We had a compiling problem on the SL4 x86_64 rpms. It has been fixed and is working now. Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency. No code has been changed. The rpm's were only recompiled. SL 4.x SRPMS: thunderbird-1.5.0.12-14.el4.sl.src.rpm i386: thunderbird-1.5.0.12-14.el4.sl.i386.rpm x86_64: thunderbird-1.5.0.12-14.el4.sl.x86_64.rpm Troy Troy Dawson wrote: > Synopsis: Moderate: thunderbird security update > Issue date: 2008-07-23 > CVE Names: CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 > CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 > CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 > CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 > CVE-2008-2811 > > Multiple flaws were found in the processing of malformed JavaScript > content. An HTML mail containing such malicious content could cause > Thunderbird to crash or, potentially, execute arbitrary code as the user > running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) > > Several flaws were found in the processing of malformed HTML content. An > HTML mail containing malicious content could cause Thunderbird to crash or, > potentially, execute arbitrary code as the user running Thunderbird. > (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) > > Several flaws were found in the way malformed HTML content was displayed. > An HTML mail containing specially-crafted content could, potentially, trick > a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) > > Two local file disclosure flaws were found in Thunderbird. An HTML mail > containing malicious content could cause Thunderbird to reveal the contents > of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) > > A flaw was found in the way a malformed .properties file was processed by > Thunderbird. A malicious extension could read uninitialized memory, > possibly leaking sensitive data to the extension. (CVE-2008-2807) > > A flaw was found in the way Thunderbird escaped a listing of local file > names. If a user could be tricked into listing a local directory containing > malicious file names, arbitrary JavaScript could be run with the > permissions of the user running Thunderbird. (CVE-2008-2808) > > A flaw was found in the way Thunderbird displayed information about > self-signed certificates. It was possible for a self-signed certificate to > contain multiple alternate name entries, which were not all displayed to > the user, allowing them to mistakenly extend trust to an unknown site. > (CVE-2008-2809) > > Note: JavaScript support is disabled by default in Thunderbird. The above > issues are not exploitable unless JavaScript is enabled. > > SL 4.x > > SRPMS: > thunderbird-1.5.0.12-14.el4.src.rpm > i386: > thunderbird-1.5.0.12-14.el4.i386.rpm > x86_64: > thunderbird-1.5.0.12-14.el4.i386.rpm > > SL 5.x > > SRPMS: > thunderbird-2.0.0.16-1.el5.src.rpm > i386: > thunderbird-2.0.0.16-1.el5.i386.rpm > x86_64: > thunderbird-2.0.0.16-1.el5.x86_64.rpm > > -Connie Sieh > -Troy Dawson > > > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________