=========================================================== Ubuntu Security Notice USN-382-1 November 16, 2006 mozilla-thunderbird vulnerabilities CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: mozilla-thunderbird 1.5.0.8-0ubuntu0.5.10 Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.8-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.8-0ubuntu0.6.10 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.diff.gz Size/MD5: 451782 957b1eabbb35c399a9150fc148d2c8a1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.dsc Size/MD5: 960 3352ed8872f185027ac3ee354305eafb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 3523838 b6819a1f54c1c543ae2c6835ba477b6c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 190416 761fe8dc15060c09de3013d856b79dd1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 55640 617b95dd76853f2bd5d1abd60ad842d7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 11981580 188bd293b070ff01101e861eceb690a8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 3516580 b4c65509f97bea7dc2c207df0559651d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 183772 f7e72f8793eb681bd521d6963212947c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 51254 9e1e6d825c46a9831fd4643c846ac861 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 10286996 b1314587b5026e585a1da43c03748076 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 3521222 aa373f9cf0e28313312b4d88d34bb2c4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 187110 07ee014b3874b619ab9252292a771d9d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 54826 04072c4224eaa979b52ac0ce1ea2d62d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 11528020 4e67be3b40ef51e8a3a59170a72d51da sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 3518202 3559d6e77167adf6ad24cf2dc0ea980e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 184568 c77f05b16cb004b4b28d08c87c551591 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 52714 d10e66393f273bd011a4b792aec0e1c6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 10768484 49adf33e01df8b16dfae59539a09f6e4 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.diff.gz Size/MD5: 454980 86dc6c3f6e7314db7f1862847aab1746 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.dsc Size/MD5: 960 2d270b24bbe03fc5b642cac8c4183517 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 3528876 4d58793e693a14af93870581bcf5b7d4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 193880 0c731b9fa2fa5556209ed28fdffd59bb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 59120 ea7b9f02aefd49fc79250683fc277783 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 11989558 3ffcc3970cae97b55a6b0ddc09e40b9b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 3520550 2dc76d9073a712a6da29dbd5e1e80d94 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 187250 440d25b5232eab1e15929bf62166ee1a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 54640 8bfe36c400bca1c5fc6a3d6a079d15e7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 10287496 c9e8b30b24ee9c1ea938662ec5c5c829 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 3525980 331fb306bd301e6db588e3ae954682ec http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 190586 6b2cd37ce0d4d218192c1701fedf2d35 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 58236 b9adc16444e5f8a4ba184b896feeddbc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 11560520 bf03db104a8a34d7623719d9bd2d78dd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 3522432 9f608db55c878301303f11dda557b659 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 188046 80a01d132f407d2cc7bed5fa827f6726 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 56134 a9bb35877246b62480313cacdcaaec62 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 10759610 f8311676b1e447d52a059f673c1c8365 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.diff.gz Size/MD5: 454992 495051c8a51c3c76f66110a9cc955da1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.dsc Size/MD5: 960 8de9b896031767eec82c7d4992c6a9ba http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 3528756 59670215a896e4928e90878dc9b04b08 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 194002 8c4679532a5a56d9ae9ef85fc10974b5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 59126 7ae8776fabb53abe898c187cd42b3d05 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 11982018 6b757d203ac93cf892a87ac8ca9a13db i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 3523844 ec316699b80ad08945c58c3c7427aefa http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 188658 beae7465832335242d6da367e8a79019 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 55770 31263c265feb5c09cf2f7a5f692b95e7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 10743540 60f03ab196fcc5160922386b2e0e27d3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 3526062 43038d1a52c353ccb64b0553156673b7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 191106 b8861d5299adce77a280852beffa9e4d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 58784 8c26c48f8cc8cf38bc6a0b5e8212936b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 11690926 b727068e620efa13b2c0cd1d3899e271 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 3522380 3c544b8ac310f5ab3789a9f960a85577 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 188512 314b6bcbf287df8eeba2793fb3b2686c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 56190 35ae6cf2ba9e5c68a16c5bfda8b7f0a3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 10955658 c847b48dfa1e26d4a2da0d8378127f64