Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4474 thunderbird security update 18 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-35113 CVE-2020-35111 CVE-2020-26978 CVE-2020-26974 CVE-2020-26973 CVE-2020-26971 CVE-2020-16042 Reference: ESB-2020.4458 ESB-2020.4419 Original Bulletin: https://lists.debian.org/debian-security-announce/2020/msg00222.html https://lists.debian.org/debian-lts-announce/2020/12/msg00024.html Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4815-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak. For the stable distribution (buster), these problems have been fixed in version 1:78.6.0-1~deb10u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/bJSBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R9vw/+IjyYwaBFsLNnB+42mFRQfM6aYrhoOOmCOcfj6iFyEXLZgGEG2Bi1aEs9 VLe6SPOAU4YqnLG/Xu98lkv6eCduWIlboNslASNkidAifFlL2PkLLrtoN1qmWT7k fW34MEWu7Dg0ACagDn+kqgMIwBEKUUFi1wvTUQKYejRG/753Gs3E+BRI+UgFaEEx iIJWOBphUwrLfztllKW4i2rdm2SxVYm4f+PQf2u6ZYGyuue/1XpIfCk8az7gtgWR VuPTqYNJMm7SipqUqRle9tjKzreG+mcsRYR7oAjsx7RcKHgqB17R374RUdDKe4hO Vy+kpli1J2Jxc224bI/dbdyvZta75JVA9si9XYsze4x/RKpX/g2pn/s81wyOGAMX b4tSsVvin9ZRaPGw0d+uwWPNu0SpjxnCBTP5RcpVOnOLITDSaEtI+1nC2hvtyxkE HuFGYXjNIEKuteeAdHw3YL3YLwtXTM11odp25NCfggutBYuiiD8KpGNiRfwZKgM5 gC1MjjveAjIZU5HTWrjciAxFn81AvAYjgt65cIcK1S8a1BgRgoKTU7zPihRHpYsD WltIShZrWBZIzeaVCUBY5WsklIwHcE9RPsGQD/N1Wg2BRwnr2u/QdYwvdFu2j9CY 2UwSuT2qIX8pd50YaMUOc3rlCQiIUvvpl4URJMnY5Gg7bnIic54= =a4Nh - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2497-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 17, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : thunderbird Version : 1:78.6.0-1~deb9u1 CVE ID : CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak. For Debian 9 stretch, these problems have been fixed in version 1:78.6.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/bQz8ACgkQnUbEiOQ2 gwLS8A//SZ4wicKX1ptybn9I1CDiH7ASRI5fX8aMIhoo9tMmTIFlTv9w08vGc8Zq FDGUQgySuhJWnn3QpN+A/EZmS09bkKO3x7SubM+/ku90ekU5xSX5J9Yw9lKEgRlC VaS5p7ZFh0Nwk3Hd0gDz6JizYC0HbXe0JgfeJvnV6hYuGD9kC+ZbFUANRoA7soUT p+helx4FNCrzt11x4PNC+gLF/nohpE5NM1OiBsOI6EwBRvnJht5P3xyb3caU2zuv KqZnZIisjL4n9/NS0rZI4r4L0blzDUnzi/3sxyUqnjmG+EcCK+LNWWo3Cyb+mz6V /KPoTs/7hxcMgoElciDoEZ7yjmCzPfDRkxPARFv8bYA9SeNDC5oCf1UoIXRjq0iL KJyPc9mqzJgcGmllQnXvFo40VwqE443cAbbWed8S7srbsEFRvfkhuvosU7nDDM7r cr3ztkj9rLQLY5JSr+9/2gxZbA689lFV40UQEl/wP6N9nPJ8YlMH+QgJaPfxCXBf NLdv42u30on/ECkBIt4CwxgBScbEnbrvVgs91evoY1Ep+Kqr2fR/iJHGhTKOMJvl KgM1H6d8Mym2QLaQOGNnQ/SkFYNzCLLSzK8zZ/qnRkEFV2VnnDiUOrm93zWaiqv4 LypcwfNTflAiutLnv8YyomZ++zvZRBsu1YNHY6xvzpH5865riqM= =J2cJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9v8lONLKJtyKPYoAQifaw//W51XZsBQZEI1ugyt31T5v0nW+6BdxOjS vJMpx2nX3/Yo2PoSIeDuPcOtr49Tap+8/M3UjL0cDTk7KXNUEjcWomMDkSihE0Jr I/GYGWSMHqQ6t50Dobd0bFliSN7iDrzfMUIHm8E7QGASbhFHkZqXlzozMjWDqxk9 j3PdUvOW4QqYRv9AViUAjG2XBK4p7eJ9FlZoj2p2Ni3Kk9Mv6RLV1o5t62+lF0R1 oVKKaE2WhE9+DMNM9I+65H6AopfpyAM6vEPrUFETW7fZy1K+URFfn7sqNAm/2NJn rDwAvew5JOuII69QcbWE9I4Z6Y7W/RsDrF+Xzn82kg4RoqjwDIyGdbFI3J88PV5y mTvHmg6PVSt29qWSnnuk/Qzou3Fg7toOPCWS4KXU2qPrlv50YOltPUgOP2emg3+p QAWXbfMeVt9DiHmvFeCmYXp9gxK5m+W/BIG4ecf0M1gtI6IHtsgAn6vOstXZ6LQg xL/syWT3J/e8RhO9NPZVx0l5KocrAFJ6V5pspXm+lyfFPeEnAYqCcxFjTq4Xmukz QdbiXA/J2+QRrPtSaKNPQ8LuEaZPSwhk80tlLj+s7gIVIQVa36MfSlYwrW/lmJ+z BPWiTWH1Ws9aw9v5WSX8M3GlNDuVMGUEPrmZMZGOg32EVW5RR4nPXbvRw/G9mBeE wTT6w00qeBc= =vmH7 -----END PGP SIGNATURE-----