ESB-2019.0040 - [Debian] thunderbird: Execute arbitrary code/commands - Remote with user interaction 2019-01-03

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0040
                        thunderbird security update
                              3 January 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade

Reference:         ESB-2019.0028

Original Bulletin: 
   https://security-tracker.debian.org/tracker/DLA-1624-1

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : thunderbird
Version        : 1:60.4.0-1~deb8u1
CVE ID         : not yet available

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.

For Debian 8 "Jessie", this problem has been fixed in version
1:60.4.0-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlws8kkACgkQnUbEiOQ2
gwIs0RAAumtzhhGmJn/wXD2UcgQ/YYDP4iOcmD4zyp8er/C9VyQL+Alz7ZnXPrzF
xExFV806XhDItS+wEqPmjeK8fhJxcdWcda9DNBYeYIaHfKRspbAb8zyETyDAuRnV
Mmv9GF0ep13BiHxNffP0jLVLyJHPznRfcX3mBew67lpAsniBagyrVH9IqBColacm
HSc7B6WKGN7H3ATm1Y7603+zGNIX2b7IObTDYOIq7VRCQfWnezgk5QH8qepuieB0
fSSzlRC0ejdX01YtHeeEdXOg5R8P+GiUs+TSrMjmj4yYrpTEQFGE+Xo4sow9TnEh
hdfNaVX5FU5JAxBCVb6wi6TCW1ayZULy4CZLn7OCFr3HRSA2/ciKqO7m6vuB+RuN
+j0ukXqpLrpYuY40c+PyExO0Et7IS+WnLudDGPLryGCba8lQa+7ct4PiNdRawv8u
dwS10Z/FikqyVluCmQRqMyiWoseKv7THFTOrHlJ4Tp3ibGrFj3n7hkpmAnJlR81p
hEnm9POJgXuTXqwZ2ZqYjEJyXxDByi42y1e7v1zcTx/NN0VqVEWfX2GdwnPbgN7a
JTOZmTPucJeGU7cv958w2CijIItOgnMCyCHVrUp7UtqmIwFJ9Uy526hHtpYmXvb5
BI14fWmciI0S3Mfp+CCB0D24dawRXaVZvDoVXNOLSrP/5skj5q8=
=8qN5
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXC1LnmaOgq3Tt24GAQivChAA3VhDfqGd8YSFxcGfRsHMNNvfrTJ3/Uoy
yZxf5y7BHU0dtggnMpGITNua/wpJJ1ZPhc1/GR2uN/nDO2+hTv3heehf8+b4DrS/
rGAayavhN0ZhxKKG5YOnyOmDTrLwdb25xv1OIWSzUBcrmzaTJAsxchVgPjn5Z0Wj
KmYwjEE+ZQjUNdaofzfkkwJPGcPwAC7m2prUG2r8wxqdYMmHCm/Kn3fcgDupEbCQ
myApfQAGGxT+yWzTbQQLH0wrRUkotJpyRj0LusPdoaAzV/4DaebyraQJZB8M4gWv
OLK/3UsVvvt1+qKc2y4TMuY5dkyU+JLHovm2oQiGglPDkNJIH18amtSpB7+1tgN2
s8vvAAGWqiYBOIPD8JFGF0XPazJmc360VzkS9CfEp04l3uX4foQLi17R+GtfHiah
ijbiWNeDg1l7wnOCzc6cC4X4vyFVF3oU17vCQ3TBDVjIwYPkkkiDYtmCDePsvaKw
I8jD2Im/6OH4yoqFrg+e5+vXN1SkrH0AmboyrJonj6b/RllXKBgqgAYs91r/FHxG
ypPgdZ5j0L/PZRePEMcHyNz1as7Jw8hjxO217a74yhPau1eZTfWb69BHK+wM0tLW
1RY7IKw8xLM096nSIDOfZx7jE3R3rqE0+WYJxBn0QPuxPr55Q08wtDWFyW3glHXL
j6ADAJN06+w=
=Ad3Q
-----END PGP SIGNATURE-----

« Back to bulletins