Skip to navigation

Security Advisory Important: thunderbird security update

Advisory: RHSA-2011:1243-1
Type: Security Advisory
Severity: Important
Issued on: 2011-08-31
Last updated on: 2011-08-31
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact.

Mozilla Thunderbird is a standalone mail and newsgroup client.

It was found that a Certificate Authority (CA) issued a fraudulent HTTPS
certificate. This update renders any HTTPS certificates signed by that
CA as untrusted, except for a select few. The now untrusted certificates
that were issued before July 1, 2011 can be manually re-enabled and used
again at your own risk in Thunderbird; however, affected certificates
issued after this date cannot be re-enabled or used. (BZ#734316)

All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
thunderbird-2.0.0.24-24.el5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: f17743128b12a104c19eaa26f75e4d76
SHA-256: d5dfb7d1ad770bcae1a65b52dee12aea47c59a8800106cb9c7bdea43efb43180
 
IA-32:
thunderbird-2.0.0.24-24.el5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: ba0f05109493f061399293a6afcf0c0e
SHA-256: e026ded9b5249e69bb47cc136e1cd55b9a6643009e870200f56a5f8e7caf3dcd
 
x86_64:
thunderbird-2.0.0.24-24.el5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 9c1ffd81f64423d73c4506498a054251
SHA-256: 35d8e05335c83ccf672a8ff0c5fc116054fd15173c57bf3af3818783a0e9f436
 
Red Hat Desktop (v. 4)

SRPMS:
thunderbird-1.5.0.12-42.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8ced2822a1ff45996575e9353541ca62
SHA-256: 1bae7262aaac325d5e04443c223c40fee60905bea7419eda5c61e35280919e41
 
IA-32:
thunderbird-1.5.0.12-42.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: e9a008e273247cb33d99cc933a337510
SHA-256: caf6dc2bd5cd4d5d60c45ffdaf1dbdce5c7161a0915cdd961d622ad7f798dfb0
 
x86_64:
thunderbird-1.5.0.12-42.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 12ec9c78de0c686257a284cbf695c96b
SHA-256: 39408e00612f43de6721dcc62329f84c3d5bfb3039f893bfdf195382e8c47a2b
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
thunderbird-1.5.0.12-42.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8ced2822a1ff45996575e9353541ca62
SHA-256: 1bae7262aaac325d5e04443c223c40fee60905bea7419eda5c61e35280919e41
 
IA-32:
thunderbird-1.5.0.12-42.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: e9a008e273247cb33d99cc933a337510
SHA-256: caf6dc2bd5cd4d5d60c45ffdaf1dbdce5c7161a0915cdd961d622ad7f798dfb0
 
IA-64:
thunderbird-1.5.0.12-42.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: e57350a85a8e3c64af63a7b588e61ffb
SHA-256: 115495e9652a930344a0ea0ea53f1f05030043088ca65bd47d6ec184202645e6
 
PPC:
thunderbird-1.5.0.12-42.el4.ppc.rpm
File outdated by:  RHSA-2012:0085
    MD5: 32d37764c908656f838d90b7af2ffce2
SHA-256: dfb1da8f5907dcbdb3722cc9ada249a4d6a1f2aaf5410e12d79069dce9528a67
 
s390:
thunderbird-1.5.0.12-42.el4.s390.rpm
File outdated by:  RHSA-2012:0085
    MD5: 450dd6f4a027ee15d72c41aed5c1c37b
SHA-256: 1dbe58d412dc380ec299668c1d7d8ccd48de7c0a256b62edc4ca4cae4cc0c41b
 
s390x:
thunderbird-1.5.0.12-42.el4.s390x.rpm
File outdated by:  RHSA-2012:0085
    MD5: 3d9865f35e9464b46f34a8748c5c51a2
SHA-256: 06c9b3c855ff3538f3fc26bf5bf2d94b8725744e9f612f31d823ef3277fc53b4
 
x86_64:
thunderbird-1.5.0.12-42.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 12ec9c78de0c686257a284cbf695c96b
SHA-256: 39408e00612f43de6721dcc62329f84c3d5bfb3039f893bfdf195382e8c47a2b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
thunderbird-2.0.0.24-24.el5.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: f17743128b12a104c19eaa26f75e4d76
SHA-256: d5dfb7d1ad770bcae1a65b52dee12aea47c59a8800106cb9c7bdea43efb43180
 
IA-32:
thunderbird-2.0.0.24-24.el5.i386.rpm
File outdated by:  RHSA-2014:0316
    MD5: ba0f05109493f061399293a6afcf0c0e
SHA-256: e026ded9b5249e69bb47cc136e1cd55b9a6643009e870200f56a5f8e7caf3dcd
 
x86_64:
thunderbird-2.0.0.24-24.el5.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 9c1ffd81f64423d73c4506498a054251
SHA-256: 35d8e05335c83ccf672a8ff0c5fc116054fd15173c57bf3af3818783a0e9f436
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
thunderbird-3.1.12-2.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: b5b156b908c06e7015b023a3ddc4b5d4
SHA-256: 4dc852c633e97b79a9ab2a678b50a3584b906dcfa78bb5eab66dc622b289fb8f
 
IA-32:
thunderbird-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 7948e71ba0467db95dab0087ec94dd37
SHA-256: 5c6541222d610eba4fd80c138848cfb5d91a0cdc112655d6660eb74dd7bbc4ef
thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3278d61c136b1f28de03dcc234a8792f
SHA-256: d76e933de1a906568e0cb30afb5d78fa6d45b0af2e42b8cfd01a8776f1c9050c
 
x86_64:
thunderbird-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 71638dc99fa4e0ca7a9e6a373333b955
SHA-256: d69d665545bed02ba6b0e02745d1537cf28354d64b1028aafebf66eff6c28c0f
thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a476928e5b15186c9784de1db79d7dfd
SHA-256: 5f14c1161d840418ccc0bab317eb8e482e6a0d8aee8ea2e552407f25a68fa878
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
thunderbird-1.5.0.12-42.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8ced2822a1ff45996575e9353541ca62
SHA-256: 1bae7262aaac325d5e04443c223c40fee60905bea7419eda5c61e35280919e41
 
IA-32:
thunderbird-1.5.0.12-42.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: e9a008e273247cb33d99cc933a337510
SHA-256: caf6dc2bd5cd4d5d60c45ffdaf1dbdce5c7161a0915cdd961d622ad7f798dfb0
 
IA-64:
thunderbird-1.5.0.12-42.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: e57350a85a8e3c64af63a7b588e61ffb
SHA-256: 115495e9652a930344a0ea0ea53f1f05030043088ca65bd47d6ec184202645e6
 
x86_64:
thunderbird-1.5.0.12-42.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 12ec9c78de0c686257a284cbf695c96b
SHA-256: 39408e00612f43de6721dcc62329f84c3d5bfb3039f893bfdf195382e8c47a2b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
thunderbird-3.1.12-2.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: b5b156b908c06e7015b023a3ddc4b5d4
SHA-256: 4dc852c633e97b79a9ab2a678b50a3584b906dcfa78bb5eab66dc622b289fb8f
 
IA-32:
thunderbird-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 7948e71ba0467db95dab0087ec94dd37
SHA-256: 5c6541222d610eba4fd80c138848cfb5d91a0cdc112655d6660eb74dd7bbc4ef
thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3278d61c136b1f28de03dcc234a8792f
SHA-256: d76e933de1a906568e0cb30afb5d78fa6d45b0af2e42b8cfd01a8776f1c9050c
 
PPC:
thunderbird-3.1.12-2.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: dedacbaa47e4ba810e46d35a25cd114e
SHA-256: f0e55a1444280055aa01eb151892d090cdb1fd17375b87ccf84733a3d3a58c2b
thunderbird-debuginfo-3.1.12-2.el6_1.ppc64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 96efc03a1e43eebd99023d9f4ce5ced0
SHA-256: 64b07efdfbd6c5c928d6c3521a042c2ae21e3f159287c0d864d2ee01203a5685
 
s390x:
thunderbird-3.1.12-2.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: 818b3cf60e03b201f392bba6cb2266cd
SHA-256: 43e194cbb5b82b3e63e9d53cd95f5e84607c3ab2237869e84b23dcf47ef56cce
thunderbird-debuginfo-3.1.12-2.el6_1.s390x.rpm
File outdated by:  RHSA-2014:0316
    MD5: dd4b1bde6b2eadf2c43964e461c69906
SHA-256: 8973704fa7362c248b929e8909a6cb5ea547fa97af43ccf4acd4b9589012c7a8
 
x86_64:
thunderbird-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 71638dc99fa4e0ca7a9e6a373333b955
SHA-256: d69d665545bed02ba6b0e02745d1537cf28354d64b1028aafebf66eff6c28c0f
thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a476928e5b15186c9784de1db79d7dfd
SHA-256: 5f14c1161d840418ccc0bab317eb8e482e6a0d8aee8ea2e552407f25a68fa878
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
thunderbird-3.1.12-2.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: b5b156b908c06e7015b023a3ddc4b5d4
SHA-256: 4dc852c633e97b79a9ab2a678b50a3584b906dcfa78bb5eab66dc622b289fb8f
 
IA-32:
thunderbird-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: 7948e71ba0467db95dab0087ec94dd37
SHA-256: 5c6541222d610eba4fd80c138848cfb5d91a0cdc112655d6660eb74dd7bbc4ef
thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2011:1439
    MD5: 3278d61c136b1f28de03dcc234a8792f
SHA-256: d76e933de1a906568e0cb30afb5d78fa6d45b0af2e42b8cfd01a8776f1c9050c
 
PPC:
thunderbird-3.1.12-2.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: dedacbaa47e4ba810e46d35a25cd114e
SHA-256: f0e55a1444280055aa01eb151892d090cdb1fd17375b87ccf84733a3d3a58c2b
thunderbird-debuginfo-3.1.12-2.el6_1.ppc64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 96efc03a1e43eebd99023d9f4ce5ced0
SHA-256: 64b07efdfbd6c5c928d6c3521a042c2ae21e3f159287c0d864d2ee01203a5685
 
s390x:
thunderbird-3.1.12-2.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: 818b3cf60e03b201f392bba6cb2266cd
SHA-256: 43e194cbb5b82b3e63e9d53cd95f5e84607c3ab2237869e84b23dcf47ef56cce
thunderbird-debuginfo-3.1.12-2.el6_1.s390x.rpm
File outdated by:  RHSA-2011:1439
    MD5: dd4b1bde6b2eadf2c43964e461c69906
SHA-256: 8973704fa7362c248b929e8909a6cb5ea547fa97af43ccf4acd4b9589012c7a8
 
x86_64:
thunderbird-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: 71638dc99fa4e0ca7a9e6a373333b955
SHA-256: d69d665545bed02ba6b0e02745d1537cf28354d64b1028aafebf66eff6c28c0f
thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2011:1439
    MD5: a476928e5b15186c9784de1db79d7dfd
SHA-256: 5f14c1161d840418ccc0bab317eb8e482e6a0d8aee8ea2e552407f25a68fa878
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
thunderbird-1.5.0.12-42.el4.src.rpm
File outdated by:  RHSA-2012:0085
    MD5: 8ced2822a1ff45996575e9353541ca62
SHA-256: 1bae7262aaac325d5e04443c223c40fee60905bea7419eda5c61e35280919e41
 
IA-32:
thunderbird-1.5.0.12-42.el4.i386.rpm
File outdated by:  RHSA-2012:0085
    MD5: e9a008e273247cb33d99cc933a337510
SHA-256: caf6dc2bd5cd4d5d60c45ffdaf1dbdce5c7161a0915cdd961d622ad7f798dfb0
 
IA-64:
thunderbird-1.5.0.12-42.el4.ia64.rpm
File outdated by:  RHSA-2012:0085
    MD5: e57350a85a8e3c64af63a7b588e61ffb
SHA-256: 115495e9652a930344a0ea0ea53f1f05030043088ca65bd47d6ec184202645e6
 
x86_64:
thunderbird-1.5.0.12-42.el4.x86_64.rpm
File outdated by:  RHSA-2012:0085
    MD5: 12ec9c78de0c686257a284cbf695c96b
SHA-256: 39408e00612f43de6721dcc62329f84c3d5bfb3039f893bfdf195382e8c47a2b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
thunderbird-3.1.12-2.el6_1.src.rpm
File outdated by:  RHSA-2014:0316
    MD5: b5b156b908c06e7015b023a3ddc4b5d4
SHA-256: 4dc852c633e97b79a9ab2a678b50a3584b906dcfa78bb5eab66dc622b289fb8f
 
IA-32:
thunderbird-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 7948e71ba0467db95dab0087ec94dd37
SHA-256: 5c6541222d610eba4fd80c138848cfb5d91a0cdc112655d6660eb74dd7bbc4ef
thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm
File outdated by:  RHSA-2014:0316
    MD5: 3278d61c136b1f28de03dcc234a8792f
SHA-256: d76e933de1a906568e0cb30afb5d78fa6d45b0af2e42b8cfd01a8776f1c9050c
 
x86_64:
thunderbird-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: 71638dc99fa4e0ca7a9e6a373333b955
SHA-256: d69d665545bed02ba6b0e02745d1537cf28354d64b1028aafebf66eff6c28c0f
thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm
File outdated by:  RHSA-2014:0316
    MD5: a476928e5b15186c9784de1db79d7dfd
SHA-256: 5f14c1161d840418ccc0bab317eb8e482e6a0d8aee8ea2e552407f25a68fa878
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/