Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4666.2 thunderbird security update 17 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-17012 CVE-2019-17011 CVE-2019-17010 CVE-2019-17008 CVE-2019-17005 Reference: ESB-2019.4555 ESB-2019.4553 ESB-2019.4552 Original Bulletin: http://www.debian.org/security/2019/dsa-4585 https://lists.debian.org/debian-lts-announce/2019/12/msg00018.html Comment: This bulletin contains two (2) Debian security advisories. Revision History: December 17 2019: Added DLA 2036-1 December 16 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4585-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Debian Bug : 946588 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed in version 1:68.3.0-2~deb9u1. For the stable distribution (buster), these problems have been fixed in version 1:68.3.0-2~deb10u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl32cZIACgkQEMKTtsN8 TjYynQ//exX5RkE39ULzLp87G1mYENpJFyBo3wKDFzCKqSsnyvK/G3OrG4JaMmzO fXmjJ8saKzsx1L8uyGLvF049Gv8WPUINqL+CkFLFX0IPr8rNCsPr3zXlJHnhKD0S eiqcnelt21Mb1U5ze3rV6DGmdvEeVD2UolByNAngE8BeQO7cg9oLTaNKmbcbp594 Bj8lKVYEr/S9nruT5RINhopG3BNTDO0/4pjxyhIHYNG8/4Y5wBbizdpovVcczKsv ELmx6MZDvof1wdqotLG6mU1xiO3+dT+3Cw0bJieI6JX7scGDnLWhxAKEgk6LOOJy tdmm+UBxfzfJAII6TZ1mO7chOZUMBfDEVIAd0QXkPaJGTkx9XJng3SLqc3Db9gc8 NzuFS2IlVOXIPjkIYolmxbjMlWNq4OVBS3GO6Wx6GWat+vdt/dKKhMS1cNoVR0W0 /PogVSm1FxShQz5TK3vviRDGrIfsQe4qoaQar0M9rV4peMX6xiSNK0+nFroplk+u ssul7KNK1K0gffIuAvRO8SZod6iM6gpNrBjkT7ekcW/Cus6NAMSl4b9UbOQyVR8x nJHgvDpwGNSiKgZ1rwE5WQbpCT7tldr+JoCUo7cVHAwnL5/OKpeG+0wRif1LeE2H JdqcQ7vWyEKZSiM3gYNgAJhhN1W/i1hs6vQ/N06oOXTDiPVdPKQ= =sjXR - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------- Hash: SHA256 Package : thunderbird Version : 1:68.3.0-2~deb8u1 CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 1:68.3.0-2~deb8u1. We recommend that you upgrade your thunderbird packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl33d7EACgkQnUbEiOQ2 gwKbZA/+JfVfZPwns+zlBPjozGMrciG2fTROS5f+OlOWRcVYAohbosS2xKco3fHR Lh/iutmiK+pTqKbdiC+9sW2MDfVfdCMS8SmALg9qEQFVyMIXVWAal5OwBlDMdnkL wpd3dKQWlvMtA7AZVc3rLswPu9oCYR0L6J0713TPTw1j9xYRnTQxJv9XKk3wc3Xo E7SuQvsXtBC9SsqF+NBrKfETH8fVEzeFPMw75kouvMAzx+T/rDxq6kXAFc/MdLki CGd+Sj79kWzbx5tw2pOByPmazXz7Eb2F3UCVOdTEMMNnIRjXUC1EET9DIMA6p6ei lwFg6AKHXi+hnEkHLWd6nchzcXrDmcVTNVTtd7v9jWOmAelZcennoCPdoCVn0KJf 2IDVhgar6kevUrvxvICD/4+lIQYDpVAotRx8oY6pb2YKc6T8jKyJSZ+Ct7CKeInV 7fDz/e1Km21obbZquOrOLGYg5/Q0us66/t4glks9TB31p2OcIhaFupo+Opu+ri5Q uIGPoIrKZkiS+Gyp3seFz4/e6AFiRsPNZzO85uGyIAwJioH143UY1aeezCRUNZLQ 7ktVF37va+KI+rS6AX8IvWfr+cjs+WtNJJ8/o4tUOxq/mNjg5IqEFdeJj+rQQ856 AV1rnojXX/goVG3sXLZnMUBochMBwU6Lz5qxBqGq5KYopOT3gOo= =4gAx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXfgZ2GaOgq3Tt24GAQjOBhAAopTQw+55AFCnd9L+TOJmybXaxWNVG5W+ Z0XtAXEIRWooH9gKYA3N7RQmuU1X40qob94nYWii25k/h3Os+ZhOXIbT9KGYesiK T+xsE5FGTgRQHzKHE4RLvWp8u8K96/9qPgrWYXpX4As8pBOvBQBNt6mANTbtFcqv B4oeNngAMHsigy0yQx+H6yb/3ojcMlNA0Jjijz8klTzLJduE/EnmZOpdqp7VB1gF zNx0e33hDX6L9bhgakggKgKGosDz9f6rlbtyzu1SDwKN0gABZPyftnBq14AII6/M yTsBuQDCxbyCY/oD2b4P58RcMP+JK5tgT+iFPdejySq20bpoczvdZ0ROq6ydd407 kGdVIyV0q96yhsjOA/HNG5qRjgMBsKWAbnxkJWLV0PIwKlyUU/AAtgFfOBvKcqKF 6QZQHiof2R6LJFNhoXT4scM6pxAgVFYKlvazIJ6kmahiDPInWBB6bRxeCle9cXdt arlGCio1pcUkh5WBxtW4p/GcRbaC6gWLcLG4AY4iHm9QcS61Wa+PyTSAK/3pKzu9 EHLLfa0spIj9X9IbUsXW5s0IRe0bZI39aPXt6X+/xog2fc9DQV9HbILQWERwwUIM TpmNDGx89Vxev3mWa2iCbISi5gZFWJ5HozIu3C13/BGFL6Le0TKlxLy31pvk0nzo 9gq7PBKZ7Mk= =w9IC -----END PGP SIGNATURE-----