Operating System:

[Debian]

Published:

27 May 2019

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2019.1877 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1877
                        thunderbird security update
                                27 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11698 CVE-2019-11693 CVE-2019-11692
                   CVE-2019-11691 CVE-2019-9820 CVE-2019-9819
                   CVE-2019-9817 CVE-2019-9816 CVE-2019-9800
                   CVE-2019-9797 CVE-2019-7317 CVE-2019-5798
                   CVE-2018-18511  

Reference:         ASB-2019.0082
                   ASB-2019.0055
                   ESB-2019.1870

Original Bulletin: 
   http://www.debian.org/security/2019/dsa-4451

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4451-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 24, 2019                          https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 
                 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 
                 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 
                 CVE-2019-11698

Multiple security issues have been found in Thunderbird: Multiple
vulnerabilities may lead to the execution of arbitrary code or denial of
service.
				 
For the stable distribution (stretch), these problems have been fixed in
version 1:60.7.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWm4ACgkQEMKTtsN8
TjbzCxAAkzMt+0SOM3NCOQ6tLLP1EWDUnRiBvTwq6JfJYRvngfSc2A2oHKLtDPF7
8NNdpvzNyXZUo1ARTMmoK/5slDalTvUF6+11mydrHw2oIasIOuiaxN1N9mRk2nIN
7LF/cZZyu/ghjuoCV10F5BRropCRxGcZUBM1fTmz9RO7YFOvHmn6s+PmJCag6XWy
Iuq3JIP6hNYPTi+UBCU7oaMQD0P9Z1x3QCs/kraYps3dUxH7/o8Kw5Yqa91TsTn9
KiQPoeTTHfwk3n4NKCgczpPW2OZQZncowa9dg9LFd6N0uGOgoy3bCIjR/xYk7fan
VaxbkNX613KHDjZauUCit0MrvlXBxOi4S0jAY5tU5uCvM7EtNat6IozZyxfVcW+/
gGt6a+IUXAGD9Y5IjIklsDMm2aM2Wxx8B+Es4TUw1ihddKrtiQx6e1cYOPUSlsYH
7wgKKrIjwnQJ0B41pTqTKngDaFR9WGnQ2+Mix8OIrDKx7rilNtLnuhRvQ52ZAIoV
5qtzrm4WfuG0OJi5Sql4O7euTbQgnuPWqp448WiRMYtR9mSVMDUOxpG79Fx0R/Hi
TBmSmzMxMPKcFdc0nqELSCi3YArxtsUUjSOrilji60VSwiLItxNZsPPzs94zYirV
+BXY7WOtP26CgkaGhBoUDfU1JL8mwP5+UkHpmgoJbtADT2lBH/o=
=uTpA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXOs0amaOgq3Tt24GAQiEEw/9FvcyRxFa0pAiZ69dPhy7Z0TlHAHv5Jan
bdcX8Fw1v9IROBE1ktZhBO1Nlmh2//mJcklgbhnnvUVohA0m13mXjQ7k4lrmwPZG
mIbsvUNL3HA2ShPgt1VC+wnN9B96W0Thq+w5YE7uNXRCfkWsbXuOdrbcreyGKs4v
1y5dZaS+dYdQer8P0yfylGVuhVr6fWDDxyYi7T6sjeve7URZueY+2I8VuT9dsTZ1
8RSXDPaC3qEzoo9sOQjPVk3JZbh6od2oOOhSJM0yTfP51LGfhIZwY3PULHXUMZp3
8ALMk+cNDFarnbIp6sY4+oo7CisuTYK/EgVufuCjqYtMGKYWsJZX3M2Kzwp5PIKm
J+RyYd6NPVdMMGqGrvJDJgCAZz7E7PmgkPccoI1XzWUkpJ0TLuCdD4bbjwHPqm2i
eqNIUL1gQdVlZhXpJvIM+pQjSpyFz31I5Ev6F8FmbrtRetUia6maidiDL0ZCq2nK
QfUMZJgyo859izFf19sariqz0giiJYzVKG/nJwFYW3qa3q6uXXZ5bx51P9sFC4iA
8YCuNFp2KQ1WrMnXiXL/72x7sMKp51+v5HIdPMVzPckFVk2cnzrATR7rsHKL40lT
AlvvE1JHi8l2qlLNCmYcAJzcg+zmvajSBiZSGPgTyIGrv1ZSeMrXylvpLpPxJ+ve
YXOTlMqMZeY=
=lx9O
-----END PGP SIGNATURE-----