceb5

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  3532870 8665536250fad703a6e4e6ff181b486e
          Size/MD5:   190880 34d32b90b85048df075b64570bed5d74
          Size/MD5:    58538 512fe71392f887c32b3f5d096abe3ac4
          Size/MD5: 11624320 2bff41c1ed67e361243b12dc9bc8cf68

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  3529076 2c3f05b9709a35fe8a04cb9635ded807
          Size/MD5:   188328 09a45d676c00517e501371978a44ea88
          Size/MD5:    56414 cf685a4cca2d52a949bb4b6ae5644ba4
          Size/MD5: 10818756 e2c84d36ac95f59d55e61a165d036cf4

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   455368 b1b05ec9b0524d9837f9dbc1886ba5db
          Size/MD5:      963 7d3d9373365c63f81f1893cf1c0343e6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:  3534530 b91a4f3fa51ce679b526b603c53f606c
          Size/MD5:   194290 f1316eedba06e1fa05b61bd40661447c
          Size/MD5:    59412 a8d368db2641ad759235f63b60adca94
          Size/MD5: 12068840 097951e9a5ab8c54a9beff73fe38feff

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:  3530892 4ffa7353a111fadee3aa3971529a026d
          Size/MD5:   188958 bf234cf79421a6fff37f1c10a81e4c42
          Size/MD5:    56050 ec52c524dacf263fd93b4eb8c88e1a77
          Size/MD5: 10804696 67b115670c9a231cbd643d8eb98e3207

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:  3532760 ddbf679b2c92f5dc8bff86f96f87dfe2
          Size/MD5:   191388 f1cf1a7112e492784fa822d82d8c70f4
          Size/MD5:    59058 fe7ae7579b6c325fd5276fdd7085caa1
          Size/MD5: 11753272 51eb235e10f5ce40e75d9eceb1a1a460

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:  3529194 e20b5525b8119e82c6887a363b652c12
          Size/MD5:   188778 f97c647566c1ade50a2d838dd5a0f906
          Size/MD5:    56468 bea9f315b787f5841932a27c61c4ed26
          Size/MD5: 11019700 0bd22175edc692013128f0b278832027

Ubuntu: Thunderbird vulnerabilities USN-431-1

March 6, 2007
The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-431-1 March 07, 2007

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved