Ubuntu Security Notice 3023-1 - It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
3fe98ccb366eec5429c1c3e2cb265917ff74bc9ce1c34996d652c69f97e7db00
============================================================================
Ubuntu Security Notice USN-3023-1
July 18, 2016
thunderbird vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
It was discovered that NSPR incorrectly handled memory allocation. If a
user were tricked in to opening a specially crafted message, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-1951)
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel=
,
Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson,
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2818)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
thunderbird 1:45.2.0+build1-0ubuntu0.16.04.1
Ubuntu 15.10:
thunderbird 1:45.2.0+build1-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
thunderbird 1:45.2.0+build1-0ubuntu0.14.04.3
Ubuntu 12.04 LTS:
thunderbird 1:45.2.0+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3023-1
CVE-2016-1951, CVE-2016-2818
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:45.2.0+build1-0ubunt=
u0.16.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:45.2.0+build1-0ubunt=
u0.15.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:45.2.0+build1-0ubunt=
u0.14.04.3
https://launchpad.net/ubuntu/+source/thunderbird/1:45.2.0+build1-0ubunt=
u0.12.04.1