Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, August 2, 2006

Aug 03, 2006, 03:45 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

Debian GNU/Linux

Debian Security Advisory DSA 1134-1 Martin Schulze
August 2nd, 2006

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
CERT advisories: VU#237257 VU#243153 VU#421529 VU#466673 VU#575969
BugTraq ID : 18228

Several security related problems have been discovered in Mozilla which are also present in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:


Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39]


XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35]


Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and "moz_bug_r_a4" demonstrated that the higher privilege level could be passed along to the content-defined attack code. [MFSA-2006-37]


A vulnerability allows remote attackers to execute arbitrary code and create notifications that are executed in a privileged context. [MFSA-2006-43]


Mikolaj Habryn a buffer overflow in the crypto.signText function that allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. [MFSA-2006-38]


Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. This problem has only partially been corrected. [MFSA-2006-32]


An integer overflow allows remote attackers to cause a denial of service and may permit the execution of arbitrary code. [MFSA-2006-32]


Masatoshi Kimura discovered a double-free vulnerability that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a VCard. [MFSA-2006-40]


Chuck McAuley discovered that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]


Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM) is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]


Paul Nickerson discovered that the fix for CAN-2005-0752 can be bypassed using nested javascript: URLs, allowing the attacker to execute privileged code. [MFSA-2005-34, MFSA-2006-36]


Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get JavaScript to run. [MFSA-2006-34]


Kazuho Oku discovered that Mozilla's lenient handling of HTTP header syntax may allow remote attackers to trick the browser to interpret certain responses as if they were responses from two different sites. [MFSA-2006-33]


The Mozilla researcher "moz_bug_r_a4" discovered that JavaScript run via EvalInSandbox can escape the sandbox and gain elevated privilege. [MFSA-2006-31]

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8a.

For the unstable distribution (sid) these problems have been fixed in version and xulrunner for galeon and epiphany.

We recommend that you upgrade your Mozilla Thunderbird packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 999 a7547d54f6c987d16db915709bc5fe44
      Size/MD5 checksum: 453026 eb2d71ba5d15fe803784950a13a47563
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:
      Size/MD5 checksum: 12842296 fa614356eb934f90ae45fa3ed9dd1539
      Size/MD5 checksum: 3278130 4cb654733bfccea8cd3c0df00b5def8c
      Size/MD5 checksum: 151082 c07a4daabd1c05a637520f9a094dc074
      Size/MD5 checksum: 32502 80579d205020032c49770ce3fc7141f6
      Size/MD5 checksum: 88350 3b3e525e54326e8e2d9af8b69904c3a8

AMD64 architecture:
      Size/MD5 checksum: 12251804 deb4396f8cd09c132ff78052ff534f8a
      Size/MD5 checksum: 3279014 7d2f64aba52ea20a7b8cf16a66fff252
      Size/MD5 checksum: 150050 77fdbefdcd0aedbdbccac24e7c81f943
      Size/MD5 checksum: 32488 867701a09fd5bbac7acc1865fbe064b8
      Size/MD5 checksum: 88190 5bdde29214cc86cf4340ed9dd43c68d3

ARM architecture:
      Size/MD5 checksum: 10339868 a60a1c13491b2a0771c8e3517cd25dd8
      Size/MD5 checksum: 3270162 22724283f230b50cf6a173520c420fc1
      Size/MD5 checksum: 142198 7008892dc0bb9bca14978a7e1f09fde9
      Size/MD5 checksum: 32512 3ac5306abd8ecbdd9ba981df3d61db68
      Size/MD5 checksum: 80218 5514acae240f08b8a061176131d2fdb8

Intel IA-32 architecture:
      Size/MD5 checksum: 11565160 23e9aaa2f8f1a62bf43efb7bc815fdcf
      Size/MD5 checksum: 3506098 169af4eda4ae283d48a0b1523b05bdd7
      Size/MD5 checksum: 145716 e63141ba6a893db986bd0e9cbcc575e9
      Size/MD5 checksum: 32480 2d23870e404431d77f83601ec81a7fda
      Size/MD5 checksum: 86962 ea63c9a6e99a6895ad7eb1fe70363b22

Intel IA-64 architecture:
      Size/MD5 checksum: 14618962 f0ae93cc731f61beb0599fac54445460
      Size/MD5 checksum: 3290490 2d16d23f8042bad1273b992861011349
      Size/MD5 checksum: 154412 1b39804a27f4b7dae90e92d7a39d4bb9
      Size/MD5 checksum: 32490 818339f4a6d9e98182975f9d1a834939
      Size/MD5 checksum: 106058 6b1214ef1b42a53af54389da726fd478

HP Precision architecture:
      Size/MD5 checksum: 13561594 b7eb45b4c8829370a58b2d870021024e
      Size/MD5 checksum: 3283714 f65b93a3a73a3dfc62d6f024c259a1db
      Size/MD5 checksum: 152280 06e23e82444cacea77afdc87699f5773
      Size/MD5 checksum: 32496 06a10d18ef8a1bc84b89b3cc50e8cad5
      Size/MD5 checksum: 96308 076063aee6cf91541585b08fdf73a801

Motorola 680x0 architecture:
      Size/MD5 checksum: 10786352 e5c9c4cb536f92fc2cab024541460b8f
      Size/MD5 checksum: 3269592 909c5464deba45d965f5a0612f04becd
      Size/MD5 checksum: 143968 6e45eef4d3241039abe41a638e9f34df
      Size/MD5 checksum: 32522 494885109459853538c84e47c21635ec
      Size/MD5 checksum: 81442 c978cb34ab778b06385814cd4ad51056

Big endian MIPS architecture:
      Size/MD5 checksum: 11941536 ddf753469c129bf3fd2681a9bbc5e81a
      Size/MD5 checksum: 3277166 1f3efa2d140a400ad98b73ba33f6e35c
      Size/MD5 checksum: 146966 a5e221ce8c30ee3a12c1a3d6603c52dd
      Size/MD5 checksum: 32496 05e84094b89573c4aafac9b414bb0d34
      Size/MD5 checksum: 83704 a1006bc20c63a7d51607cc3249a88677

Little endian MIPS architecture:
      Size/MD5 checksum: 11806560 dccdeef719f40ee45b6ea11a2e1d5675
      Size/MD5 checksum: 3278332 12657ea860ed91f17750e30458526dc9
      Size/MD5 checksum: 146522 b528200933d5bcb366959bfb21015b1b
      Size/MD5 checksum: 32496 5956a48e052e31695346398197734eef
      Size/MD5 checksum: 83552 a0a0035eadfb314ebd90a21f4e888275

PowerPC architecture:
      Size/MD5 checksum: 10903816 1590ee6c726500d5cb4f037d29e0a8f8
      Size/MD5 checksum: 3268272 67789b6af42f2b76d578377cc4ff9f3d
      Size/MD5 checksum: 144024 3617dbb5b65f5c1d4317b09626f0be5f
      Size/MD5 checksum: 32500 5807e7e4389796a8dd1b79c9ae07f051
      Size/MD5 checksum: 80232 5f4d117d2108a7c0ab683e6b2756a701

IBM S/390 architecture:
      Size/MD5 checksum: 12697106 ba9085a2f7203579f62e288e3f1dd7ee
      Size/MD5 checksum: 3278522 7b17ff2d80845368acdf7263c1affc50
      Size/MD5 checksum: 150324 943c02d94e672ec2fe94c1303ee2679d
      Size/MD5 checksum: 32484 2cbf34e4da8492fe773465378e069ca6
      Size/MD5 checksum: 88194 e7ccfa32631e9acd0e96146f9c49a176

Sun Sparc architecture:
      Size/MD5 checksum: 11167620 d493999d1fe3f28b0adef98731003ad7
      Size/MD5 checksum: 3273616 2e75bfd4a38e0e92de802c7ed5560f90
      Size/MD5 checksum: 143680 402f90dc28004eb5c6777d1e13946c55
      Size/MD5 checksum: 32500 0534fcca42cbc508c633ec090b875bb1
      Size/MD5 checksum: 82040 ca4a06228ba6980a44b8df8c37b94b0c

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1135-1 Martin Schulze
August 2nd, 2006

Package : libtunepimp
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3600
BugTraq ID : 18961
Debian Bug : 378091

Kevin Kofler discovered several stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging library, which allows remote attacers to cause a denial of service or execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been fixed in version 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 1030 9a4920fa648987c785ca7a90389e26d2
      Size/MD5 checksum: 6370 7398c09a7d071ae47a47d8cf439f98f4
      Size/MD5 checksum: 524889 f1f506914150c4917ec730f847ad4709

Alpha architecture:
      Size/MD5 checksum: 24890 2978735432d84c89ae7298388469f45b
      Size/MD5 checksum: 69628 caebe7ed98abb9434b8271a6a60bbcf3
      Size/MD5 checksum: 183756 59e0e4beba76a472ab2871ff560e43db
      Size/MD5 checksum: 400968 14a5497f7e5a29c7428051f9ac1197db
      Size/MD5 checksum: 7514 ed92833051c36f1834d4c2e8431a995b
      Size/MD5 checksum: 36986 3f20bf702c8afd5c515caedb3577d7c4
      Size/MD5 checksum: 37012 b397a318bf98a9b8a66e92d813ec1417

AMD64 architecture:
      Size/MD5 checksum: 22574 ab767e6a192e3435808cdc3c0f2eba10
      Size/MD5 checksum: 64662 2b13c0f10121799469f5918b9457816c
      Size/MD5 checksum: 167846 c8a9826ed526df5f0b3db91671e86ff8
      Size/MD5 checksum: 309342 989a04b1b26449ccef4534d3b573da3f
      Size/MD5 checksum: 7062 3f59546ad6171eb57027961425008dda
      Size/MD5 checksum: 35350 85910d25472fd6cd765c5ec70eaec73a
      Size/MD5 checksum: 35350 ac75587d5816b4b7f4a8c297960c58de

ARM architecture:
      Size/MD5 checksum: 21328 f0edf637f04bc0569f7d817f7ac4c15f
      Size/MD5 checksum: 60078 11945b07935b831ebc12850951da1814
      Size/MD5 checksum: 252294 1dc8ce3cacbafd0e7724c25534e8c2ac
      Size/MD5 checksum: 429780 d4025de16da2eeba4daf3b8c373a1972
      Size/MD5 checksum: 7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
      Size/MD5 checksum: 30692 deec987c46ef0036daf8da7950250beb
      Size/MD5 checksum: 30704 e80752d9804d728e54cc21f213ebbc85

Intel IA-32 architecture:
      Size/MD5 checksum: 21680 0a120ab21f78a77bb59cb99ca1eb1b8f
      Size/MD5 checksum: 64192 65733e6e2b007c958edddbaa2297ed8c
      Size/MD5 checksum: 172848 aae66182b0509ed6e9b9ef8fc1efe8e9
      Size/MD5 checksum: 295464 bfab73e38dd99e38b6ed3ebc7872521c
      Size/MD5 checksum: 7384 6b0279cb428e28f0c25936f90c171e7e
      Size/MD5 checksum: 32342 815c12dc0d0bda96bcc3e9e667acdfb1
      Size/MD5 checksum: 32346 ead31d0b6cd458c681bee2d4fc894df0

Intel IA-64 architecture:
      Size/MD5 checksum: 27032 4b4867843c38aec3e7d7cab211c50180
      Size/MD5 checksum: 70892 51a6fc495685aa15bca597ba5d49481d
      Size/MD5 checksum: 229114 30d7dd79ef08c59c3dccc707ed4c4149
      Size/MD5 checksum: 404248 4417640aa53c74f2316f117788382668
      Size/MD5 checksum: 7540 86e56a9b5ba5ebac8e1ce08415c81e5c
      Size/MD5 checksum: 41274 5d65583580941d6267755c95bacd6041
      Size/MD5 checksum: 41290 af3f7132986f4f4eea952b6bf48ab86b

HP Precision architecture:
      Size/MD5 checksum: 23038 70f7ff16fa268b83ec8112ea0943eef7
      Size/MD5 checksum: 71002 d4b412a8e7367cbddde555e8bc12b5c4
      Size/MD5 checksum: 202392 b45edc22062afbc716299c70bbde5e62
      Size/MD5 checksum: 372742 113319297131816655e0b4e9884c0512
      Size/MD5 checksum: 7388 90e1630a60eebc1316185ad3f17ecfc2
      Size/MD5 checksum: 37312 9a1702305b151cc90c33fd037d211c40
      Size/MD5 checksum: 37322 e664954cc2797cb6b982234f36a947fc

Motorola 680x0 architecture:
      Size/MD5 checksum: 21260 ad6086a9b25ca8d5fde4dbc23ce9c692
      Size/MD5 checksum: 65180 ecaf5f32f118c3bea03ee72feb3a706a
      Size/MD5 checksum: 173120 94856cac57d86e7a03e3809965f0e788
      Size/MD5 checksum: 294810 7f8a76aabf519488b7e6f566a80cbac4
      Size/MD5 checksum: 7362 b4328d4446b3ac504452637a6fe6bd08
      Size/MD5 checksum: 33760 6fad71c1af6746f309fbe8ba2a6eebbe
      Size/MD5 checksum: 33790 10d2cbfb58b42889a2c163851e99751b

Big endian MIPS architecture:
      Size/MD5 checksum: 23990 dcda0902f1c1124f03e9120ebfde0bfd
      Size/MD5 checksum: 41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
      Size/MD5 checksum: 161176 b7d6241896195d7f314a439b372b127e
      Size/MD5 checksum: 327600 eafb77ad18b8856fe45476197067b8e2
      Size/MD5 checksum: 7488 b93b17c16646f9d2c43d3b713f0e414e
      Size/MD5 checksum: 30832 51f3c2b19ec9e12feca6094bfc1c234c
      Size/MD5 checksum: 30830 075f88566e8bd20c7035ccb6bd5c75c1

Little endian MIPS architecture:
      Size/MD5 checksum: 24010 948df50ac97f84a3e87915cf8e2e1227
      Size/MD5 checksum: 41174 58740675d89c0d3790ec8911e465e101
      Size/MD5 checksum: 159904 17004743326aa4116d39a51f71205d10
      Size/MD5 checksum: 327466 227c0388ec56c7d150d0155ae37c4e70
      Size/MD5 checksum: 7506 bee85b2381fb78193452dd0b59a6ecae
      Size/MD5 checksum: 30530 061f243e1eca9e6f26ef812964907a74
      Size/MD5 checksum: 30550 d3e03c3944ecc11589d63c9f9cfed9f2

PowerPC architecture:
      Size/MD5 checksum: 24732 c9c38d154af36ad28637c763f8dcd117
      Size/MD5 checksum: 65578 99ab71a5594f3f69c3e375da379dc530
      Size/MD5 checksum: 163704 8f7a6aa6a353144c23a8eed9d364251e
      Size/MD5 checksum: 313058 e4b4d41dcea114933b79a2f0acf1e933
      Size/MD5 checksum: 7540 0a87f9037368c2326618c4fca8420823
      Size/MD5 checksum: 34964 2a29738183724ddf8088457795a57044
      Size/MD5 checksum: 34974 195aaf1a53f0419a6333e49e91b0b2cc

IBM S/390 architecture:
      Size/MD5 checksum: 22526 1193ac69323d7c312cd75793087c91b9
      Size/MD5 checksum: 47592 e072c4b460e330972eecc8056ffdf62e
      Size/MD5 checksum: 164408 bacc4965dccb7825f71a52bf61216168
      Size/MD5 checksum: 293254 68deddeeff41080b0e13a8cab173dad0
      Size/MD5 checksum: 7492 1d23ac5ea74763a38833f933141dd0fa
      Size/MD5 checksum: 37268 2cf940107c56c3864fa97013bd21598b
      Size/MD5 checksum: 37252 ac915f3997f66e4c6a94ecee7c6cca37

Sun Sparc architecture:
      Size/MD5 checksum: 21478 93b66545509e935ce3a8be05e71a93c5
      Size/MD5 checksum: 64890 2bfba94ca4422855510dfd2cbdc6ce02
      Size/MD5 checksum: 163392 a65569a7c43e112ab422e0624a1e4bcb
      Size/MD5 checksum: 299368 c2075aa76dac67ab7c82196ae30a63c4
      Size/MD5 checksum: 7518 9d9f6ecf4323f7416adb06ccc22c5533