dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, January 2, 2007

Jan 03, 2007, 04:45 (0 Talkback[s])

Fedora Core


Fedora Update Notification
FEDORA-2006-004
2007-01-02

Product : Fedora Core 5
Name : thunderbird
Version : 1.5.0.9
Release : 2.fc5
Summary : Mozilla Thunderbird mail/newsgroup client

Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.


Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; this issue is not exploitable without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)

Several flaws were found in the way Thunderbird renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6497)

A heap based buffer overflow flaw was found in the way Thunderbird parses the Content-Type mail header. A malicious mail message could cause the Thunderbird client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6505)

Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.9 that corrects these issues.


  • Tue Dec 19 2006 Matthias Clasen <mclasen@redhat.com> 1.5.0.9-2
    • Add a Requires: launchmail (#219884)
  • Tue Dec 19 2006 Christopher Aillon <caillon@redhat.com> 1.5.0.9-1
    • Update to 1.5.0.9
    • Take firefox's pango fixes
    • Don't offer to import...nothing.
  • Tue Nov 7 2006 Christopher Aillon <caillon@redhat.com> 1.5.0.8-1
    • Update to 1.5.0.8
    • Allow choosing of download directory
    • Take the user to the correct directory from the Download Manager.
    • Patch to add support for printing via pango from Behdad.
  • Sun Oct 8 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-4
    • Default to use of system colors
  • Wed Oct 4 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-3
    • Bring the invisible character to parity with GTK+
  • Wed Sep 27 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-2
    • Fix crash when changing gtk key theme
    • Prevent UI freezes while changing GNOME theme
    • Remove verbiage about pango; no longer required by upstream.
  • Wed Sep 13 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-1
    • Update to 1.5.0.7
  • Thu Sep 7 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-8
    • Shuffle order of the install phase around
  • Thu Sep 7 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-7
    • Let there be art for Alt+Tab again
    • s/tbdir/mozappdir/g
  • Wed Sep 6 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-6
    • Fix for cursor position in editor widgets by tagoh and behdad (#198759)
  • Tue Sep 5 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-5
    • Update nopangoxft.patch
    • Fix rendering of MathML thanks to Behdad Esfahbod.
    • Update start page text to reflect the MathML fixes.
    • Enable pango by default on all locales
    • Build using -rpath
    • Re-enable GCC visibility
  • Thu Aug 3 2006 Kai Engert <kengert@redhat.com> - 1.5.0.5-4
    • Fix a build failure in mailnews mime code.
  • Tue Aug 1 2006 Matthias Clasen <mclasen@redhat.com> - 1.5.0.5-3
    • Rebuild
  • Thu Jul 27 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-2
    • Update to 1.5.0.5
  • Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.5.0.4-2.1
    • rebuild
  • Mon Jun 12 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-2
    • Update to 1.5.0.4
    • Fix desktop-file-utils requires

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d4f33e774063d935dca0c06e9c54b6e09021a126 SRPMS/thunderbird-1.5.0.9-2.fc5.src.rpm
d4f33e774063d935dca0c06e9c54b6e09021a126 noarch/thunderbird-1.5.0.9-2.fc5.src.rpm
e201f238ae5b6c03b7a03776f0e24d4420389dcd ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.ppc.rpm
65f263d0713d4700c929a5420b6148688b0c2634 ppc/thunderbird-1.5.0.9-2.fc5.ppc.rpm
075baee3cd3823bb3415d24a3a7f3d5b6b5742f7 x86_64/thunderbird-1.5.0.9-2.fc5.x86_64.rpm
68a8644f2ba6ad5af6e425aabfb7f1601936161e x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.x86_64.rpm
210aad8474c210385462ef9b68c1b6f841a63163 i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.i386.rpm
643faacd27e83ec8676d3054af85479bed335913 i386/thunderbird-1.5.0.9-2.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2007:001
http://www.mandriva.com/security/


Package : libmodplug
Date : January 2, 2007
Affected: 2007.0


Problem Description:

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Updated packages are patched to address this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192


Updated Packages:

Mandriva Linux 2007.0:
c710c50a92587abd6f55078af2da22e7 2007.0/i586/libmodplug0-0.7-7.1mdv2007.0.i586.rpm
4cf79b5be35cdf2e4d22af922140d32e 2007.0/i586/libmodplug0-devel-0.7-7.1mdv2007.0.i586.rpm
68181a6907f78b10d3b0c379ca3fd76b 2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
fe5b2a2b546f98922a124b4f52cbf202 2007.0/x86_64/lib64modplug0-0.7-7.1mdv2007.0.x86_64.rpm
2b10aaf2fefcaef82512b42910d88408 2007.0/x86_64/lib64modplug0-devel-0.7-7.1mdv2007.0.x86_64.rpm
68181a6907f78b10d3b0c379ca3fd76b 2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2007:002
http://www.mandriva.com/security/


Package : kernel
Date : January 2, 2007
Affected: 2007.0


Problem Description:

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

The Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which could allow a local user to cause a Denial of Service (process crash) (CVE-2006-5173).

The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels (CVE-2006-5619).

An integer overflow in the 2.6 kernel prior to 2.6.18.4 could allow a local user to execute arbitrary code via a large maxnum value in an ioctl request (CVE-2006-5751).

A race condition in the ISO9660 filesystem handling could allow a local user to cause a DoS (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures (CVE-2006-5757).

A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets (CVE-2006-6106).

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included such as:

  • added the marvell IDE driver - use a specific driver Jmicron chipsets rather than using a generic one - updated the sky2 driver to fix some network hang issues

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106


Updated Packages:

Mandriva Linux 2007.0:
7eba457234782c9f83c47cd26be3de80 2007.0/i586/kernel-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
80f104e8ff3081e7e868e3482f50fd81 2007.0/i586/kernel-enterprise-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
72964c8645531460b742f9e54d118488 2007.0/i586/kernel-legacy-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
bc52255a4290284600dfc0e97e5797cd 2007.0/i586/kernel-source-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
fbfc24233bf616eab08b247194210fe7 2007.0/i586/kernel-source-stripped-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
e30ec4041c80756ab8e004b6335337cd 2007.0/i586/kernel-xen0-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
4da4e24805a2a2301bf7f97f6e0fb974 2007.0/i586/kernel-xenU-2.6.17.8mdv-1-1mdv2007.0.i586.rpm
0cb62354da7ae0bd1dd6b851bedd9496 2007.0/SRPMS/kernel-2.6.17.8mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c2aca75ee9ca338eb178e51fec0867fc 2007.0/x86_64/evince-0.6.0-1.1mdv2007.0.x86_64.rpm
d4c8250e75b57b227b308e2a975ae13c 2007.0/x86_64/kernel-2.6.17.8mdv-1-1mdv2007.0.x86_64.rpm
3cb5a059bc3d352da95fb285f2c31f80 2007.0/x86_64/kernel-source-2.6.17.8mdv-1-1mdv2007.0.x86_64.rpm
9ff265225b8624a083058b5ec16174c2 2007.0/x86_64/kernel-source-stripped-2.6.17.8mdv-1-1mdv2007.0.x86_64.rpm
23ba072d883bac51179e42df654aba79 2007.0/x86_64/kernel-xen0-2.6.17.8mdv-1-1mdv2007.0.x86_64.rpm
268ac512e41476f1e0df9d94299c317b 2007.0/x86_64/kernel-xenU-2.6.17.8mdv-1-1mdv2007.0.x86_64.rpm
0cb62354da7ae0bd1dd6b851bedd9496 2007.0/SRPMS/kernel-2.6.17.8mdv-1-1mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

rPath Linux

rPath Security Advisory: 2006-0234-2
Published: 2006-12-22
Updated:

2007-01-02 Added thunderbird to advisory Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: firefox=/conary.rpath.com@rpl:devel//1/1.5.0.9-0.1-1
thunderbird=/conary.rpath.com@rpl:devel//1/1.5.0.9-0.1-1

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505
https://issues.rpath.com/browse/RPL-883

Description:

Previous versions of the firefox package are vulnerable to multiple types of attacks, including one that enables an attacker to run arbitrary attacker-provided executable code if JavaScript is enabled.

29 December 2006 Update: The thunderbird package has also been updated to address the same vulnerabilities.