Mehrere Probleme in Thunderbird
ID: | USN-4373-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
Datum: | Di, 26. Mai 2020, 20:29 |
Referenzen: | https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.19.10.2
https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.18.04.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392 https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.16.04.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12397 https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.20.04.2 |
Applikationen: | Mozilla Thunderbird |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3631903631700825117== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="b6AQ0Xnd7RihcHMKwNrHZJ9H3sY4G9wUe" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --b6AQ0Xnd7RihcHMKwNrHZJ9H3sY4G9wUe Content-Type: multipart/mixed; boundary="cfSioliIWUCJdjWktJxhgmdl6UIBYFgqV" --cfSioliIWUCJdjWktJxhgmdl6UIBYFgqV Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-4373-1 May 26, 2020 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395) It was discovered that the Devtoolsâ âCopy as cURLâ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the âCopy as cURLâ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) It was discovered that Thunderbird did not correctly handle Unicode whitespace characters within the From email header. An attacker could potentially exploit this to spoof the sender email address that Thunderbird displays. (CVE-2020-12397) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: thunderbird 1:68.8.0+build2-0ubuntu0.20.04.2 Ubuntu 19.10: thunderbird 1:68.8.0+build2-0ubuntu0.19.10.2 Ubuntu 18.04 LTS: thunderbird 1:68.8.0+build2-0ubuntu0.18.04.2 Ubuntu 16.04 LTS: thunderbird 1:68.8.0+build2-0ubuntu0.16.04.2 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: https://usn.ubuntu.com/4373-1 CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-12397, CVE-2020-6831 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.20.04.2 https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.19.10.2 https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.18.04.2 https://launchpad.net/ubuntu/+source/thunderbird/1:68.8.0+build2-0ubuntu0.16.04.2 --cfSioliIWUCJdjWktJxhgmdl6UIBYFgqV-- --b6AQ0Xnd7RihcHMKwNrHZJ9H3sY4G9wUe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl7NLvAACgkQYR+97NWU bg+r4Af/XGRMq6DFihGGt0Mo/5v0KmVpHhH05TCb5ReDn6WS8RkyhsQHyccFv4rg 8jQlQLlHQnWQL4KcDAsVnTeeyEINmnCWn7qYRDBfvGt8oB62CAKw7UqOdn9eSbkn UltfqSYt7MF4S6rzYjkOSJL3GezfUsh/rA2QG6d4p+JzcV5YGSPBB9svGRW9q0vy lsqFnBsJg4H6bUONReef9DwJ2Ckw5DZ/ZiFGmnDxiGx66jtanlBiA8nX/xCvNc1g Ze94vSNUSrrpOUmOiLtO35XzNCseaN80t7bpzd3q1Ti15sFJEKPUdYATuCcHg4rr xPlny3ngUQUPsXdX2UIeWDwjkN6QRA== =HW3J -----END PGP SIGNATURE----- --b6AQ0Xnd7RihcHMKwNrHZJ9H3sY4G9wUe-- --===============3631903631700825117== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============3631903631700825117==-- |