1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Thunderbird regression

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, December 10, 2019 20:10:09
    thunderbird regression

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS

    Summary

    USN-4202-1 caused a regression in Thunderbird.

    Software Description

    * thunderbird - Mozilla Open Source mail and newsgroup client

    Details

    USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading,
    Thunderbird created a new profile for some users. This update
    fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    It was discovered that a specially crafted S/MIME message with an
    inner encryption layer could be displayed as having a valid
    signature in some circumstances, even if the signer had no access
    to the encrypted message. An attacker could potentially exploit
    this to spoof the message author. (CVE-2019-11755)

    Multiple security issues were discovered in Thunderbird. If a user
    were tricked in to opening a specially crafted website in a
    browsing context, an attacker could potentially exploit these to
    cause a denial of service, bypass security restrictions, bypass
    same-origin restrictions, conduct cross-site scripting (XSS)
    attacks, or execute arbitrary code. (CVE-2019-11757,
    CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761,
    CVE-2019-11762, CVE-2019-11763, CVE-2019-11764)

    A heap overflow was discovered in the expat library in
    Thunderbird. If a user were tricked in to opening a specially
    crafted message, an attacker could potentially exploit this to
    cause a denial of service, or execute arbitrary code.
    (CVE-2019-15903)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    thunderbird - 1:68.2.2+build1-0ubuntu0.19.10.1

    Ubuntu 18.04 LTS
    thunderbird - 1:68.2.2+build1-0ubuntu0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart Thunderbird to
    make all the necessary changes.

    References

    * USN-4202-1
    * LP: 1854150

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)