Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in thunderbird
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in thunderbird
ID: FEDORA-2005-247
Distribution: Fedora
Plattformen: Fedora Core 3
Datum: Do, 24. März 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
Applikationen: Mozilla Thunderbird

Originalnachricht

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-247
2005-03-23
---------------------------------------------------------------------

Product : Fedora Core 3
Name : thunderbird
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:


A buffer overflow bug was found in the way Thunderbird processes GIF
images. It is possible for an attacker to create a specially crafted GIF
image, which when viewed by a victim will execute arbitrary code as the
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0399 to this issue.

A bug was found in the Thunderbird string handling functions. If a
malicious website is able to exhaust a system's memory, it becomes
possible to execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0255 to
this issue.

Users of Thunderbird are advised to upgrade to this updated package
which contains Thunderbird version 1.0.2 and is not vulnerable to these
issues.

This update enables pango rendering by default.


---------------------------------------------------------------------
* Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com> 1.0.2-1.3.1

- Thunderbird 1.0.2
- Enable pango rendering

* Tue Mar 8 2005 Christopher Aillon <caillon@redhat.com> 1.0-5

- Add patch to compile against new fortified glibc macros

* Sat Mar 5 2005 Christopher Aillon <caillon@redhat.com> 1.0-4

- Rebuild against GCC 4.0
- Add execshield patches
- Minor specfile cleanup

* Mon Dec 20 2004 Christopher Aillon <caillon@redhat.com> 1.0-3

- Rebuild

* Thu Dec 16 2004 Christopher Aillon <caillon@redhat.com> 1.0-2

- Add RPM version to useragent

* Thu Dec 16 2004 Christopher Blizzard <blizzard@redhat.com>

- Port over pango patches from firefox

* Wed Dec 8 2004 Christopher Aillon <caillon@redhat.com> 1.0-1.3.1

- Thunderbird 1.0

* Mon Dec 6 2004 Christopher Aillon <caillon@redhat.com> 1.0-0.rc1.1

- Fix advanced prefs

* Fri Dec 3 2004 Christopher Aillon <caillon@redhat.com>

- Make this run on s390(x) now for real

* Wed Dec 1 2004 Christopher Aillon <caillon@redhat.com> 1.0-0.rc1.0

- Update to 1.0 rc1


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a7764787e90a38e1a7d121b5393c946c SRPMS/thunderbird-1.0.2-1.3.1.src.rpm
642aec4401a1e924bc1569a8a28d2f18 x86_64/thunderbird-1.0.2-1.3.1.x86_64.rpm
b1c171a3a1ec24d996e36f8e3efec462
x86_64/debug/thunderbird-debuginfo-1.0.2-1.3.1.x86_64.rpm
f8872d466515e23b7eb4e49564a24f9f i386/thunderbird-1.0.2-1.3.1.i386.rpm
90eb655353de9280aa8595becc07496c
i386/debug/thunderbird-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung