Skip to navigation

Security Advisory Critical: thunderbird security update

Advisory: RHSA-2012:0140-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-02-16
Last updated on: 2012-02-16
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3026

Details

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

A heap-based buffer overflow flaw was found in the way Thunderbird handled
PNG (Portable Network Graphics) images. An HTML mail message or remote
content containing a specially-crafted PNG image could cause Thunderbird to
crash or, possibly, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2011-3026)

All Thunderbird users should upgrade to this updated package, which
corrects this issue. After installing the update, Thunderbird must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-3.1.18-2.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02219b7c2956bd056d09e8b0b13807cb
SHA-256: 2e27cccb8018a7dfd4adf163ccc92af6a36489d65a39049b054b1c0e70dfb6ea
 
IA-32:
thunderbird-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f9280c5b9fb44834c3db8baf429e0a45
SHA-256: b8c1b1835bcb007b4b38e2a4dbbcdc3a241a5b6574ff9a4b1e769e223e1ee9bc
thunderbird-debuginfo-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: d28c734ac2f4bc5a781e19fff566a3a4
SHA-256: c4bcbf020bdb0a0ceaf1a85c9014dd09752aeb63daeac44e7fb4bf72792063d0
 
x86_64:
thunderbird-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 917c524067a88ba6d128948639026288
SHA-256: 8a53a9cf2292c3a2663a288f5b3735d073d7d90373f17a2bdc0fa13c28a0273c
thunderbird-debuginfo-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 97348883c03d217965f75fa819692ffa
SHA-256: 386e8a7de7b2a12827079f25fba4b32bb70d5022168ad0c828c6aaba9156db2e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-3.1.18-2.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02219b7c2956bd056d09e8b0b13807cb
SHA-256: 2e27cccb8018a7dfd4adf163ccc92af6a36489d65a39049b054b1c0e70dfb6ea
 
IA-32:
thunderbird-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f9280c5b9fb44834c3db8baf429e0a45
SHA-256: b8c1b1835bcb007b4b38e2a4dbbcdc3a241a5b6574ff9a4b1e769e223e1ee9bc
thunderbird-debuginfo-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: d28c734ac2f4bc5a781e19fff566a3a4
SHA-256: c4bcbf020bdb0a0ceaf1a85c9014dd09752aeb63daeac44e7fb4bf72792063d0
 
PPC:
thunderbird-3.1.18-2.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: b2577063d6fa425c40c348cfff1bf56b
SHA-256: 97ff7db20d13e1def9d1bb06e4973d30a1cf11b888bf142abbf8cb3332921e88
thunderbird-debuginfo-3.1.18-2.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 898f30baea05f6347a9f2f95fb0c9913
SHA-256: cec28fefdb43483b58da2378500175f3b72529436c25bfaf2652df728567b04b
 
s390x:
thunderbird-3.1.18-2.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: d61f1e792c5f96e841528e0e8cb187c4
SHA-256: bbcc4d5bda7254b52615327680252e642b9cf3e5cfb45013a6ecc886f82bebdf
thunderbird-debuginfo-3.1.18-2.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: eff265cb0281eb90c05295aed04a6c52
SHA-256: 68badad6d5b8d15552232650d537a8aec86de533ee1dd70c16f6ca1991216c80
 
x86_64:
thunderbird-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 917c524067a88ba6d128948639026288
SHA-256: 8a53a9cf2292c3a2663a288f5b3735d073d7d90373f17a2bdc0fa13c28a0273c
thunderbird-debuginfo-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 97348883c03d217965f75fa819692ffa
SHA-256: 386e8a7de7b2a12827079f25fba4b32bb70d5022168ad0c828c6aaba9156db2e
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
thunderbird-3.1.18-2.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02219b7c2956bd056d09e8b0b13807cb
SHA-256: 2e27cccb8018a7dfd4adf163ccc92af6a36489d65a39049b054b1c0e70dfb6ea
 
x86_64:
thunderbird-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 917c524067a88ba6d128948639026288
SHA-256: 8a53a9cf2292c3a2663a288f5b3735d073d7d90373f17a2bdc0fa13c28a0273c
thunderbird-debuginfo-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 97348883c03d217965f75fa819692ffa
SHA-256: 386e8a7de7b2a12827079f25fba4b32bb70d5022168ad0c828c6aaba9156db2e
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
thunderbird-3.1.18-2.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02219b7c2956bd056d09e8b0b13807cb
SHA-256: 2e27cccb8018a7dfd4adf163ccc92af6a36489d65a39049b054b1c0e70dfb6ea
 
IA-32:
thunderbird-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2012:0715
    MD5: f9280c5b9fb44834c3db8baf429e0a45
SHA-256: b8c1b1835bcb007b4b38e2a4dbbcdc3a241a5b6574ff9a4b1e769e223e1ee9bc
thunderbird-debuginfo-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2012:0715
    MD5: d28c734ac2f4bc5a781e19fff566a3a4
SHA-256: c4bcbf020bdb0a0ceaf1a85c9014dd09752aeb63daeac44e7fb4bf72792063d0
 
PPC:
thunderbird-3.1.18-2.el6_2.ppc64.rpm
File outdated by:  RHSA-2012:0715
    MD5: b2577063d6fa425c40c348cfff1bf56b
SHA-256: 97ff7db20d13e1def9d1bb06e4973d30a1cf11b888bf142abbf8cb3332921e88
thunderbird-debuginfo-3.1.18-2.el6_2.ppc64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 898f30baea05f6347a9f2f95fb0c9913
SHA-256: cec28fefdb43483b58da2378500175f3b72529436c25bfaf2652df728567b04b
 
s390x:
thunderbird-3.1.18-2.el6_2.s390x.rpm
File outdated by:  RHSA-2012:0715
    MD5: d61f1e792c5f96e841528e0e8cb187c4
SHA-256: bbcc4d5bda7254b52615327680252e642b9cf3e5cfb45013a6ecc886f82bebdf
thunderbird-debuginfo-3.1.18-2.el6_2.s390x.rpm
File outdated by:  RHSA-2012:0715
    MD5: eff265cb0281eb90c05295aed04a6c52
SHA-256: 68badad6d5b8d15552232650d537a8aec86de533ee1dd70c16f6ca1991216c80
 
x86_64:
thunderbird-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 917c524067a88ba6d128948639026288
SHA-256: 8a53a9cf2292c3a2663a288f5b3735d073d7d90373f17a2bdc0fa13c28a0273c
thunderbird-debuginfo-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2012:0715
    MD5: 97348883c03d217965f75fa819692ffa
SHA-256: 386e8a7de7b2a12827079f25fba4b32bb70d5022168ad0c828c6aaba9156db2e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-3.1.18-2.el6_2.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: 02219b7c2956bd056d09e8b0b13807cb
SHA-256: 2e27cccb8018a7dfd4adf163ccc92af6a36489d65a39049b054b1c0e70dfb6ea
 
IA-32:
thunderbird-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: f9280c5b9fb44834c3db8baf429e0a45
SHA-256: b8c1b1835bcb007b4b38e2a4dbbcdc3a241a5b6574ff9a4b1e769e223e1ee9bc
thunderbird-debuginfo-3.1.18-2.el6_2.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: d28c734ac2f4bc5a781e19fff566a3a4
SHA-256: c4bcbf020bdb0a0ceaf1a85c9014dd09752aeb63daeac44e7fb4bf72792063d0
 
x86_64:
thunderbird-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 917c524067a88ba6d128948639026288
SHA-256: 8a53a9cf2292c3a2663a288f5b3735d073d7d90373f17a2bdc0fa13c28a0273c
thunderbird-debuginfo-3.1.18-2.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 97348883c03d217965f75fa819692ffa
SHA-256: 386e8a7de7b2a12827079f25fba4b32bb70d5022168ad0c828c6aaba9156db2e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/