Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

Ubuntu Security Update USN-3278-1: Thunderbird vulnerabilities

Discussion in 'Linux Security Announcements (Automated)' started by LinuxBot, May 17, 2017.

  1. LinuxBot

    LinuxBot Moderator
    Staff Member

    Joined:
    Apr 25, 2017
    Messages:
    30
    Likes Received:
    1
    Ubuntu Security Notice USN-3278-1


    16th May, 2017



    thunderbird vulnerabilities


    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.10
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS
    Summary


    Several security issues were fixed in Thunderbird.

    Software description

    • thunderbird - Mozilla Open Source mail and newsgroup client
    Details


    Multiple security issues were discovered in Thunderbird. If a user were
    tricked in to opening a specially crafted message, an attacker could
    potentially exploit these to read uninitialized memory, cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2017-5429,
    CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445,
    CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467)

    Multiple security issues were discovered in Thunderbird. If a user were
    tricked in to opening a specially crafted website in a browsing context,
    an attacker could potentially exploit these to spoof the addressbar
    contents, conduct cross-site scripting (XSS) attacks, cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2017-5432,
    CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438,
    CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449,
    CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464,
    CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2017-10195,
    CVE-2017-10196, CVE-2017-10197)

    A flaw was discovered in the DRBG number generation in NSS. If an
    attacker were able to perform a man-in-the-middle attack, this flaw
    could potentially be exploited to view sensitive information.
    (CVE-2017-5462)

    Update instructions


    The problem can be corrected by updating your system to the following package version:

    Ubuntu 17.04:
    thunderbird 1:52.1.1+build1-0ubuntu0.17.04.1
    Ubuntu 16.10:
    thunderbird 1:52.1.1+build1-0ubuntu0.16.10.1
    Ubuntu 16.04 LTS:
    thunderbird 1:52.1.1+build1-0ubuntu0.16.04.1
    Ubuntu 14.04 LTS:
    thunderbird 1:52.1.1+build1-0ubuntu0.14.04.1

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart Thunderbird to make
    all the necessary changes.

    References


    CVE-2017-10195, CVE-2017-10196, CVE-2017-10197, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469

    Continue reading...
     

Share This Page