SCIENTIFIC-LINUX-ERRATA Archives

November 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 20 Nov 2008 13:29:49 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:	Moderate: thunderbird security update
Issue date:	2008-11-19
CVE Names:	CVE-2008-5014 CVE-2008-5016 CVE-2008-5017
                   CVE-2008-5018 CVE-2008-5021 CVE-2008-5012
                   CVE-2008-5022 CVE-2008-5024

Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018,
CVE-2008-5021)

Several flaws were found in the way malformed HTML mail content was
processed. An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive
information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024)

SL 4.x

     SRPMS:
thunderbird-1.5.0.12-17.el4.src.rpm
     i386:
thunderbird-1.5.0.12-17.el4.i386.rpm
     x86_64:
thunderbird-1.5.0.12-17.el4.x86_64.rpm

SL 5.x

     SRPMS:
thunderbird-2.0.0.18-1.el5.src.rpm
     i386:
thunderbird-2.0.0.18-1.el5.i386.rpm
     x86_64:
thunderbird-2.0.0.18-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2