[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.9-2.fc6
Christopher Aillon
caillon at redhat.com
Wed Dec 20 23:35:14 UTC 2006
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1491
2006-12-20
---------------------------------------------------------------------
Product : Fedora Core 6
Name : thunderbird
Version : 1.5.0.9
Release : 2.fc6
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processes
certain malformed JavaScript code. A malicious web page
could cause the execution of JavaScript code in such a way
that could cause Thunderbird to crash or execute arbitrary
code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird; this issue is not
exploitable without enabling JavaScript. (CVE-2006-6498,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
Several flaws were found in the way Thunderbird renders web
pages. A malicious web page could cause the browser to crash
or possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6497)
A heap based buffer overflow flaw was found in the way
Thunderbird parses the Content-Type mail header. A malicious
mail message could cause the Thunderbird client to crash or
possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6505)
Users of Thunderbird are advised to apply this update, which
contains Thunderbird version 1.5.0.9 that corrects these issues.
---------------------------------------------------------------------
* Tue Dec 19 2006 Matthias Clasen <mclasen at redhat.com> 1.5.0.9-2
- Add a Requires: launchmail (#219884)
* Tue Dec 19 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.9-1
- Update to 1.5.0.9
- Take firefox's pango fixes
- Don't offer to import...nothing.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
b412bd483c481eb2adcb833db850a36c333978bf SRPMS/thunderbird-1.5.0.9-2.fc6.src.rpm
b412bd483c481eb2adcb833db850a36c333978bf noarch/thunderbird-1.5.0.9-2.fc6.src.rpm
5c371d13b3209d5507448e9ebe9078521deac5fe ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.ppc.rpm
a44fb695adca3b8addda5c1331a44aeea1825fb1 ppc/thunderbird-1.5.0.9-2.fc6.ppc.rpm
3cd6cc302db68faa3b1e2505820161fcc6af8efc x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.x86_64.rpm
3452f2cb4e52493ed7ccd23adae523721a3e7c63 x86_64/thunderbird-1.5.0.9-2.fc6.x86_64.rpm
c13038e3e9c6615e5b9896fc0c979a5535d7ea49 i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.i386.rpm
ab9a4abdbad15b2e26b60e112331e5cc2741d1d5 i386/thunderbird-1.5.0.9-2.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list