LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

October 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA October 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 14 Oct 2008 16:16:19 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (82 lines)

We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has 
been fixed and is working now.  Both the x86_64 and i386 rpm's have been 
rebuilt with the new name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

        SRPMS:
thunderbird-1.5.0.12-16.el4.sl.src.rpm
        i386:
thunderbird-1.5.0.12-16.el4.sl.i386.rpm
        x86_64:
thunderbird-1.5.0.12-16.el4.sl.x86_64.rpm

Troy Dawson

Troy J Dawson wrote:
> Synopsis:       Moderate: thunderbird security update
> Issue date:     2008-10-01
> CVE Names:      CVE-2008-0016 CVE-2008-3835 CVE-2008-4058
>                    CVE-2008-4059 CVE-2008-4060 CVE-2008-4061
>                    CVE-2008-4062 CVE-2008-4065 CVE-2008-4066
>                    CVE-2008-4067 CVE-2008-4068 CVE-2008-4070
> 
> 
> Several flaws were found in the processing of malformed HTML mail content.
> An HTML mail message containing malicious content could cause Thunderbird
> to crash or, potentially, execute arbitrary code as the user running
> Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
> CVE-2008-4061, CVE-2008-4062)
> 
> Several flaws were found in the way malformed HTML mail content was
> displayed. An HTML mail message containing specially crafted content could
> potentially trick a Thunderbird user into surrendering sensitive
> information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)
> 
> A flaw was found in Thunderbird that caused certain characters to be
> stripped from JavaScript code. This flaw could allow malicious JavaScript
> to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)
> 
> Note: JavaScript support is disabled by default in Thunderbird; the above
> issue is not exploitable unless JavaScript is enabled.
> 
> A heap based buffer overflow flaw was found in the handling of cancelled
> newsgroup messages. If the user cancels a specially crafted newsgroup
> message it could cause Thunderbird to crash or, potentially, execute
> arbitrary code as the user running Thunderbird. (CVE-2008-4070)
> 
> Note2: On SL4 this updates fixes the bug that when a URL link is clicked,
> firefox wouldn't start.  Firefox now starts when a URL link is clicked.
> 
> SL 4.x
> 
>      SRPMS:
> thunderbird-1.5.0.12-16.el4.src.rpm
>      i386:
> thunderbird-1.5.0.12-16.el4.i386.rpm
>      x86_64:
> thunderbird-1.5.0.12-16.el4.x86_64.rpm
> 
> SL 5.x
> 
>      SRPMS:
> thunderbird-2.0.0.17-1.el5.src.rpm
>      i386:
> thunderbird-2.0.0.17-1.el5.i386.rpm
>      x86_64:
> thunderbird-2.0.0.17-1.el5.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV