Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.0620
thunderbird security update
14 February 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-22764 CVE-2022-22763 CVE-2022-22761
CVE-2022-22760 CVE-2022-22759 CVE-2022-22756
CVE-2022-22754
Reference: ESB-2022.0575
ESB-2022.0574
ESB-2022.0567
ESB-2022.0566
Original Bulletin:
http://www.debian.org/security/2022/dsa-5074
Comment: CVSS (Max): 7.5 CVE-2022-22764 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5074-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760
CVE-2022-22761 CVE-2022-22763 CVE-2022-22764
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
For the oldstable distribution (buster), these problems have been fixed
in version 1:91.6.0-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 1:91.6.0-1~deb11u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIJMJ4ACgkQEMKTtsN8
TjZg5hAAtDpjDaf9UnbuppPpOJVQwjwwVCrnmrmWjt+tgJizuiQ0rPJ80JzsxXLQ
TtVtKda96waa2BgX1oSHcfhuJvgib3U7z/0n06JlddsqT0pwasQfXuEpQjQSoncY
XWlOBXjsKVIOhuif8NcZEx7KHkOFkqiDeaHB65GEUF4p6ITK5VjfZgaLjPzOjFeB
xqX9DENNm1PZcmrc0Lk/Rf5XVgis8H2LCHw+q2WqTd2k344tgTnQ8e4JDytIiuIM
Mqsz1QlnNBsmR1l2OAoTMeKVeYGKOfijScDZwFZbWzFj4QEyakf+zHDGRGfkpeZJ
KJ4x+1R/FcQO3HYMuE4OnzrQLujkZI1MBQOMNvSr2Rk6CQQ5q9zk9dMxpn2xReCU
/UNqNJGS8JVc0KbszpNwNUIlGfec4GQecOcEHSqy+NxAMcHRYZ2ro3lZwt00GXpd
DPEOK5cFM+BNFKq0FRjNyv9HVLuNpP6EY2iqnN/DZ0/LQLKp7LDuMgFAUOkR1OEV
RcxmeDCf0Q9emNWcT3hk2T0l7CmaWiYPIZwp3BIrpxlqPk1cZ6M4nIEjCysa8ejo
J07baQQE0FtYX03rjouzxn6H1By7X3+6Q5VwVEwuzgppb5Nn0bP8NUwrGgK1v6Wk
JmZkzTHtmYCQDTJACuLdu9ZiRRcI4/C/kBPBrr16jOeWqKyNIGY=
=CMy4
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYgmheONLKJtyKPYoAQijshAAnvqoq2Mtpboot8PdGW7Ro9B/TRk+fwRC
6KXt3P51pIHKo5RfGYsfT9r/CJTu8LlE+j6hOGmPW49Xp2eALFFBKBPvYnjSsnqa
5xdrJ3m70OHNk52pKaIUkhZj75TQHoNAGUCOKSJZXqMmo7M9sg8BfGSHd1uLvf4b
QD8Vi5NzAcA0RQPg29pB42KwhXWIfKZnzayLAnXkG9S9YD5wW556ZSBs1RnITvLx
6JdswR31+XlSHu+LJcH3MblOm1Cggme08kNwqkjCRe9nF5VWaID8lmhXBKQ7Gxvr
fNn0TpKYXwoHhUL3yc1xs1OfOoPVB3PdpaqGsNKD+pAUeDqlmdqdbh5Tmp8PlWwY
InAJbs4yWmej2FB1+zHyuThKva0/BkVLFM2HJU4pQtJyk73/0pTZLaAUeinYWBgl
VBWJFVC2p1KvDYlDcyFYt4JGuXO75s0Rpk4xuc3jq+urVvQiImUt71OgG0dnzJ12
ZAM641VEcnvSGUx/ZVSuzvUy6kYfoTDN5Px/sJhfZkeKieu/gUFvZUaiOUHzbALY
ulK8KMsTGzZe1CeJ2s62p8tmwGPqRdQ8aROyMxPV8e3e8E+ABYQSucKxrB7MPght
tnZTIGsYpXnrtIrP6gUJzF0OyLDXwG2tkziXukyk3eOV8EOznYpStbj5zv+3EL2A
RobSMrvX/30=
=sxnF
-----END PGP SIGNATURE-----