FS#6594 : Warning on Thunderbird

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#6594 - Warning on Thunderbird

Attached to Project: Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Wednesday, 14 March 2007, 14:12 GMT
Last edited by Roman Kyrylych (Romashka) - Thursday, 15 March 2007, 13:42 GMT

Task Type	Bug Report
Category	Packages: Current
Status	Closed
Assigned To	Jan de Groot (JGC)
Architecture	not specified
Severity	Medium
Priority	Normal
Reported Version	0.7.2 Gimmick
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

- ------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#12
- ------------------------------------------------------------

Name: thunderbird
Date: 2007-03-07
Severity: Normal
Warning #: 2007-#12

- ------------------------------------------------------------

Product Background
===================

Standalone Mail/News reader

Problem Background
===================

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library. (CVE-2007-0009)

Various flaws have been reported that could allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious web page. (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777)

Impact
======
Malicious SSL web site could potentially ( there aren't exploits, at
this moment )
execute arbitrary code with user's privileges

Problem Packages
===================
Package: thunderbird
Repo: current
Group: network
Unsafe: < 1.5.0.10
Safe: >=1.5.0.10

Package Fix
===================

Upgrade Thunderbird to 1.5.0.10 .

Reference(s)
===================
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777

This task depends upon

Closed by Jan de Groot (JGC)
Monday, 19 March 2007, 14:03 GMT
Reason for closing: Fixed

Comments (1)
Related Tasks (0/0)

Comment by DaNiMoTh (DaNiMoTh) - Monday, 19 March 2007, 13:40 GMT

Thunderbird have been updated, you can close this bug. Thanks

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#6594 - Warning on Thunderbird

Details

Loading...