Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
8836e577ee50f8d9c44c673cd6c2023b5e0e25863e404007a67ab72883b61ce8
===========================================================
Ubuntu Security Notice USN-1050-1 March 03, 2011
thunderbird vulnerabilities
CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
thunderbird 3.1.8+build3+nobinonly-0ubuntu0.10.04.1
Ubuntu 10.10:
thunderbird 3.1.8+build3+nobinonly-0ubuntu0.10.10.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Details follow:
Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry
Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several
memory issues in the browser engine. An attacker could exploit these to
crash the browser or possibly run arbitrary code as the user invoking the
program. (CVE-2011-0053, CVE-2011-0062)
Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript
execution in chrome documents. A malicious extension could exploit this to
execute arbitrary code with chrome privlieges. (CVE-2010-1585)
Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2011-0061)
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1.diff.gz
Size/MD5: 95982 cdeaaffea4ca12f2160643815e6cc607
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1.dsc
Size/MD5: 2163 a22911ddc374236e594a441f1eb7443c
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly.orig.tar.gz
Size/MD5: 68664302 67a9fff4dd17b8779e9c01b9a3002cd5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 63019896 fffeb4ba538e6c6efb80a8a0eb258b3c
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 5441106 4543c296075d4a179118961fcfdae5b2
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 180958 af349ebf8d97d47b6661b62123f7fd19
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 9366 61065702e1d54cd3fc9b38abda8edaab
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_amd64.deb
Size/MD5: 12116874 ce12bbca9907c61128bd19059d2e3d89
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 63542472 f2203658dd9881cb76d752ddfeb202a5
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 5151432 86175a844c71fdc06a5a7a68579ec7ec
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 180138 2018d052be9a539220a01e7f895b613b
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 9354 832ddf6fe7964608181c2c410abc3b44
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_i386.deb
Size/MD5: 11118686 e53a3c967a6e60ab9745744ceb2af545
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
Size/MD5: 64404486 1fd4244414b1a5de9adbd259c01f5ac5
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
Size/MD5: 5491132 c0bfbad6ccbd5e19027a6b1a1039dd40
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
Size/MD5: 182474 15ec9e9688250365a9ce2139a5ae7b0f
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
Size/MD5: 9366 ecb912e4e5e53109bcb6e341d53bef0e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_armel.deb
Size/MD5: 10765536 2bf8588caff88d3828b62280b9f5badb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 66035610 aea88a7a520107dba7d1a57f933bb108
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 4986496 3acf9b87eb00f271bedde4f72849f66c
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 186842 019e24d8880cef5b5859b7f37a82d8f9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 9356 42ac7f79e0f273fac2c3f18bb062ad2d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_powerpc.deb
Size/MD5: 11930276 e7f8c8770c0c13ee6bdf60275f9b2324
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 62426354 55bbdf4c641b913942247d55f32549f8
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 4953092 10219347d29f7314b053b56297a3ba5e
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 176248 b5fc7d1d288354860f4bf611a297a75d
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 9362 ee32b0a0a9b90b634f838122274a6a90
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.04.1_sparc.deb
Size/MD5: 11142672 12d1abea1dce8f0ae359a405b7357831
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1.diff.gz
Size/MD5: 97045 b46241e380e4f8ad04c438106418b4fd
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1.dsc
Size/MD5: 2176 98686947c7966e4e71dba1bdc9437bd5
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly.orig.tar.gz
Size/MD5: 68664302 67a9fff4dd17b8779e9c01b9a3002cd5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 63024906 44aa196ed969a6c6f2b9757066b5f1ad
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 5010526 d815968576743ee81ac6f7034cf20b01
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 181700 74445816eab90ebae77e1536719ed440
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 9378 80d4fa8fc404f1ada33bfff0a78221b0
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_amd64.deb
Size/MD5: 12087952 1935875f953cbf5bfce35b268000f27a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 63541296 cbace9ba234c57aa44877b459ae11b53
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 5149080 9052eaec15cc360d472678f5bd68ccfa
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 180782 7dff08599a57844edc722803d91d17a8
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 9378 03fb41e6d084a2de043e12e4ed866fbf
http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_i386.deb
Size/MD5: 11102278 70b7af3e23c5ec1f7df32ec0f50a5e45
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
Size/MD5: 66039448 5324cdff37464a66c9b9c9d62dcbde90
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
Size/MD5: 5668526 fb39543f0e4457cefe5091a4737a36cb
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
Size/MD5: 188928 b5369ca8b2a4a4d97e734ef64a6d90d5
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
Size/MD5: 9392 16d9bd7c598b52be079e5725186e0af7
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_armel.deb
Size/MD5: 10983352 61f45367e7b9d64dbb9cb0adb52396ad
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 65848858 8b13cff02583246a2605d4f3893ce5eb
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 4984440 ac3549907615e90810a061ca278ba5cf
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 187432 f9ad89507d0bcad280252ad34e6eb7f9
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 9376 efd5a0cc9526744b9c5e1493b124cee2
http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.8+build3+nobinonly-0ubuntu0.10.10.1_powerpc.deb
Size/MD5: 11790214 ad669afaa57576ff24c7f42520604bab