LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 943-1: Thunderbird vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Martin Barbella discovered an integer overflow in an XSLT node sortingroutine. An attacker could exploit this to overflow a buffer and cause adenial of service or possibly execute arbitrary code with the privileges ofthe user invoking the program. (CVE-2010-1199) [More...]
===========================================================
Ubuntu Security Notice USN-943-1              July 06, 2010
thunderbird vulnerabilities
CVE-2010-1121, CVE-2010-1196, CVE-2010-1199, CVE-2010-1200,
CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  thunderbird                     3.0.5+build2+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

Details follow:

Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1199)

An integer overflow was discovered in Thunderbird. If a user were tricked
into viewing malicious content, an attacker could overflow a buffer and
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1196)

Several flaws were discovered in the browser engine of Thunderbird. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
CVE-2010-1202, CVE-2010-1203)

If was discovered that Thunderbird could be made to access freed memory. If
a user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1121)


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
      Size/MD5:    92823 0ca46ffd047f5f7cee484fff9e8af23b
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1.dsc
      Size/MD5:     2412 aca8b9b2dbfb307db4431919947a7937
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly.orig.tar.gz
      Size/MD5: 60882290 1a1a88e927a9a88bbe7ebcebf823dee8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 64108820 3aa916caba6c99731e7d32be86288dc3
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:  5242210 4126c9df835aeb3a9c07843563006c68
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:   148928 0bcd99b6b523fac6b42dcbb7f24dff01
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5:     9290 ad02f8df355f77c9b1add63163cbc788
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
      Size/MD5: 11378952 1ea590db0e17e3a60463ac04d0515b80

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 64452942 eaec764f36f6c8f028a896b5392c3737
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:  5307796 dafaff64a67a27a702a6f865c14445ff
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:   148118 39c67bfe1a78134d37c8ae7aeec002bb
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5:     9292 178054e4f82c37056f11ea499e37c4e2
    http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
      Size/MD5: 10408506 c18e02729a25128e676165df459f969f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 67079046 b99a348ef7df5d8ab2daa6995b3e9eed
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:  5238246 0f540c21b92bb8730631c8d048763890
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:   153294 6b87239a25c174184dd5681f4d90b30c
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5:     9294 196d8ddb2fd3b1d9f987814f4008fc87
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
      Size/MD5: 11260620 dab912c76ddc41ba98eaadbfb051aeb4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 63631670 2b5550e2e5dbe85b9c5f3bd106e9043a
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:  5216964 c22473ed591e05898a660d1b84a93e7a
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:   144236 a583a67a7e172036d31350e393a12469
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5:     9296 3c1023ab76f0e7dad38055468fbf8911
    http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
      Size/MD5: 10514780 30417d9d956648a4f15d645171edb401




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.