Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0032 thunderbird security update 5 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-44538 CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-43529 CVE-2021-43528 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503 CVE-2021-38502 CVE-2021-38500 CVE-2021-38496 CVE-2021-4126 Reference: ESB-2022.0031 ESB-2022.0015 Original Bulletin: http://www.debian.org/lts/security/2022/dla-2874 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2874-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 04, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : thunderbird Version : 1:91.4.1-1~deb9u1 CVE ID : CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures. For Debian 9 stretch, these problems have been fixed in version 1:91.4.1-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmHUHP4ACgkQnUbEiOQ2 gwIdhhAAsYJeGaKX7EakOQSqKqWksvfDg41A+TA01hpygOvfipqGlJl4sBCFHtfm vPY4w6A+RsJWPohOch+DMc9EfXOJ1ivMp0nMMky/8xYYksAQqeThtwBfm2wHWpGT IZAtn5doZe/53P++ejD5xLnCC19oCdBbEHsPj3p6OWzEUByqfPZBAv02lA+0pqqo Mga52gFMI6xy4wmeuQZGtKsyI/hujLbYHnp7Rb8+3uwisb7QkzeVod77z211pGon ifobrw52Bfa0Cb1e9Xesg70TDsZlPPlUnqHaUC5pE+OxS0Vx1G4Eur1+wQ9ao4V8 djlJWhmj1+1wNlSJ91Fsk0UQ+y6cVli4MU5wzIufQ0TdN+hMjQD0nuCejnjhQjPc YNK7jYUwM4+DFGswYdpvoNa2uNtKzsu7sZQW9kfeF7H2uLoJgAUdNRdKrNmUrofQ C4E2CsI3wTQxE9gmWX+LRGKr9r6QF15es7KCEGuFlAToVCh/d6vXF0f9IaH0ZE05 6W4sfcYoj6HKHEcKONuh6codpRceKx6gPgh+2n0pdoUNNlz/AbO0is+SiIInILlI dYSdTxPLK0fZxD+ufi2E9IaQ2VvRg0Y933pQvjn3xbCCk7xehM7TD55LlwfUWPGb /ffeEgwsObhA0cmV3jN6+bvxM9Tbk7DSd4Q30fuqSy8od5Ih0i4= =kFGv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYdTPyONLKJtyKPYoAQjGog/+LjhyETdHsKYG/yJYXAHvSL4vphkHLtBT MZ3YdgbS9gufgFm4fK5Ujbi0QdL90wLEtoF01uEJg1yLxx5u/NkVLzp1NLD8kr/I 0VghZQsAoV+dAPPppLL9250Jq0c+R7b4+AKq61oCkQqogCJppiTQII+lkHbIb0jC OXNVdCWN4Z6QkRzEa7ZXQzXQOP+j8RwssHFkodyBJfZOC+JIuEWPE9sLcz4E0wF2 KRaB/06qBwjZoFGNpEhudo3ir4cDFSJT5vHCpd3dJlv7IhkSyxuH9uBh5mdLO/mr L6h7AbRbc7F3LjghEQx2y+qpBvvY+9KmICdM3fBKADm8RPYJzEDwdWmU50kZhPR5 3QSbFgX1ap1MAcxAyqOS3EzPnIe7Uw3XRkBrhL1ql8Y9w3JcHRDML3PU47j2uIoX 8edzMks309IjKLfJjorDf4AgBk24kLZJIzzpmt3i+Qi7wCw+Bhm4iIuyWKOL/v6k jrQJBkLp5LTQFXwmi1NugoiQG9oNwxF0wL2ljdz/csrtMbBHJ+sGvcSIhM+Ix6xw sMLEUna6s/9jtlrhh0hBH2gNvqzqVmVn5mkUIwH4m1Hk5ifKxzTA1GiND6nJRK2t /oq698jXdbLD1hHsH+83TpdH4xPy0dfTCxqPuDB9P3kSWRxZ0waM3e6dyVnZQQwC 3bV5cd+cSu0= =kkWG -----END PGP SIGNATURE-----