Mehrere Probleme in mozilla-thunderbird
ID: | SSA:2008-061-01 |
Distribution: | Slackware |
Plattformen: | Slackware -current, Slackware 10.2, Slackware 11.0, Slackware 12.0 |
Datum: | So, 2. März 2008, 00:50 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 |
Applikationen: | Mozilla Thunderbird |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2008-061-01) New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz: Upgraded to thunderbird-2.0.0.12. This update fixes the following security related issues: MFSA 2008-12: Heap buffer overflow in external MIME bodies MFSA 2008-05: Directory traversal via chrome: URI MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12) For more information, see: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html These are the related CVE entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-2.0.0.12-i686-1.tgz MD5 signatures: +-------------+ Slackware 10.2 package: 0c5bfc8c508e128b13c88311a6889879 mozilla-thunderbird-2.0.0.12-i686-1.tgz Slackware 11.0 package: 0c5bfc8c508e128b13c88311a6889879 mozilla-thunderbird-2.0.0.12-i686-1.tgz Slackware 12.0 package: 0c5bfc8c508e128b13c88311a6889879 mozilla-thunderbird-2.0.0.12-i686-1.tgz Slackware -current package: 0c5bfc8c508e128b13c88311a6889879 mozilla-thunderbird-2.0.0.12-i686-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-2.0.0.12-i686-1.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHydGGakRjwEAQIjMRAuoxAJ46Su1F514DoVjZ5A6GhDV5Pxg8TACfdqZK KCkg9/COrYzfV1pa56IHzX0= =hekn -----END PGP SIGNATURE----- |