The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:078
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : April 25, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities have been discovered in the Mozilla
Thunderbird email client that could allow a remote attacker to craft
malicious web emails that could take advantage of these issues to
execute arbitrary code with elevated privileges, spoof content, and
steal local files, or other information. As well, some of these
vulnerabilities can be exploited to execute arbitrary code with the
privileges of the user running the program.
As well, two crasher bugs have been fixed as well.
The updated packages have been patched to fix these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
https://bugzilla.mozilla.org/show_bug.cgi?id'5896
https://bugzilla.mozilla.org/show_bug.cgi?id30900
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
db1cb3f95a9ed5c38eadf84ab15059dd 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.i586.rpm
4ac317574cda9d575725e2001c106c64 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.i586.rpm
c9788a8baa83accaa38a6962d019be16 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.i586.rpm
898658630b23e73046c50de78ae364b1 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
6ceb2686941e208c141d1a339dd87f85 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.x86_64.rpm
57637d19befac214ef7c4c2cef84462d x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.6.20060mdk.x86_64.rpm
f08fe4796dd84bbb9414668f55cbb2b9 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.6.20060mdk.x86_64.rpm
898658630b23e73046c50de78ae364b1 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.6.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEToCCmqjQ0CJFipgRArg/AJ9gLIoUIcy2Ehv85hJOb/AHjleHAwCdGom9
YsIfn/LvyqzAd40BPrKIlCE=
=/HDC
-----END PGP SIGNATURE-----