Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2311
thunderbird security update
26 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2023-29550 CVE-2023-29548 CVE-2023-29541
CVE-2023-29539 CVE-2023-29536 CVE-2023-29535
CVE-2023-29533 CVE-2023-29479 CVE-2023-28427
CVE-2023-1945 CVE-2023-0547
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2023/04/msg00027.html
Comment: CVSS (Max): 8.2 CVE-2023-28427 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVSS Source: [NVD], Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3400-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 24, 2023 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : thunderbird
Version : 1:102.10.0-1~deb10u1
CVE ID : CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479
CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539
CVE-2023-29541 CVE-2023-29548 CVE-2023-29550
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
For Debian 10 buster, these problems have been fixed in version
1:102.10.0-1~deb10u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmRGQ+sACgkQnUbEiOQ2
gwIpIA//XGLkMcgqt5zCiav0g64p7OAj13MPZHq2XSjcsYSHBsieetOR5tkUoDvo
HVT+i5ckbFkFXZzlnMaFTO05pnwoc5NGUlI066KOur5P73B/nehP+BmlqZRcfvNL
fQiHNVmqyraSk72rL7prnzerXivWtpqA3uRcbG9z0C2NXae1ArnuPjEM1KC4lJ63
1D8IUwUvw2fqDo+Dn/b+tpFbORrgtakn4Rh+3JEL/UNa2L1o2t9/oL2mZlvcBzbj
DFu4n4JYKDDXAAqt4XYI358JUAPh4Of4VVg4kl61fnNb2vtqQopQhuJy4Q3x5i4o
8z4pMJCWdQcRYY7JtEZgnG99vx2k76UVw1yq26G+8SRUA4NX9/2cEVq8v0MRhluf
GomdBZ+kmqbrOmtReFiKycAJwKi3wHq1/1Zdj/KXF/nfsCrq6QRFj0KqjqTz/2XB
hSXu4swRSk19mfcELWLkyDQ2XlsNNORJ3FxyZREzS+CVFt7eFDBf4QInaHoTGzAx
VZJqUfreuTz1FDuRY3422xy0OKpRo0ptT7jAl7jZPLSVBy32fRapHOLK7nCeldld
/aMdmdn3H2+cCmpOTEPHc4copjFurV6PTQBO4A4SDtogEYiVcVn65SwEfuzVCHBz
AlhLuIWRyRUpry6jIkosaq3vHUObNyMdoJKeSXKI5OOtuEjFs4U=
=gEus
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZEhrhskNZI30y1K9AQi2xw//UdeqzhcuhhN02pEPWnNE23xxOgb4PhIp
JHJ9+r/juWH/aqEsV8F05oDa6wIIxWo3PGJM5edirMj254vvvOwlrFVxi5SeMleu
udo1e/2ymejGJSx3+vW/mv/vjolV3jm5wCCPyoEnI9blStwDSaOJBvtGK5Vy68MP
YSB74aUrkklvLCwh0XyqBe3m2WH4esTfVU97EsIN17pZIKmR8E32/bpa5rfR9KeD
MuM/SIAi/HNIQPEz6IEwkyGlwMqxdwd65SIto/C+Tyd2KvksScD3+bQDU7WqmLs7
zZh1xEBdpkzpxAgMGhyBpKKeZerJFcqJtr5YUSlmiqno4TaxiE323j4cjUCvvqt+
w8VGEvjfmdnupigw6km48eMGlizqyt4n4Wa8NeI8hj2slJACVaEyzbc+po+LBE7g
A0l48uVYUEUXli2wDHW9SUkpI6KgP6rw35a4ZKp12e373oyXxVWchF4JFF7DODXt
o+jP08sUlYamJbo7VgVCEug8gTrflEYlNMokZttR1wfCiGZhbBoWiLArn3Cl1C/P
lMUWhxh/cpYJoC9ey8CWChhsxQ9vZgXjYtc8bg2qodB/FuiTfzxaBZwEri7uJoZd
AsBG2H6aYqyIHyntpyj8rweZdtAMkrAZjKNpZNsy4AgxMTmJuwWAIKUDLlQE/Jku
+W9Acohleck=
=ieU6
-----END PGP SIGNATURE-----