Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Thunderbird
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Thunderbird
ID: USN-741-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04 LTS, Ubuntu 8.10
Datum: Do, 19. März 2009, 23:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776
Applikationen: Mozilla Thunderbird

Originalnachricht

 

--===============5952616736691748801==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="svExV93C05KqedWb"
Content-Disposition: inline


--svExV93C05KqedWb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-741-1             March 19, 2009
mozilla-thunderbird, thunderbird vulnerabilities
CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mozilla-thunderbird            
 1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1

Ubuntu 7.10:
  thunderbird                     2.0.0.21+nobinonly-0ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  thunderbird                     2.0.0.21+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
  thunderbird                     2.0.0.21+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.

Details follow:

Several flaws were discovered in the browser engine. If Javascript were
enabled, an attacker could exploit these flaws to crash Thunderbird and
possibly execute arbitrary code with user privileges. (CVE-2009-0352)

Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a
user had Javascript enabled, these problems could allow a remote attacker to
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0772, CVE-2009-0774)

Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain
redirect. If a user had Javascript enabled, an attacker could bypass the
same-origin policy in Thunderbird by utilizing nsIRDFService and steal
private data from users authenticated to the redirected website.
(CVE-2009-0776)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1.diff.gz
      Size/MD5:   457824 144d15ccf9a7e28489c3f41a8aefe443
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1.dsc
      Size/MD5:     1688 225f20dff306611652e1b5e0e5d360c2
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k.orig.tar.gz
      Size/MD5: 38724498 65b0015f87bc747b4cf0f04dc2b7e27d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:  3594394 5a4c8b8e31439bcc050d6c281ca60254
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:   195084 2902df0778522658df85879f54cfac60
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb
      Size/MD5:    60322 846098744687e2bd4595cfef13ad19c7
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_amd64.deb
      Size/MD5: 12123246 3ae785e21196bdd1c8222a2edf573955

  i386 architecture (x86 compatible Intel/AMD):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb
      Size/MD5:  3588464 241cccce723c15b55ce4a1401b36d80d
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb
      Size/MD5:   188526 d1f442802db68f5b1e5de805481c6e37
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb
      Size/MD5:    55846 aab2beeb7e32cbb962e9c4a0c2a63881
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_i386.deb
      Size/MD5: 10392218 a5b70ef2eabd8e3181edad4a50d415dc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:  3593750 f37628f7bf32eaa6e699f655b3befbf8
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   191822 17a85da976cc03c494b393c0ff2bb3c4
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5:    59500 8f40936424e6e74d51ac541da51ea89b
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_powerpc.deb
      Size/MD5: 11678748 7fb3d49ea6c5506137a6219bc52bafd9

  sparc architecture (Sun SPARC/UltraSPARC):

    mozilla-thunderbird-dev_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:  3590326 d64a1ebdf60860d3c7fc539db0fe568f
    mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:   189258 80649934d69244fb24aca9fffb7cab62
    mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb
      Size/MD5:    57328 0c7a072ab6c187cb078c772e5f02b505
    mozilla-thunderbird_1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1_sparc.deb
      Size/MD5: 10871856 49a20809bce51fae4aa21e8f1ba927a0

Updated packages for Ubuntu 7.10:

  Source archives:

    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1.diff.gz
      Size/MD5:   125774 220e3fea6369826758a4c35918172c0f
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1.dsc
      Size/MD5:     2321 23dc369f38cdbd2a7eb25cf5a77f1b82
    thunderbird_2.0.0.21+nobinonly.orig.tar.gz
      Size/MD5: 37904706 37b085244fed28172a42744f16c2f105

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_all.deb
      Size/MD5:    59232 529687fb6744db8b8211eaca95c0d57c
    mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_all.deb
      Size/MD5:    59218 a0b74e6067af1602fec9851ae8bc6fd9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:  3782668 10119ceeeab5fa6c1a080eb3688bbffa
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5:    85390 423affc0fcc0607909a7d91b27bbb43b
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_amd64.deb
      Size/MD5: 12429022 b34c5f45229f665387112324d5927463

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:  4001090 7be3c415ca8f823d5bd3068c6da1f493
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5:    80246 57aa46088dfa3c0c3505182cdc5195fb
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_i386.deb
      Size/MD5: 11026334 eb1d1e71c07071b0a5b69b404e3a1d1e

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:  3767712 1d0fc779f4f9fc6ce151e83e343fe7f1
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5:    80458 e91be09dcbab0502902a9ffe79cc920a
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_lpia.deb
      Size/MD5: 10837588 ab9f35953207e1ca2c38e6ae0fb1fb18

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:  3786732 a3f7f69db0eba57fb0e5eae419d9c9e2
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    83786 b2e5e838dfcc98818b12236a62c9e531
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_powerpc.deb
      Size/MD5: 12272394 f91f7c4b6ada5298972b6f3f8ee8ddc0

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:  3768028 fada7feaa42bbb99917a3d0a76adf4c8
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5:    80158 83fc5a17e6b15270097cdd3c81f2a4d3
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.7.10.1_sparc.deb
      Size/MD5: 11265358 e3630ccbcabd9b8437e8aa3eff46e77c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1.diff.gz
      Size/MD5:   129331 b6c40e9e7f4868829ef64ca0feed2f04
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1.dsc
      Size/MD5:     2319 8cab7e706371e4fd4fb7050a146ded64
    thunderbird_2.0.0.21+nobinonly.orig.tar.gz
      Size/MD5: 37904706 37b085244fed28172a42744f16c2f105

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60532 9a7544291d592387b1b1b5301f77f740
    mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    60520 b389198436a712fbb96ddd7ed6f6c1a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  3783654 837816a7a8b527be51d46e1d434c9a47
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    85412 e76d5ad55d1866dcea849c05dbce4471
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5: 12410314 d7d829a49129462f1cf95a59242bf056

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  3770490 e89b5595146a414265c8725492bc7bb8
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    80818 b46cffa37ed38bf1932af4da73012b8a
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5: 10982186 c1dfe6e42c118517ad5e684112d97ec0

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  3768194 7bb50ae78ccf6de6e3b017ac80bd2993
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    80558 6f2c57cb545705ec7dcd11f6575235e4
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5: 10828284 473a4f1e04e87f4f095d54dbae1199d0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  3787486 940382362442149412f1f2cc3410c280
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    83810 a521a98522fd1cbf799c3bead1dccfa3
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5: 12254512 1ad70557833ee5fee0d823754d36daa4

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:  3768708 f2ef9618b5402c3d6add76f4710de730
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:    80260 5941e85bde6f1ba7eb87af5b970b576e
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.04.1_sparc.deb
      Size/MD5: 11255102 91126d6bed2f581bf6428f1452a3d6d5

Updated packages for Ubuntu 8.10:

  Source archives:

    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1.diff.gz
      Size/MD5:   130128 489090af195632bc0f5b2da9ef03135c
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1.dsc
      Size/MD5:     2301 b95fa0c819729304e7e4e1914d28248c
    thunderbird_2.0.0.21+nobinonly.orig.tar.gz
      Size/MD5: 37904706 37b085244fed28172a42744f16c2f105

  Architecture independent packages:

    mozilla-thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60834 b2e8e124904e847f8e9ae20fc76ec2be
    mozilla-thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    60822 2f3c9e2df78c69dc4cae8f1e45b888f2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:  3737130 e886530814cd6e4328a2f36d491d6282
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    85576 7b1e37578dfcc61c337eabef0b0b042f
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5: 12437796 b670f40d4cda06dd244f958a6c3017c3

  i386 architecture (x86 compatible Intel/AMD):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:  3721708 f82aebb9b58c9cb3e2febf68dd151ad7
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    81176 63ad7320a9cab551fc55b5c3b4bcdadf
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5: 11042916 e5cc62bcae7bc3088b3c4441a4aac2f9

  lpia architecture (Low Power Intel Architecture):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:  3718244 fd44cb9fe294e7a8a0074d79048e4c72
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    80862 c59d3623c493ae256791e7d01a413c20
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5: 10863820 524cf7ddfce3a84e4ead000a6d709aeb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:  3736116 9772c5a74c2e54000edd941722c727b6
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    84050 72e9368d17ec2c3e6ecd7f3967e84434
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5: 12216224 a8228436f52aa5de5eebeec57f4c28e9

  sparc architecture (Sun SPARC/UltraSPARC):

    thunderbird-dev_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:  3724256 fecbfa0b07e847da2002c70eb39733b7
    thunderbird-gnome-support_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    80888 c125eac7b058bbc56d65b08d3efd0941
    thunderbird_2.0.0.21+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5: 11191468 dcc75b07a98e5b31a3df9d52eaf3bbf8



--svExV93C05KqedWb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknCx4gACgkQW0JvuRdL8Bqc1gCfRiQEAWM3YrpNh3kj+ZOtjYxe
0a4Anjr8tUhDLWRj2mOGAZzLum0MJM5r
=sXKn
-----END PGP SIGNATURE-----

--svExV93C05KqedWb--


--===============5952616736691748801==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5952616736691748801==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung