The Mandriva Security Team published a new security update: MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mozilla-thunderbird
Advisory ID: MDKSA-2005:174
Date: October 6th, 2005
Affected versions: 10.2, 2006.0
______________________________________________________________________
Problem Description:
Updated Mozilla Thunderbird packages fix various vulnerabilities:
The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CAN-2005-2353).
A bug in the way Thunderbird processes XBM images could be used to
execute arbitrary code via a specially crafted XBM image file
(CAN-2005-2701).
A bug in the way Thunderbird handles certain Unicode sequences could be
used to execute arbitrary code via viewing a specially crafted Unicode
sequence (CAN-2005-2702).
A bug in the way Thunderbird makes XMLHttp requests could be abused by
a malicious web page to exploit other proxy or server flaws from the
victim's machine; however, the default behaviour of the browser is to
disallow this (CAN-2005-2703).
A bug in the way Thunderbird implemented its XBL interface could be
abused by a malicious web page to create an XBL binding in such a way
as to allow arbitrary JavaScript execution with chrome permissions
(CAN-2005-2704).
An integer overflow in Thunderbird's JavaScript engine could be
manipulated in certain conditions to allow a malicious web page to
execute arbitrary code (CAN-2005-2705).
A bug in the way Thunderbird displays about: pages could be used to
execute JavaScript with chrome privileges (CAN-2005-2706).
A bug in the way Thunderbird opens new windows could be used by a
malicious web page to construct a new window without any user interface
elements (such as address bar and status bar) that could be used to
potentially mislead the user (CAN-2005-2707).
A bug in the way Thunderbird proceesed URLs on the command line could
be used to execute arbitary commands as the user running Thunderbird;
this could be abused by clicking on a supplied link, such as from an
instant messaging client (CAN-2005-2968).
Tom Ferris reported that Thunderbird would crash when processing a
domain name consisting solely of soft-hyphen characters due to a heap
overflow when IDN processing results in an empty string after removing
non-wrapping chracters, such as soft-hyphens. This could be exploited
to run or or install malware on the user's computer (CAN-2005-2871).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2353
http://www.mozilla.org/security/announce/mfsa2005-59.html
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.mozilla.org/security/announce/mfsa2005-57.html
______________________________________________________________________
Updated Packages:
Mandrivalinux 10.2:
f409c24fe8d4f732a99fff51f9223191 10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.i586.rpm
18250e4ac4d580a595eaeb16fd3b0171 10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.i586.rpm
cbfb90b65746b4fbc0848ddbd01395bf 10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.i586.rpm
aa450bd7d1b82425eeef6506f90f5fb4 10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.i586.rpm
5320178037176424f209415c3862d014 10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm
Mandrivalinux 10.2/X86_64:
07fa1df593b92831b9f6d1a32b0b3362 x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.x86_64.rpm
ca26795c32146dd1ace798189588029f x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-5.1.102mdk.x86_64.rpm
7757608ffe4e89d285bc001bdc8851cb x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-5.1.102mdk.x86_64.rpm
8c386f18a449d78d3917dca387624933 x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-5.1.102mdk.x86_64.rpm
5320178037176424f209415c3862d014 x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-5.1.102mdk.src.rpm
Mandrivalinux 2006.0:
af3330f345b3b92307550a57fb7efa80 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.i586.rpm
9ad77bad0b6c6033e063ed21a8a2cb0b 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.i586.rpm
141909e4e4676c0c8a5525a3e3eb921d 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.i586.rpm
b1db5880eb9ac8792a2f25e547343607 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm
Mandrivalinux 2006.0/X86_64:
b7e7527e98969ff677e2caf013a84ab7 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.x86_64.rpm
87ca5eace6c6823cda7efac54ffe5945 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.x86_64.rpm
8305e439803991791ca1aff020877274 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.x86_64.rpm
b1db5880eb9ac8792a2f25e547343607 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDReYYmqjQ0CJFipgRAsG2AKDxrB+hRoWVefE3oWKpF24qKNxSFQCg3VPa
tPD5MxLMdKTSnycrbjE3h4A=
=1IuT
-----END PGP SIGNATURE-----