Home / vulnerabilities USN-469-1.txt
Posted on 07 June 2007
Source : packetstormsecurity.org Link
===========================================================
Ubuntu Security Notice USN-469-1 June 05, 2007
mozilla-thunderbird vulnerabilities
CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.12-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.12-0ubuntu0.6.10
Ubuntu 7.04:
mozilla-thunderbird 1.5.0.12-0ubuntu0.7.04
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
Gaëtan Leurent showed a weakness in APOP authentication. An attacker
posing as a trusted server could recover portions of the user's
password via multiple authentication attempts. (CVE-2007-1558)
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2007-2867, CVE-2007-2868)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.diff.gz
Size/MD5: 455017 6134996c92b001015b30150c2dc1ebc9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06.dsc
Size/MD5: 1603 a28b5d142a6f31040ed31e9a6d6bc89f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_amd64.deb
Size/MD5: 3536144 14ea0a1977a5320fd835fd001d67346f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_amd64.deb
Size/MD5: 194244 8b458963ac0651ed0cd6391eff999922
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_amd64.deb
Size/MD5: 59492 f72ea0bdf598e970be1fc2bc4c13aca5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_amd64.deb
Size/MD5: 12072898 5c56a62ecebbd04b0d5800e02bb0f962
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_i386.deb
Size/MD5: 3529200 7e19aa6138e8feed5cff6d838b6028a9
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_i386.deb
Size/MD5: 187602 6820a2a671a38afd15a0f6a85d836e1a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_i386.deb
Size/MD5: 55014 7bafe57ee68339de3cd6b652b38f732e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_i386.deb
Size/MD5: 10348548 b9681e3ee16c04c08339ec2ef01a6c88
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_powerpc.deb
Size/MD5: 3534496 3c48628681299abaee19fc0beba5ab78
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_powerpc.deb
Size/MD5: 190946 fbbcce5b8063cb919394a9eb6606be14
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_powerpc.deb
Size/MD5: 58594 feced950d4786dca229a3311d78ebd92
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_powerpc.deb
Size/MD5: 11625662 84c92da6096228d1e9d9b88bd7b04175
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.06_sparc.deb
Size/MD5: 3531010 bcc28364913ee9a39fcbe927c18c63b6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.06_sparc.deb
Size/MD5: 188396 269be710a7fba93ef6b097b2b9fff9db
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.06_sparc.deb
Size/MD5: 56508 53c80fc5eee71c35c5ac6bd02d378d88
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.06_sparc.deb
Size/MD5: 10819654 ef89c7e36efdb96ac78708d29d8549b9
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.diff.gz
Size/MD5: 455848 d0c748328245e197cae6535eb8f432ef
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10.dsc
Size/MD5: 1601 bd27533176397a9e5dfbf7f78bc0663e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_amd64.deb
Size/MD5: 3535944 23d30ebe5ef94e613e7967b1db8ef31b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_amd64.deb
Size/MD5: 194370 45be8ffeacd6effc2f9dc7760c95872b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_amd64.deb
Size/MD5: 59488 332a5fc9ba7aaee2f415f8b7d48df4d3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_amd64.deb
Size/MD5: 12069218 a95212832d428490b423c3f1f4d8fb6f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_i386.deb
Size/MD5: 3532554 c3e7b0d29512c4fcdeb4c44d2cf254ee
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_i386.deb
Size/MD5: 189032 1af5c94758d03e290996aabe28f4e468
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_i386.deb
Size/MD5: 56130 b8dd5169a5c9d2e64f92a5077125e5fe
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_i386.deb
Size/MD5: 10807154 3182256c2c4e3dcf8ce0af8c08c79b9e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3534536 3f01d1dd21c6f9c4876cbe26c99b9b7a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_powerpc.deb
Size/MD5: 191466 d3d76899b21d9c6a00b74c59375ef410
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_powerpc.deb
Size/MD5: 59150 d00037720c85c34f71289eb5e38495e6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_powerpc.deb
Size/MD5: 11755910 5e4af6da8f47a49d55f79679299ca1c5
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.6.10_sparc.deb
Size/MD5: 3531000 cfe826422c56a92146ef11cd7ac8a12b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.6.10_sparc.deb
Size/MD5: 188848 4749b5b3be87a3fcd12dc3d40a49a855
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.6.10_sparc.deb
Size/MD5: 56542 da871004b8b3361955e80fde84bb6912
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.6.10_sparc.deb
Size/MD5: 11021978 278ddf14608e203be94128d4d813c17c
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.diff.gz
Size/MD5: 126465 cc8f051889c9b0b3e38d7209405dea69
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04.dsc
Size/MD5: 1601 7c375b22a857fcd739595e99d69030be
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12.orig.tar.gz
Size/MD5: 36087822 b4da2245a3b9e9aba57458892ccb4432
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_amd64.deb
Size/MD5: 3536244 487c6c4f6eeea7b685882f7782499c1f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_amd64.deb
Size/MD5: 194854 1878f36a0df3331ac035cc0a7141e0e6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_amd64.deb
Size/MD5: 59982 10922e4c84d5d0a742d1673cfd9cb7f0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_amd64.deb
Size/MD5: 12164292 bb2c2e8b5ef6419e408cdaf5096367ee
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_i386.deb
Size/MD5: 3533300 2aa267d22e69adf1952365381ee223c4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_i386.deb
Size/MD5: 189498 b3e5a7fd372e13926d5b0ab65e8fe78b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_i386.deb
Size/MD5: 56606 96e62d17f21013a3b801cbe6bbddd665
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_i386.deb
Size/MD5: 10893370 b0c17d6fabacc7c2cf1f1ab11a603a63
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_powerpc.deb
Size/MD5: 3537168 a7afc930e25aaca21915bda7fd27df94
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_powerpc.deb
Size/MD5: 192978 65ec6c5bf4483df668b9a848e7d38754
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_powerpc.deb
Size/MD5: 59968 e808d5650b3bb3e9fb8db66f64d60d91
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_powerpc.deb
Size/MD5: 12107396 fc8addfa0baf3cf6104a65e66bf4cce6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.12-0ubuntu0.7.04_sparc.deb
Size/MD5: 3532440 4b4d48c1c6ec051f79023aa4ab02a38a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.12-0ubuntu0.7.04_sparc.deb
Size/MD5: 189318 d84f7d16f44ce1bf1f989a316f13f901
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.12-0ubuntu0.7.04_sparc.deb
Size/MD5: 57038 ef6a777ccc9464d7c74b774c61afe3f3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.12-0ubuntu0.7.04_sparc.deb
Size/MD5: 11123392 f73b585d8506d5be115aa006ac2ede2a