drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Mozilla Thunderbird
Name: |
Ausführen beliebiger Kommandos in Mozilla Thunderbird |
|
ID: |
USN-3073-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Do, 22. September 2016, 23:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836 |
|
Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1043580062049217996== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="heIDXOIfdti3NdsbGoXEmmWOQbHr1E56J"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --heIDXOIfdti3NdsbGoXEmmWOQbHr1E56J Content-Type: multipart/mixed; boundary="LEk3jlrmTwsQLHR2V3jeSasFVD9w2DcL1" From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <119b9121-e6ab-38b6-853f-f846e9af4831@canonical.com> Subject: [USN-3073-1] Thunderbird vulnerabilities
--LEk3jlrmTwsQLHR2V3jeSasFVD9w2DcL1 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3073-1 September 22, 2016
thunderbird vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Thunderbird could be made to crash or run programs as your login if it opened a malicious message.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2836)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: thunderbird 1:45.3.0+build1-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: thunderbird 1:45.3.0+build1-0ubuntu0.14.04.4
Ubuntu 12.04 LTS: thunderbird 1:45.3.0+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3073-1 CVE-2016-2836
Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:45.3.0+build1-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/thunderbird/1:45.3.0+build1-0ubuntu0.14.04.4 https://launchpad.net/ubuntu/+source/thunderbird/1:45.3.0+build1-0ubuntu0.12.04.1
--LEk3jlrmTwsQLHR2V3jeSasFVD9w2DcL1--
--heIDXOIfdti3NdsbGoXEmmWOQbHr1E56J Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJX5BIJAAoJEGEfvezVlG4PjNgIAK7ltT+wayZreZpoc+JGtZrB uLg7VpyjAmrNQwoPBLGHjh5gJVpb1ve7mBJgPGe7D0g/3JYLSRiWa0Qg5XVpLzps 5iKr1lLtkDr5XeGO9lMcuipo+WbKsApU22YqKNmx7OqMQq2agxFhPMsgLdeGEmHz qebTJUPSxrrrFwvCv/ZJMUtfp/j18cOzXFDSHL79BW3jRMdossIR7FctAcUN9SU4 CVFL5vcJ9LZq2jXXNG3cXyhq24YbWjdRLAuKj5zKWO5cvFPw1V3UxMdoRF/2koGi WWLSu7ASjflXYIe3g8m5wE8Qv7IEX9KXjY9YQhY/0Ywp63DpbjNOEkAxdYIf5Ds= =Yw5b -----END PGP SIGNATURE-----
--heIDXOIfdti3NdsbGoXEmmWOQbHr1E56J--
--===============1043580062049217996== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1043580062049217996==--
|
|
|
|