Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.0620 thunderbird security update 14 February 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-22764 CVE-2022-22763 CVE-2022-22761 CVE-2022-22760 CVE-2022-22759 CVE-2022-22756 CVE-2022-22754 Reference: ESB-2022.0575 ESB-2022.0574 ESB-2022.0567 ESB-2022.0566 Original Bulletin: http://www.debian.org/security/2022/dsa-5074 Comment: CVSS (Max): 7.5 CVE-2022-22764 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5074-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 1:91.6.0-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 1:91.6.0-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIJMJ4ACgkQEMKTtsN8 TjZg5hAAtDpjDaf9UnbuppPpOJVQwjwwVCrnmrmWjt+tgJizuiQ0rPJ80JzsxXLQ TtVtKda96waa2BgX1oSHcfhuJvgib3U7z/0n06JlddsqT0pwasQfXuEpQjQSoncY XWlOBXjsKVIOhuif8NcZEx7KHkOFkqiDeaHB65GEUF4p6ITK5VjfZgaLjPzOjFeB xqX9DENNm1PZcmrc0Lk/Rf5XVgis8H2LCHw+q2WqTd2k344tgTnQ8e4JDytIiuIM Mqsz1QlnNBsmR1l2OAoTMeKVeYGKOfijScDZwFZbWzFj4QEyakf+zHDGRGfkpeZJ KJ4x+1R/FcQO3HYMuE4OnzrQLujkZI1MBQOMNvSr2Rk6CQQ5q9zk9dMxpn2xReCU /UNqNJGS8JVc0KbszpNwNUIlGfec4GQecOcEHSqy+NxAMcHRYZ2ro3lZwt00GXpd DPEOK5cFM+BNFKq0FRjNyv9HVLuNpP6EY2iqnN/DZ0/LQLKp7LDuMgFAUOkR1OEV RcxmeDCf0Q9emNWcT3hk2T0l7CmaWiYPIZwp3BIrpxlqPk1cZ6M4nIEjCysa8ejo J07baQQE0FtYX03rjouzxn6H1By7X3+6Q5VwVEwuzgppb5Nn0bP8NUwrGgK1v6Wk JmZkzTHtmYCQDTJACuLdu9ZiRRcI4/C/kBPBrr16jOeWqKyNIGY= =CMy4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYgmheONLKJtyKPYoAQijshAAnvqoq2Mtpboot8PdGW7Ro9B/TRk+fwRC 6KXt3P51pIHKo5RfGYsfT9r/CJTu8LlE+j6hOGmPW49Xp2eALFFBKBPvYnjSsnqa 5xdrJ3m70OHNk52pKaIUkhZj75TQHoNAGUCOKSJZXqMmo7M9sg8BfGSHd1uLvf4b QD8Vi5NzAcA0RQPg29pB42KwhXWIfKZnzayLAnXkG9S9YD5wW556ZSBs1RnITvLx 6JdswR31+XlSHu+LJcH3MblOm1Cggme08kNwqkjCRe9nF5VWaID8lmhXBKQ7Gxvr fNn0TpKYXwoHhUL3yc1xs1OfOoPVB3PdpaqGsNKD+pAUeDqlmdqdbh5Tmp8PlWwY InAJbs4yWmej2FB1+zHyuThKva0/BkVLFM2HJU4pQtJyk73/0pTZLaAUeinYWBgl VBWJFVC2p1KvDYlDcyFYt4JGuXO75s0Rpk4xuc3jq+urVvQiImUt71OgG0dnzJ12 ZAM641VEcnvSGUx/ZVSuzvUy6kYfoTDN5Px/sJhfZkeKieu/gUFvZUaiOUHzbALY ulK8KMsTGzZe1CeJ2s62p8tmwGPqRdQ8aROyMxPV8e3e8E+ABYQSucKxrB7MPght tnZTIGsYpXnrtIrP6gUJzF0OyLDXwG2tkziXukyk3eOV8EOznYpStbj5zv+3EL2A RobSMrvX/30= =sxnF -----END PGP SIGNATURE-----