=========================================================== Ubuntu Security Notice USN-200-1 October 11, 2005 mozilla-thunderbird vulnerabilities CAN-2005-2701, CAN-2005-2702, CAN-2005-2703, CAN-2005-2704, CAN-2005-2705, CAN-2005-2706, CAN-2005-2707, CAN-2005-2968 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-thunderbird The problem can be corrected by upgrading the affected package to version 1.0.7-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.7-0ubuntu05.04 (for Ubuntu 5.04). After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. (CAN-2005-2701) Mats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained "zero-width non-joiner" characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. (CAN-2005-2702) Georgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. (CAN-2005-2705) Peter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for "mailto:" URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968) This update also fixes some less critical issues which are described at http://www.mozilla.org/security/announce/mfsa2005-58.html. (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707) The "enigmail" plugin has been updated to work with the new Thunderbird and Mozilla versions. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.diff.gz Size/MD5: 79613 f9bde38c0670fa1425a90cb8ce4b0185 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10.dsc Size/MD5: 942 707e6e98a71dee959646fc729323fcf8 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.diff.gz Size/MD5: 17273 13d3e8b980bacb933f76c5705f507af2 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu04.10.2.dsc Size/MD5: 892 5072d001bb1b206877d11508a069f13f http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_amd64.deb Size/MD5: 3345028 b04933e0f9cad6333998a0dfae666173 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_amd64.deb Size/MD5: 144016 156792439201556a8fd6bf9c1a6d985f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_amd64.deb Size/MD5: 26556 015d82c959ee206ceb2c09220a0fd6f4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_amd64.deb Size/MD5: 81636 f9331c7d54dc993721c18934398732e4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_amd64.deb Size/MD5: 12260290 5c5df9f4ca8502a0d6d084145989649f http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_amd64.deb Size/MD5: 326932 eaad6317faffbfe400f49969137b718e http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_amd64.deb Size/MD5: 332914 a523cf68e0f4a123919f160efc27146b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_i386.deb Size/MD5: 3338654 c0abd1899e6a8359a4f6793ccd8ea4af http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_i386.deb Size/MD5: 139126 190afe37f6e2da0fa3dc2d8104be281c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_i386.deb Size/MD5: 26552 ab522a27164827f14ef71cb132e290ef http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_i386.deb Size/MD5: 79288 0613543b80f24e73e91e5b2e271b62dc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_i386.deb Size/MD5: 11342604 a55bf50bc133c38da9fb2fd29fcf783d http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_i386.deb Size/MD5: 310660 3234927815cbf29ba5e185c9b9b95b11 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_i386.deb Size/MD5: 318280 4fd58af2f3741c214b423a5c56574a80 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu04.10_powerpc.deb Size/MD5: 3333802 030aced3c33f475e172db83e791df525 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu04.10_powerpc.deb Size/MD5: 137894 2716caa9d79e6eedaaaa2d56a53ddc9a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu04.10_powerpc.deb Size/MD5: 26552 d7a3b05a93f84b2a1fc3dbcf088a2639 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu04.10_powerpc.deb Size/MD5: 73418 03b28536712653dc9394972399121cae http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu04.10_powerpc.deb Size/MD5: 10896852 2e40122393db4aec2ecb17758464bd48 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu04.10.2_powerpc.deb Size/MD5: 312894 b76c35805b1a190d35a82ae36e79faf4 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu04.10.2_powerpc.deb Size/MD5: 320138 603c5ef819898111cc7534c8a2ade052 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.diff.gz Size/MD5: 79568 927f7fb3e2fa0d91e3e2929a3fbb022f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04.dsc Size/MD5: 942 e644b0e7b01047b3014b63fc9a334a45 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7.orig.tar.gz Size/MD5: 32910701 6db01051ce21d9faadd119a1b88383b7 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.diff.gz Size/MD5: 17263 bc977ffccd94a895507a89fab00c0740 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92-1ubuntu05.04.2.dsc Size/MD5: 892 8c5e2196917a692743a46aeee4c1742a http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.orig.tar.gz Size/MD5: 2038607 c79925633b9e01fa6737d75c2e7acb89 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_amd64.deb Size/MD5: 3344886 15f56aecc9a8c76a69479f75f0559ee4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_amd64.deb Size/MD5: 144006 4e60bcf3fb0c32d57a0b24d162feb23a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_amd64.deb Size/MD5: 26524 b2b1b1e7f6b7432c44b9e46f13528d1f http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_amd64.deb Size/MD5: 81504 89cfb1ce5708c1c3cf41082bc486c403 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_amd64.deb Size/MD5: 11953616 80eaa1ccacbd8bbc343ed05603431c7b http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_amd64.deb Size/MD5: 326942 358d55b0964721b909d0a5d1c7f99d41 http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_amd64.deb Size/MD5: 332960 91f90a97e9ad7dd36e91daf95d48068a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_i386.deb Size/MD5: 3338534 c23ffedc8034495f9c4b672597b3301c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_i386.deb Size/MD5: 139102 8dfdcc3cecd98f6553c2f6e1294f3131 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_i386.deb Size/MD5: 26520 7ddb9e9fa4bd2a4a4b25a74c49fbffea http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_i386.deb Size/MD5: 79248 13adc727d9bf951eff938d3c352f7fc9 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_i386.deb Size/MD5: 10901960 96bdb11e0ac8fe09cf83ccc49ae19351 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_i386.deb Size/MD5: 310688 8513c0c249978caa18d56b2e8a8141be http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_i386.deb Size/MD5: 318308 61e86fa897f1b3a9609769633c63485a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.7-0ubuntu05.04_powerpc.deb Size/MD5: 3333732 d0914dd3b69c3d16e3e5404d8eb69e7b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.7-0ubuntu05.04_powerpc.deb Size/MD5: 137880 9656e69890c3d1abe624e530b1480c25 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.7-0ubuntu05.04_powerpc.deb Size/MD5: 26530 d58893a55c9d6da837223e868d2ef523 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.7-0ubuntu05.04_powerpc.deb Size/MD5: 73480 52011db0bc524f75ec78f69d1dc2736e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.7-0ubuntu05.04_powerpc.deb Size/MD5: 10447288 6289932038b021a33926ff180990c755 http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92-1ubuntu05.04.2_powerpc.deb Size/MD5: 313004 5174b8c1afd1063b80d638f14d0dfe9c http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92-1ubuntu05.04.2_powerpc.deb Size/MD5: 320088 90895e1af1e604ded4ff5e9eb9eec95a
Attachment:
signature.asc
Description: Digital signature