=========================================================== Ubuntu Security Notice USN-1011-2 October 28, 2010 thunderbird vulnerability CVE-2010-3765 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2 Ubuntu 9.10: thunderbird 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3 Ubuntu 10.04 LTS: thunderbird 3.0.10+build1+nobinonly-0ubuntu0.10.04.1 Ubuntu 10.10: thunderbird 3.1.6+build1+nobinonly-0ubuntu0.10.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. Details follow: USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2.diff.gz Size/MD5: 135344 65f4200c11b26938606868f62a8d2e9c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2.dsc Size/MD5: 2023 d469c783863d1aa6854f06d9120fc922 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly.orig.tar.gz Size/MD5: 36467375 a952c9895cc90b89f160c4b3694de834 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_all.deb Size/MD5: 60704 a3e34cc47420bc08d6500693dc6a4239 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_all.deb Size/MD5: 60692 58678f544f5e589e05bf8082c1fdd031 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb Size/MD5: 3783938 8c3cb217fd93573e0ef5444fd7c3c1ed http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb Size/MD5: 85598 e1330e49ccd441d22d170083f55cdc58 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_amd64.deb Size/MD5: 12430288 e17ba8ebe6d78c51616676244445d45f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb Size/MD5: 3770650 b9e77865977d27880628b12737771560 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb Size/MD5: 80998 2c80a17d24f08a211634377eb8b9f95a http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_i386.deb Size/MD5: 11005712 427412d5d3b7fd4a0879307ed7ee1675 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb Size/MD5: 3768392 72225aa57e7b2e7ef5aa19ce2156bc3b http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb Size/MD5: 80726 20ff6852e11950aca2bc387af451a7ce http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_lpia.deb Size/MD5: 10846838 55f4216e76a2e649f09f505dde4095ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 3787750 598d436d80e2069996949e0a59295773 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 84000 3291f026b952fbb6bb75295590d8755f http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_powerpc.deb Size/MD5: 12278838 dce8d1367041e0e68ea2562467416a81 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb Size/MD5: 3769106 e9e108c76f54532d44f4d1ecc4bb46d5 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb Size/MD5: 80452 5cb3aee14bbdfe033aceea8219aec5a2 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.2_sparc.deb Size/MD5: 11272312 b07f181effe52741d37374729de193b5 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3.diff.gz Size/MD5: 139794 6178e684a63637e591dcb0c5a51e87d0 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3.dsc Size/MD5: 2016 a87cc283e219d1ef38fc8d41f3f0d58c http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly.orig.tar.gz Size/MD5: 36467375 a952c9895cc90b89f160c4b3694de834 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_all.deb Size/MD5: 62282 2e3eb9e4750760bf4ebdef5bf5b724f9 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_all.deb Size/MD5: 62270 84fa4339f6a6e1e73bdc3b6e5cb04362 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb Size/MD5: 3738524 085c4d8ad03488b31bc9176b39957a69 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb Size/MD5: 62624 ccf69337dfec18809bd21d04a3cb1b56 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_amd64.deb Size/MD5: 12558838 deabe656c3d5fab133909a30fbc2842e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb Size/MD5: 3722498 2886fb6db5dfb050c53a389c8fbd2117 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb Size/MD5: 62622 b8aef7afb9ed066f60963f845012d361 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_i386.deb Size/MD5: 11177956 702ea6e9ce7da1fbed157f50ca7371bb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb Size/MD5: 3720614 3575d74e4f79bced93088e279ac4e082 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb Size/MD5: 62622 28776579a1438dcf5e5fa53623597076 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_lpia.deb Size/MD5: 11024958 e91c5909fa8dd1fce3032d500877ab00 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb Size/MD5: 3729916 e6724eac509597db73d7627143e92c21 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb Size/MD5: 62626 bc84c3ade7e4e284bf6da0b8a361018a http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_powerpc.deb Size/MD5: 12297258 ffee214b87741593f4776c54fa89a727 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb Size/MD5: 3725816 e681691f109e05e9c39c4d43c81f4a9a http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb Size/MD5: 62626 c4b8a7e000bbdad0d2239df26d8c6e5d http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.3_sparc.deb Size/MD5: 11193546 e489fda9685dd5d8775875f69aa05004 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1.diff.gz Size/MD5: 95159 f106080454d7676c4fa99bf696a10af5 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1.dsc Size/MD5: 2419 d729adbc5b0b0ffad42276ba91ded0cb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly.orig.tar.gz Size/MD5: 60902559 d56878bc5134ab5c440c0b7a1d032230 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 64190280 f3e3914f37f7cb1b5b613ed51b467b9f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 5244158 45c21b48950e89c10c82c0ee27880178 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 149124 8ff4cb0e04e8c2faa618138deff8e1a7 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 9292 861e3d74d132293fcbdc26c187b22283 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_amd64.deb Size/MD5: 11391222 e6b7605eaee79a11f9dde41a0c2da8e3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 64537058 ec2dbe88bf69546ca94d96bde4a211b3 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 5312852 8d83fba7e4082a9241d89a59b0261ca2 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 148276 32e3b620b7c70b96dece969bab1d7b2b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 9290 411cd34175930301351c622b2a539d50 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_i386.deb Size/MD5: 10419292 571f515042c417a1182258126acde046 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 67172554 d9556f7acaa3e2f9aea0d841579edf29 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 5241258 708df770a46e8ea2bc4fd624f36a18a3 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 153462 7d4b63bb5bbedd95c43615ea3604df06 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 9294 cda8e1df7151dd2fb8dbb4359c48b59b http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_powerpc.deb Size/MD5: 11271258 788de99c10e1a9461ac27f3fd976eb35 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 63720598 227b2df2b84411603073ca401c051e1e http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 5221140 0f62d3ed8961ba99336e3d4bb9c5e372 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 144382 a8ec1427b26f47d38a11ee7101348f80 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 9296 1c1bca56a179eda092b72c847d276327 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.10+build1+nobinonly-0ubuntu0.10.04.1_sparc.deb Size/MD5: 10529432 b4d59156206a1f3a7439c0b6e5296eda Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1.diff.gz Size/MD5: 98232 b2dc8ac011b072853f4cd498e3e65fcc http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1.dsc Size/MD5: 2468 ce3e808db8b45c8a56cb80378710c98f http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly.orig.tar.gz Size/MD5: 66540747 46dca1bd27f0dc400998914f92447c36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb Size/MD5: 62593152 c4874b01482a32364a896701461c3ddf http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb Size/MD5: 5002236 0b64fddc48bad18820413944d81cf860 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb Size/MD5: 181306 27211d6a1d1bebd1d69fe8e6e4a07693 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb Size/MD5: 9376 e9698f308cc3aaa9840cf24aed579418 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_amd64.deb Size/MD5: 12042628 2bcc2525f79592ab59dafa483a5c8e5b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb Size/MD5: 63132362 3cc813280f4f8ed0f03cdf209455827b http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb Size/MD5: 5141838 e8f55094bd63027f7cf4de71954eaef2 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb Size/MD5: 180428 ead1a493de66441def0552ad58f1c293 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb Size/MD5: 9374 94f851743f1aa6a3ff7774e6ee7f70f3 http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_i386.deb Size/MD5: 11061082 9568e3a98f2f4c09ac29e93aa2ce3b6f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb Size/MD5: 65393692 badbe7f0fb00fc21e7cf9291c62bd0df http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb Size/MD5: 4975196 8eb461385dd0f82a6b07df1d7970b265 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb Size/MD5: 187098 2d25ffda1e0fc7625b90fbb4c7d60ee6 http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb Size/MD5: 9378 d99180fde27fe717b91599a2a87433aa http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.1.6+build1+nobinonly-0ubuntu0.10.10.1_powerpc.deb Size/MD5: 11745172 c359630cc9e639685a664d15bd21686a