RedHat has issued an advisory today (October 9): https://rhn.redhat.com/errata/RHSA-2012-1351.html Funda Wang has uploaded updated packages for Mageia 1 and Mageia 2. Advisory: ======================== Updated mozilla-thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188). Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution (CVE-2012-3986, CVE-2012-3991). Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994). Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Thunderbird to execute arbitrary code (CVE-2012-3993, CVE-2012-4184). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188 http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html https://rhn.redhat.com/errata/RHSA-2012-1351.html ======================== Updated packages in core/updates_testing: ======================== mozilla-thunderbird-10.0.8-1.mga1 mozilla-thunderbird-enigmail-10.0.8-1.mga1 nsinstall-10.0.8-1.mga1 mozilla-thunderbird-enigmail-ar-10.0.8-1.mga1 mozilla-thunderbird-enigmail-ca-10.0.8-1.mga1 mozilla-thunderbird-enigmail-cs-10.0.8-1.mga1 mozilla-thunderbird-enigmail-de-10.0.8-1.mga1 mozilla-thunderbird-enigmail-el-10.0.8-1.mga1 mozilla-thunderbird-enigmail-es-10.0.8-1.mga1 mozilla-thunderbird-enigmail-fi-10.0.8-1.mga1 mozilla-thunderbird-enigmail-fr-10.0.8-1.mga1 mozilla-thunderbird-enigmail-it-10.0.8-1.mga1 mozilla-thunderbird-enigmail-ja-10.0.8-1.mga1 mozilla-thunderbird-enigmail-ko-10.0.8-1.mga1 mozilla-thunderbird-enigmail-nb-10.0.8-1.mga1 mozilla-thunderbird-enigmail-nl-10.0.8-1.mga1 mozilla-thunderbird-enigmail-pl-10.0.8-1.mga1 mozilla-thunderbird-enigmail-pt-10.0.8-1.mga1 mozilla-thunderbird-enigmail-pt_BR-10.0.8-1.mga1 mozilla-thunderbird-enigmail-ru-10.0.8-1.mga1 mozilla-thunderbird-enigmail-sl-10.0.8-1.mga1 mozilla-thunderbird-enigmail-sv-10.0.8-1.mga1 mozilla-thunderbird-enigmail-tr-10.0.8-1.mga1 mozilla-thunderbird-enigmail-vi-10.0.8-1.mga1 mozilla-thunderbird-enigmail-zh_CN-10.0.8-1.mga1 mozilla-thunderbird-enigmail-zh_TW-10.0.8-1.mga1 mozilla-thunderbird-ar-10.0.8-1.mga1 mozilla-thunderbird-be-10.0.8-1.mga1 mozilla-thunderbird-bg-10.0.8-1.mga1 mozilla-thunderbird-bn_BD-10.0.8-1.mga1 mozilla-thunderbird-br-10.0.8-1.mga1 mozilla-thunderbird-ca-10.0.8-1.mga1 mozilla-thunderbird-cs-10.0.8-1.mga1 mozilla-thunderbird-da-10.0.8-1.mga1 mozilla-thunderbird-de-10.0.8-1.mga1 mozilla-thunderbird-el-10.0.8-1.mga1 mozilla-thunderbird-en_GB-10.0.8-1.mga1 mozilla-thunderbird-es_AR-10.0.8-1.mga1 mozilla-thunderbird-es_ES-10.0.8-1.mga1 mozilla-thunderbird-et-10.0.8-1.mga1 mozilla-thunderbird-eu-10.0.8-1.mga1 mozilla-thunderbird-fi-10.0.8-1.mga1 mozilla-thunderbird-fr-10.0.8-1.mga1 mozilla-thunderbird-fy-10.0.8-1.mga1 mozilla-thunderbird-ga-10.0.8-1.mga1 mozilla-thunderbird-gd-10.0.8-1.mga1 mozilla-thunderbird-gl-10.0.8-1.mga1 mozilla-thunderbird-he-10.0.8-1.mga1 mozilla-thunderbird-hu-10.0.8-1.mga1 mozilla-thunderbird-id-10.0.8-1.mga1 mozilla-thunderbird-is-10.0.8-1.mga1 mozilla-thunderbird-it-10.0.8-1.mga1 mozilla-thunderbird-ja-10.0.8-1.mga1 mozilla-thunderbird-ko-10.0.8-1.mga1 mozilla-thunderbird-lt-10.0.8-1.mga1 mozilla-thunderbird-nb_NO-10.0.8-1.mga1 mozilla-thunderbird-nl-10.0.8-1.mga1 mozilla-thunderbird-nn_NO-10.0.8-1.mga1 mozilla-thunderbird-pl-10.0.8-1.mga1 mozilla-thunderbird-pt_BR-10.0.8-1.mga1 mozilla-thunderbird-pt_PT-10.0.8-1.mga1 mozilla-thunderbird-ro-10.0.8-1.mga1 mozilla-thunderbird-ru-10.0.8-1.mga1 mozilla-thunderbird-si-10.0.8-1.mga1 mozilla-thunderbird-sk-10.0.8-1.mga1 mozilla-thunderbird-sl-10.0.8-1.mga1 mozilla-thunderbird-sq-10.0.8-1.mga1 mozilla-thunderbird-sv_SE-10.0.8-1.mga1 mozilla-thunderbird-ta_LK-10.0.8-1.mga1 mozilla-thunderbird-tr-10.0.8-1.mga1 mozilla-thunderbird-uk-10.0.8-1.mga1 mozilla-thunderbird-vi-10.0.8-1.mga1 mozilla-thunderbird-zh_CN-10.0.8-1.mga1 mozilla-thunderbird-zh_TW-10.0.8-1.mga1 thunderbird-10.0.8-1.mga2 thunderbird-enigmail-10.0.8-1.mga2 nsinstall-10.0.8-1.mga2 thunderbird-ar-10.0.8-1.mga2 thunderbird-ast-10.0.8-1.mga2 thunderbird-be-10.0.8-1.mga2 thunderbird-bg-10.0.8-1.mga2 thunderbird-bn_BD-10.0.8-1.mga2 thunderbird-br-10.0.8-1.mga2 thunderbird-ca-10.0.8-1.mga2 thunderbird-cs-10.0.8-1.mga2 thunderbird-da-10.0.8-1.mga2 thunderbird-de-10.0.8-1.mga2 thunderbird-el-10.0.8-1.mga2 thunderbird-en_GB-10.0.8-1.mga2 thunderbird-es_AR-10.0.8-1.mga2 thunderbird-es_ES-10.0.8-1.mga2 thunderbird-et-10.0.8-1.mga2 thunderbird-eu-10.0.8-1.mga2 thunderbird-fi-10.0.8-1.mga2 thunderbird-fr-10.0.8-1.mga2 thunderbird-fy-10.0.8-1.mga2 thunderbird-ga-10.0.8-1.mga2 thunderbird-gd-10.0.8-1.mga2 thunderbird-gl-10.0.8-1.mga2 thunderbird-he-10.0.8-1.mga2 thunderbird-hu-10.0.8-1.mga2 thunderbird-id-10.0.8-1.mga2 thunderbird-is-10.0.8-1.mga2 thunderbird-it-10.0.8-1.mga2 thunderbird-ja-10.0.8-1.mga2 thunderbird-ko-10.0.8-1.mga2 thunderbird-lt-10.0.8-1.mga2 thunderbird-nb_NO-10.0.8-1.mga2 thunderbird-nl-10.0.8-1.mga2 thunderbird-nn_NO-10.0.8-1.mga2 thunderbird-pl-10.0.8-1.mga2 thunderbird-pa_IN-10.0.8-1.mga2 thunderbird-pt_BR-10.0.8-1.mga2 thunderbird-pt_PT-10.0.8-1.mga2 thunderbird-ro-10.0.8-1.mga2 thunderbird-ru-10.0.8-1.mga2 thunderbird-si-10.0.8-1.mga2 thunderbird-sk-10.0.8-1.mga2 thunderbird-sl-10.0.8-1.mga2 thunderbird-sq-10.0.8-1.mga2 thunderbird-sv_SE-10.0.8-1.mga2 thunderbird-ta_LK-10.0.8-1.mga2 thunderbird-tr-10.0.8-1.mga2 thunderbird-uk-10.0.8-1.mga2 thunderbird-vi-10.0.8-1.mga2 thunderbird-zh_CN-10.0.8-1.mga2 thunderbird-zh_TW-10.0.8-1.mga2 from SRPMS: mozilla-thunderbird-10.0.8-1.mga1.src.rpm mozilla-thunderbird-l10n-10.0.8-1.mga1.src.rpm thunderbird-10.0.8-1.mga2.src.rpm thunderbird-l10n-10.0.8-1.mga2.src.rpm
CC: (none) => fundawangWhiteboard: (none) => MGA1TOO
All my extensions are working, and I can also still Sign emails with Enigmail. Works same as previous version.
CC: (none) => lemonzest
Forgot to add, Mageia 2, x86_64
URL: (none) => http://lwn.net/Vulnerabilities/519136/
Testing complete using nntp, email, with enigmail Mageia 1 and 2, i586 and x86-64. Could someone from the sysadmin team push the srpms thunderbird-10.0.8-1.mga2.src.rpm thunderbird-l10n-10.0.8-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpms mozilla-thunderbird-10.0.8-1.mga1.src.rpm mozilla-thunderbird-l10n-10.0.8-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated mozilla-thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188). Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution (CVE-2012-3986, CVE-2012-3991). Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994). Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Thunderbird to execute arbitrary code (CVE-2012-3993, CVE-2012-4184). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188 http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html https://rhn.redhat.com/errata/RHSA-2012-1351.html https://bugs.mageia.org/show_bug.cgi?id=7753
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0289
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED