 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 4 Aug 2008 15:21:35 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
We had a compiling problem on the SL4 x86_64 rpms. It has been fixed and is
working now. Both the x86_64 and i386 rpm's have been rebuilt with the new
name to keep consistency.
No code has been changed. The rpm's were only recompiled.
SL 4.x
SRPMS:
thunderbird-1.5.0.12-14.el4.sl.src.rpm
i386:
thunderbird-1.5.0.12-14.el4.sl.i386.rpm
x86_64:
thunderbird-1.5.0.12-14.el4.sl.x86_64.rpm
Troy
Troy Dawson wrote:
> Synopsis: Moderate: thunderbird security update
> Issue date: 2008-07-23
> CVE Names: CVE-2008-2785 CVE-2008-2798 CVE-2008-2799
> CVE-2008-2800 CVE-2008-2801 CVE-2008-2802
> CVE-2008-2803 CVE-2008-2805 CVE-2008-2807
> CVE-2008-2808 CVE-2008-2809 CVE-2008-2810
> CVE-2008-2811
>
> Multiple flaws were found in the processing of malformed JavaScript
> content. An HTML mail containing such malicious content could cause
> Thunderbird to crash or, potentially, execute arbitrary code as the user
> running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
>
> Several flaws were found in the processing of malformed HTML content. An
> HTML mail containing malicious content could cause Thunderbird to crash or,
> potentially, execute arbitrary code as the user running Thunderbird.
> (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
>
> Several flaws were found in the way malformed HTML content was displayed.
> An HTML mail containing specially-crafted content could, potentially, trick
> a Thunderbird user into surrendering sensitive information. (CVE-2008-2800)
>
> Two local file disclosure flaws were found in Thunderbird. An HTML mail
> containing malicious content could cause Thunderbird to reveal the contents
> of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
>
> A flaw was found in the way a malformed .properties file was processed by
> Thunderbird. A malicious extension could read uninitialized memory,
> possibly leaking sensitive data to the extension. (CVE-2008-2807)
>
> A flaw was found in the way Thunderbird escaped a listing of local file
> names. If a user could be tricked into listing a local directory containing
> malicious file names, arbitrary JavaScript could be run with the
> permissions of the user running Thunderbird. (CVE-2008-2808)
>
> A flaw was found in the way Thunderbird displayed information about
> self-signed certificates. It was possible for a self-signed certificate to
> contain multiple alternate name entries, which were not all displayed to
> the user, allowing them to mistakenly extend trust to an unknown site.
> (CVE-2008-2809)
>
> Note: JavaScript support is disabled by default in Thunderbird. The above
> issues are not exploitable unless JavaScript is enabled.
>
> SL 4.x
>
> SRPMS:
> thunderbird-1.5.0.12-14.el4.src.rpm
> i386:
> thunderbird-1.5.0.12-14.el4.i386.rpm
> x86_64:
> thunderbird-1.5.0.12-14.el4.i386.rpm
>
> SL 5.x
>
> SRPMS:
> thunderbird-2.0.0.16-1.el5.src.rpm
> i386:
> thunderbird-2.0.0.16-1.el5.i386.rpm
> x86_64:
> thunderbird-2.0.0.16-1.el5.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|
