Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4666.2
thunderbird security update
17 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux 8
Debian GNU/Linux 9
Debian GNU/Linux 10
Impact/Access: Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-17012 CVE-2019-17011 CVE-2019-17010
CVE-2019-17008 CVE-2019-17005
Reference: ESB-2019.4555
ESB-2019.4553
ESB-2019.4552
Original Bulletin:
http://www.debian.org/security/2019/dsa-4585
https://lists.debian.org/debian-lts-announce/2019/12/msg00018.html
Comment: This bulletin contains two (2) Debian security advisories.
Revision History: December 17 2019: Added DLA 2036-1
December 16 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4585-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 15, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010
CVE-2019-17011 CVE-2019-17012
Debian Bug : 946588
Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code.
For the oldstable distribution (stretch), these problems have been fixed
in version 1:68.3.0-2~deb9u1.
For the stable distribution (buster), these problems have been fixed in
version 1:68.3.0-2~deb10u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl32cZIACgkQEMKTtsN8
TjYynQ//exX5RkE39ULzLp87G1mYENpJFyBo3wKDFzCKqSsnyvK/G3OrG4JaMmzO
fXmjJ8saKzsx1L8uyGLvF049Gv8WPUINqL+CkFLFX0IPr8rNCsPr3zXlJHnhKD0S
eiqcnelt21Mb1U5ze3rV6DGmdvEeVD2UolByNAngE8BeQO7cg9oLTaNKmbcbp594
Bj8lKVYEr/S9nruT5RINhopG3BNTDO0/4pjxyhIHYNG8/4Y5wBbizdpovVcczKsv
ELmx6MZDvof1wdqotLG6mU1xiO3+dT+3Cw0bJieI6JX7scGDnLWhxAKEgk6LOOJy
tdmm+UBxfzfJAII6TZ1mO7chOZUMBfDEVIAd0QXkPaJGTkx9XJng3SLqc3Db9gc8
NzuFS2IlVOXIPjkIYolmxbjMlWNq4OVBS3GO6Wx6GWat+vdt/dKKhMS1cNoVR0W0
/PogVSm1FxShQz5TK3vviRDGrIfsQe4qoaQar0M9rV4peMX6xiSNK0+nFroplk+u
ssul7KNK1K0gffIuAvRO8SZod6iM6gpNrBjkT7ekcW/Cus6NAMSl4b9UbOQyVR8x
nJHgvDpwGNSiKgZ1rwE5WQbpCT7tldr+JoCUo7cVHAwnL5/OKpeG+0wRif1LeE2H
JdqcQ7vWyEKZSiM3gYNgAJhhN1W/i1hs6vQ/N06oOXTDiPVdPKQ=
=sjXR
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------
Hash: SHA256
Package : thunderbird
Version : 1:68.3.0-2~deb8u1
CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011
CVE-2019-17012
Multiple security issues have been found in Thunderbird which could
potentially result in the execution of arbitrary code.
For Debian 8 "Jessie", these problems have been fixed in version
1:68.3.0-2~deb8u1.
We recommend that you upgrade your thunderbird packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl33d7EACgkQnUbEiOQ2
gwKbZA/+JfVfZPwns+zlBPjozGMrciG2fTROS5f+OlOWRcVYAohbosS2xKco3fHR
Lh/iutmiK+pTqKbdiC+9sW2MDfVfdCMS8SmALg9qEQFVyMIXVWAal5OwBlDMdnkL
wpd3dKQWlvMtA7AZVc3rLswPu9oCYR0L6J0713TPTw1j9xYRnTQxJv9XKk3wc3Xo
E7SuQvsXtBC9SsqF+NBrKfETH8fVEzeFPMw75kouvMAzx+T/rDxq6kXAFc/MdLki
CGd+Sj79kWzbx5tw2pOByPmazXz7Eb2F3UCVOdTEMMNnIRjXUC1EET9DIMA6p6ei
lwFg6AKHXi+hnEkHLWd6nchzcXrDmcVTNVTtd7v9jWOmAelZcennoCPdoCVn0KJf
2IDVhgar6kevUrvxvICD/4+lIQYDpVAotRx8oY6pb2YKc6T8jKyJSZ+Ct7CKeInV
7fDz/e1Km21obbZquOrOLGYg5/Q0us66/t4glks9TB31p2OcIhaFupo+Opu+ri5Q
uIGPoIrKZkiS+Gyp3seFz4/e6AFiRsPNZzO85uGyIAwJioH143UY1aeezCRUNZLQ
7ktVF37va+KI+rS6AX8IvWfr+cjs+WtNJJ8/o4tUOxq/mNjg5IqEFdeJj+rQQ856
AV1rnojXX/goVG3sXLZnMUBochMBwU6Lz5qxBqGq5KYopOT3gOo=
=4gAx
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfgZ2GaOgq3Tt24GAQjOBhAAopTQw+55AFCnd9L+TOJmybXaxWNVG5W+
Z0XtAXEIRWooH9gKYA3N7RQmuU1X40qob94nYWii25k/h3Os+ZhOXIbT9KGYesiK
T+xsE5FGTgRQHzKHE4RLvWp8u8K96/9qPgrWYXpX4As8pBOvBQBNt6mANTbtFcqv
B4oeNngAMHsigy0yQx+H6yb/3ojcMlNA0Jjijz8klTzLJduE/EnmZOpdqp7VB1gF
zNx0e33hDX6L9bhgakggKgKGosDz9f6rlbtyzu1SDwKN0gABZPyftnBq14AII6/M
yTsBuQDCxbyCY/oD2b4P58RcMP+JK5tgT+iFPdejySq20bpoczvdZ0ROq6ydd407
kGdVIyV0q96yhsjOA/HNG5qRjgMBsKWAbnxkJWLV0PIwKlyUU/AAtgFfOBvKcqKF
6QZQHiof2R6LJFNhoXT4scM6pxAgVFYKlvazIJ6kmahiDPInWBB6bRxeCle9cXdt
arlGCio1pcUkh5WBxtW4p/GcRbaC6gWLcLG4AY4iHm9QcS61Wa+PyTSAK/3pKzu9
EHLLfa0spIj9X9IbUsXW5s0IRe0bZI39aPXt6X+/xog2fc9DQV9HbILQWERwwUIM
TpmNDGx89Vxev3mWa2iCbISi5gZFWJ5HozIu3C13/BGFL6Le0TKlxLy31pvk0nzo
9gq7PBKZ7Mk=
=w9IC
-----END PGP SIGNATURE-----