Thursday, November 21, 2013

[USN-2032-1] Thunderbird vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/

iQEcBAEBAgAGBQJSjgvMAAoJEGEfvezVlG4PA+YIAI3rdKdmyh/UNZY1UXZ/Q1XA
x/XssvB4w8tRfH4vhFApAbvlo4eb84u6Yz/LX2VzPN46G97bWM7YJzx9Za8T/6Ph
k0667xm5AZMAgfq4lF7GgpxJznZv1kFeRnRPfHjBdZvVXMc1K9/ohpJiNqqYn7b+
wXMKZCmViFt6Q4ms87rcCp6H0N/rb1YSNQZ4KbptOZu2T1rFSs1E6Ikj0iHEvIYO
ChaH6EPGKg/cTdSWkLI8u8d4KA/2m77uwBMndQOWP+q2sMEcigvZv5MSWL35IeKZ
96ODx2NJ/HLH6+zYQSnJSiZjhJLX3FDyWqFhA5z+FXJHNXqeLXp9T03bwKaeNPA=
=d9I+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2032-1
November 21, 2013

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked into connecting to a malicious server, an attacker could possibly
exploit these to cause a denial of service via application crash,
potentially execute arbitrary code, or lead to information disclosure.
(CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
thunderbird 1:24.1.1+build1-0ubuntu0.13.10.1

Ubuntu 13.04:
thunderbird 1:24.1.1+build1-0ubuntu0.13.04.1

Ubuntu 12.10:
thunderbird 1:24.1.1+build1-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
thunderbird 1:24.1.1+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2032-1
CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607,
https://launchpad.net/bugs/1253027

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:24.1.1+build1-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:24.1.1+build1-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:24.1.1+build1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:24.1.1+build1-0ubuntu0.12.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)