Critical: thunderbird security update
| Advisory: | RHSA-2011:0311-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Critical |
| Issued on: | 2011-03-01 |
| Last updated on: | 2011-03-01 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.0.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 |
Details
An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML content.
Malicious HTML content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running Thunderbird.
(CVE-2010-1585, CVE-2011-0053, CVE-2011-0062)
A flaw was found in the way Thunderbird handled malformed JPEG images. An
HTML mail message containing a malicious JPEG image could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2011-0061)
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| thunderbird-3.1.8-4.el6_0.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 8d269441a7ab89d0b856320bcd512389 SHA-256: f15d986f47a0f406403d4ff364f5e9495097772099e1522d4023d397b410b22a |
| IA-32: | |
| thunderbird-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 82670908fa7a648b39e4cab755811ef6 SHA-256: 14e80b3f703b37ac4cdc79f4ec037f53009c6d06242bce5f5a27fd44a2517bcb |
| thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: afbba6f2c214b76ff4ce761ba785ef83 SHA-256: d00c96552964fab013fb8f9b5a0a7901355a66d1ba8a7e072ca8af781ef86259 |
| x86_64: | |
| thunderbird-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: c6542ee8ca332c273fce8c75d3db0437 SHA-256: faf5e96c10193d8c88ee0ad678d95b62b59361b6921e66ecec4dc65d8ce8e7fd |
| thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c1ea6c6da6ed0fec9af477906a54b6f SHA-256: 7294ea311d0bcaaf688db7e19048dba08578e9b19d288270b19a5dfa6f213ef9 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| thunderbird-3.1.8-4.el6_0.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 8d269441a7ab89d0b856320bcd512389 SHA-256: f15d986f47a0f406403d4ff364f5e9495097772099e1522d4023d397b410b22a |
| IA-32: | |
| thunderbird-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 82670908fa7a648b39e4cab755811ef6 SHA-256: 14e80b3f703b37ac4cdc79f4ec037f53009c6d06242bce5f5a27fd44a2517bcb |
| thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: afbba6f2c214b76ff4ce761ba785ef83 SHA-256: d00c96552964fab013fb8f9b5a0a7901355a66d1ba8a7e072ca8af781ef86259 |
| PPC: | |
| thunderbird-3.1.8-4.el6_0.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: 2b6bf766ec1d8a28754cc74c53290491 SHA-256: c762e6616ff53989ccb238e08a63cdebf87d02091ab9026ea5fb915c72dec444 |
| thunderbird-debuginfo-3.1.8-4.el6_0.ppc64.rpm File outdated by: RHSA-2013:0821 |
MD5: cce69c4787bffabc52939390f895141b SHA-256: 8066a454abe1c902210bdf762b1c791baa1dbf9d17e7dc45495c7bb2356b4bb0 |
| s390x: | |
| thunderbird-3.1.8-4.el6_0.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: a3690d5193e4548e410b0d86ab3d7422 SHA-256: a7521a4a87fbdf5fbe429d6289b7a0f511bd8610d2009e392cf6c5dd22fc6a8c |
| thunderbird-debuginfo-3.1.8-4.el6_0.s390x.rpm File outdated by: RHSA-2013:0821 |
MD5: b3b3848b3eebce4abe11cdad170ded74 SHA-256: 6214b804c36f637864a88c3a16e52186f67271d005765afce4273aa2719a954e |
| x86_64: | |
| thunderbird-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: c6542ee8ca332c273fce8c75d3db0437 SHA-256: faf5e96c10193d8c88ee0ad678d95b62b59361b6921e66ecec4dc65d8ce8e7fd |
| thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c1ea6c6da6ed0fec9af477906a54b6f SHA-256: 7294ea311d0bcaaf688db7e19048dba08578e9b19d288270b19a5dfa6f213ef9 |
| Red Hat Enterprise Linux Server EUS (v. 6.0.z) | |
| SRPMS: | |
| thunderbird-3.1.8-4.el6_0.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 8d269441a7ab89d0b856320bcd512389 SHA-256: f15d986f47a0f406403d4ff364f5e9495097772099e1522d4023d397b410b22a |
| IA-32: | |
| thunderbird-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2011:0475 |
MD5: 82670908fa7a648b39e4cab755811ef6 SHA-256: 14e80b3f703b37ac4cdc79f4ec037f53009c6d06242bce5f5a27fd44a2517bcb |
| thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2011:0475 |
MD5: afbba6f2c214b76ff4ce761ba785ef83 SHA-256: d00c96552964fab013fb8f9b5a0a7901355a66d1ba8a7e072ca8af781ef86259 |
| PPC: | |
| thunderbird-3.1.8-4.el6_0.ppc64.rpm File outdated by: RHSA-2011:0475 |
MD5: 2b6bf766ec1d8a28754cc74c53290491 SHA-256: c762e6616ff53989ccb238e08a63cdebf87d02091ab9026ea5fb915c72dec444 |
| thunderbird-debuginfo-3.1.8-4.el6_0.ppc64.rpm File outdated by: RHSA-2011:0475 |
MD5: cce69c4787bffabc52939390f895141b SHA-256: 8066a454abe1c902210bdf762b1c791baa1dbf9d17e7dc45495c7bb2356b4bb0 |
| s390x: | |
| thunderbird-3.1.8-4.el6_0.s390x.rpm File outdated by: RHSA-2011:0475 |
MD5: a3690d5193e4548e410b0d86ab3d7422 SHA-256: a7521a4a87fbdf5fbe429d6289b7a0f511bd8610d2009e392cf6c5dd22fc6a8c |
| thunderbird-debuginfo-3.1.8-4.el6_0.s390x.rpm File outdated by: RHSA-2011:0475 |
MD5: b3b3848b3eebce4abe11cdad170ded74 SHA-256: 6214b804c36f637864a88c3a16e52186f67271d005765afce4273aa2719a954e |
| x86_64: | |
| thunderbird-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2011:0475 |
MD5: c6542ee8ca332c273fce8c75d3db0437 SHA-256: faf5e96c10193d8c88ee0ad678d95b62b59361b6921e66ecec4dc65d8ce8e7fd |
| thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2011:0475 |
MD5: 3c1ea6c6da6ed0fec9af477906a54b6f SHA-256: 7294ea311d0bcaaf688db7e19048dba08578e9b19d288270b19a5dfa6f213ef9 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| thunderbird-3.1.8-4.el6_0.src.rpm File outdated by: RHSA-2013:0821 |
MD5: 8d269441a7ab89d0b856320bcd512389 SHA-256: f15d986f47a0f406403d4ff364f5e9495097772099e1522d4023d397b410b22a |
| IA-32: | |
| thunderbird-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: 82670908fa7a648b39e4cab755811ef6 SHA-256: 14e80b3f703b37ac4cdc79f4ec037f53009c6d06242bce5f5a27fd44a2517bcb |
| thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm File outdated by: RHSA-2013:0821 |
MD5: afbba6f2c214b76ff4ce761ba785ef83 SHA-256: d00c96552964fab013fb8f9b5a0a7901355a66d1ba8a7e072ca8af781ef86259 |
| x86_64: | |
| thunderbird-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: c6542ee8ca332c273fce8c75d3db0437 SHA-256: faf5e96c10193d8c88ee0ad678d95b62b59361b6921e66ecec4dc65d8ce8e7fd |
| thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm File outdated by: RHSA-2013:0821 |
MD5: 3c1ea6c6da6ed0fec9af477906a54b6f SHA-256: 7294ea311d0bcaaf688db7e19048dba08578e9b19d288270b19a5dfa6f213ef9 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
675083 - CVE-2011-0062 Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
675094 - CVE-2010-1585 Mozilla ParanoidFragmentSink allows javascript: URLs in chrome documents (MFSA 2011-08)
675095 - CVE-2011-0061 Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
References
https://www.redhat.com/security/data/cve/CVE-2010-1585.html
https://www.redhat.com/security/data/cve/CVE-2011-0053.html
https://www.redhat.com/security/data/cve/CVE-2011-0061.html
https://www.redhat.com/security/data/cve/CVE-2011-0062.html
https://access.redhat.com/security/updates/classification/#critical
https://www.redhat.com/security/data/cve/CVE-2011-0053.html
https://www.redhat.com/security/data/cve/CVE-2011-0061.html
https://www.redhat.com/security/data/cve/CVE-2011-0062.html
https://access.redhat.com/security/updates/classification/#critical
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
