Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2311 thunderbird security update 26 April 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2023-29550 CVE-2023-29548 CVE-2023-29541 CVE-2023-29539 CVE-2023-29536 CVE-2023-29535 CVE-2023-29533 CVE-2023-29479 CVE-2023-28427 CVE-2023-1945 CVE-2023-0547 Original Bulletin: https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html Comment: CVSS (Max): 8.2 CVE-2023-28427 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3400-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 24, 2023 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : thunderbird Version : 1:102.10.0-1~deb10u1 CVE ID : CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version 1:102.10.0-1~deb10u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmRGQ+sACgkQnUbEiOQ2 gwIpIA//XGLkMcgqt5zCiav0g64p7OAj13MPZHq2XSjcsYSHBsieetOR5tkUoDvo HVT+i5ckbFkFXZzlnMaFTO05pnwoc5NGUlI066KOur5P73B/nehP+BmlqZRcfvNL fQiHNVmqyraSk72rL7prnzerXivWtpqA3uRcbG9z0C2NXae1ArnuPjEM1KC4lJ63 1D8IUwUvw2fqDo+Dn/b+tpFbORrgtakn4Rh+3JEL/UNa2L1o2t9/oL2mZlvcBzbj DFu4n4JYKDDXAAqt4XYI358JUAPh4Of4VVg4kl61fnNb2vtqQopQhuJy4Q3x5i4o 8z4pMJCWdQcRYY7JtEZgnG99vx2k76UVw1yq26G+8SRUA4NX9/2cEVq8v0MRhluf GomdBZ+kmqbrOmtReFiKycAJwKi3wHq1/1Zdj/KXF/nfsCrq6QRFj0KqjqTz/2XB hSXu4swRSk19mfcELWLkyDQ2XlsNNORJ3FxyZREzS+CVFt7eFDBf4QInaHoTGzAx VZJqUfreuTz1FDuRY3422xy0OKpRo0ptT7jAl7jZPLSVBy32fRapHOLK7nCeldld /aMdmdn3H2+cCmpOTEPHc4copjFurV6PTQBO4A4SDtogEYiVcVn65SwEfuzVCHBz AlhLuIWRyRUpry6jIkosaq3vHUObNyMdoJKeSXKI5OOtuEjFs4U= =gEus - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZEhrhskNZI30y1K9AQi2xw//UdeqzhcuhhN02pEPWnNE23xxOgb4PhIp JHJ9+r/juWH/aqEsV8F05oDa6wIIxWo3PGJM5edirMj254vvvOwlrFVxi5SeMleu udo1e/2ymejGJSx3+vW/mv/vjolV3jm5wCCPyoEnI9blStwDSaOJBvtGK5Vy68MP YSB74aUrkklvLCwh0XyqBe3m2WH4esTfVU97EsIN17pZIKmR8E32/bpa5rfR9KeD MuM/SIAi/HNIQPEz6IEwkyGlwMqxdwd65SIto/C+Tyd2KvksScD3+bQDU7WqmLs7 zZh1xEBdpkzpxAgMGhyBpKKeZerJFcqJtr5YUSlmiqno4TaxiE323j4cjUCvvqt+ w8VGEvjfmdnupigw6km48eMGlizqyt4n4Wa8NeI8hj2slJACVaEyzbc+po+LBE7g A0l48uVYUEUXli2wDHW9SUkpI6KgP6rw35a4ZKp12e373oyXxVWchF4JFF7DODXt o+jP08sUlYamJbo7VgVCEug8gTrflEYlNMokZttR1wfCiGZhbBoWiLArn3Cl1C/P lMUWhxh/cpYJoC9ey8CWChhsxQ9vZgXjYtc8bg2qodB/FuiTfzxaBZwEri7uJoZd AsBG2H6aYqyIHyntpyj8rweZdtAMkrAZjKNpZNsy4AgxMTmJuwWAIKUDLlQE/Jku +W9Acohleck= =ieU6 -----END PGP SIGNATURE-----