drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Thunderbird
Name: |
Mehrere Probleme in Thunderbird |
|
ID: |
USN-4736-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.10 |
|
Datum: |
Mi, 17. Februar 2021, 06:25 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976
https://launchpad.net/ubuntu/+source/thunderbird/1:78.7.1+build1-0ubuntu0.20.10.4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964 |
|
Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0257485774215041444== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="de8iI5Bbfkk3lNPYkHqwTUiXYqqO3ApCX"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --de8iI5Bbfkk3lNPYkHqwTUiXYqqO3ApCX Content-Type: multipart/mixed; boundary="Pn0AMrof8U6kFRSJSijTTc87DIon5gFTn"; protected-headers="v1" From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <9ace03f4-cb60-b687-e4d3-63ceefcc9f1c@canonical.com> Subject: [USN-4736-1] Thunderbird vulnerabilities
--Pn0AMrof8U6kFRSJSijTTc87DIon5gFTn Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4736-1 February 16, 2021
thunderbird vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
Summary:
Several security issues were fixed in Thunderbird.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964)
It was discovered that responses received during the plaintext phase of the STARTTLS connection setup were subsequently evaluated during the encrypted session. A person in the middle could potentially exploit this to perform a response injection attack. (CVE-2020-15685)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: thunderbird 1:78.7.1+build1-0ubuntu0.20.10.4
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References: https://usn.ubuntu.com/4736-1 CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:78.7.1+build1-0ubuntu0.20.10.4
--Pn0AMrof8U6kFRSJSijTTc87DIon5gFTn--
--de8iI5Bbfkk3lNPYkHqwTUiXYqqO3ApCX Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAmAr/9IACgkQYR+97NWU bg8BswgAnlDf/GXgZHDEMtrMHP35EGtXguPVeOoj5qFi61eUYj8Xa/kb164H9h+6 hdPjE9UEwjnFwit76EHfLuTrpPPrv14Ie+lUkum5ARTKr1oC3Wy3ddF2PafCbilk Xn9k5Nj9TS/9kxReI0Fxoafv7+ftrK+8EVCK0iSn3FU6PHsGFxOLF1U5xkiDD/dR SrcsKwdrhLwLE6uYauURMuxfKVNLTXl0geWHqAGB8yvhn1cZeA0Nt1rz1EdezSSb u3hx0dTGy5ZC0mUWZ5+4oUY2KXzUEaODlWIhhvwLIaaEDGmmfr70qxT/FEu3kCMh H7E5LheGlNbZgJFZa+ZFz66cSGc1HA== =YibA -----END PGP SIGNATURE-----
--de8iI5Bbfkk3lNPYkHqwTUiXYqqO3ApCX--
--===============0257485774215041444== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============0257485774215041444==--
|
|
|
|