-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:155-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mozilla-thunderbird Date : July 27, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811). This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. Update: The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811 http://www.mozilla.org/security/announce/2008/mfsa2008-14.html http://www.mozilla.org/security/announce/2008/mfsa2008-15.html http://www.mozilla.org/security/announce/2008/mfsa2008-21.html http://www.mozilla.org/security/announce/2008/mfsa2008-24.html http://www.mozilla.org/security/announce/2008/mfsa2008-25.html http://www.mozilla.org/security/announce/2008/mfsa2008-26.html http://www.mozilla.org/security/announce/2008/mfsa2008-29.html http://www.mozilla.org/security/announce/2008/mfsa2008-31.html http://www.mozilla.org/security/announce/2008/mfsa2008-33.html http://www.mozilla.org/security/announce/2008/mfsa2008-34.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9b079aaab7972ae365fbd4c3b97d482d 2008.0/i586/mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.0.i586.rpm 99128dfcc40c1b3dfb586ccc310ee6f8 2008.0/i586/mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.0.i586.rpm 28c70fc0c4042c76b9d68dfb701d7b55 2008.0/i586/mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.0.i586.rpm eff1fc27e4b70ea78687d4ac45ab084f 2008.0/i586/mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.0.i586.rpm 917d22cbad9f7b30a289e621e0ffe1c3 2008.0/i586/mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.0.i586.rpm bd564d29f3bf9caf55be3838db3a7b91 2008.0/i586/mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.0.i586.rpm e4893c48d9a7fd6a3154a8d11d65b233 2008.0/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.0.i586.rpm 44678fd3b88d9f9947b1307008df26d7 2008.0/i586/mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.0.i586.rpm 2f8f15dbbd0ff3891a93f58967de846e 2008.0/i586/mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.0.i586.rpm 0c2dd8ffaf6c3713d8ad807bcd2c3ac4 2008.0/i586/mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.0.i586.rpm cae48d26eac5a12471d808328ab5207e 2008.0/i586/mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.0.i586.rpm 6f150b8c30856669374be70ce6250576 2008.0/i586/mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.0.i586.rpm 7b4a97e139ff84f99d01315a4db5c902 2008.0/i586/mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.0.i586.rpm eb10016213cfcc76837c3b3a781c6e54 2008.0/i586/mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.0.i586.rpm afc68cd7975a95b34d360b53d3f177c3 2008.0/i586/mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.0.i586.rpm 8a17a11dbe4ed02f5f360545ece83e9e 2008.0/i586/mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.0.i586.rpm 5ac47a7949b9e680ab5e8cbb6d713c3a 2008.0/i586/mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.0.i586.rpm 15ee426650afed7b0fcd5a600b13955b 2008.0/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.0.i586.rpm a76ca0a3c52025165d339dc10287cebc 2008.0/i586/mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.0.i586.rpm 9e533b0e5cffe3091e73ff7c27e95161 2008.0/i586/mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.0.i586.rpm 28d43d6a2374d0a214ca2d80343cd704 2008.0/i586/mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.0.i586.rpm ebb287a66ef1dac3556bcde2724ce718 2008.0/i586/mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.0.i586.rpm 99b0cdd29ef8814614b643f804b16044 2008.0/i586/mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.0.i586.rpm d9f7791aa51014a909476383830473a3 2008.0/i586/mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.0.i586.rpm d209aacc3aaef9e2dc0650083e5fdc5c 2008.0/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.0.i586.rpm 91959bab04537cc4b28b07d57090b54f 2008.0/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.0.i586.rpm 59a1896fe2aae393cc389058967d51fc 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.16-1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 85fe2f8cffc914d4c476364f9c1154aa 2008.0/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.0.x86_64.rpm a0cc36f7307aab48e9d207bf697b7b48 2008.0/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.0.x86_64.rpm c0961b595c5fe5c7f833fbf643322fbd 2008.0/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.0.x86_64.rpm a3ddb4a14442c59ef03a8fcb914c647a 2008.0/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.0.x86_64.rpm 40a8b09b0fea07492028b4eb23feefc6 2008.0/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.0.x86_64.rpm 122982cb5218f389f6a8bc46d3dd0bed 2008.0/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.0.x86_64.rpm c3ddd3e41fc46ca9f0c48aa63fb05418 2008.0/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.0.x86_64.rpm b25a12bde840b3421aa9cfc301bb16c2 2008.0/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.0.x86_64.rpm d6f71835be1910783fe461d4212b283e 2008.0/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.0.x86_64.rpm 28cd85cd3540611b990d23dc931d227a 2008.0/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.0.x86_64.rpm 3ab40b1c903d04017e2b483f6161ea0a 2008.0/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.0.x86_64.rpm a508d6bc8aabbc5f9119cc76a03ad3b8 2008.0/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.0.x86_64.rpm 1a579a83e32bc41e580c02ca63e39604 2008.0/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.0.x86_64.rpm bbf505d2a5764c3d51c7f70f216af449 2008.0/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.0.x86_64.rpm 651334095f18aa92a6d763e874d418f9 2008.0/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.0.x86_64.rpm e6157d7b0db9eb438d481d4936ae4136 2008.0/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.0.x86_64.rpm f51f2da86e98483222be173e9f652a05 2008.0/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.0.x86_64.rpm 03a4b461a50066c7a3d4ee489520bd16 2008.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.0.x86_64.rpm fef233be8be29baee64d93a3a3ac151f 2008.0/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.0.x86_64.rpm 138ffb53f1db70436930e0d3edfdaebb 2008.0/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.0.x86_64.rpm fd690f90b6ac6e9ed140fc27df44e62d 2008.0/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.0.x86_64.rpm cc554728aae81b90914e54fb7a62f3f0 2008.0/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.0.x86_64.rpm 46863abedc5c3b03ff300ead0b121021 2008.0/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.0.x86_64.rpm 794e549bd36194abef17a9eef269152e 2008.0/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.0.x86_64.rpm 1142a44377ae9e2ef4bf13514786b5a2 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.0.x86_64.rpm 33839b0ca0e0def41bb801342940a61e 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.0.x86_64.rpm 59a1896fe2aae393cc389058967d51fc 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.16-1mdv2008.0.src.rpm Mandriva Linux 2008.1: f6cf2ac34e0bff07f30e27450f1e858c 2008.1/i586/mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.1.i586.rpm ed24ed7ab605eb97c1e164071c5e0372 2008.1/i586/mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.1.i586.rpm b63770f6914513b17ed5b4d652bc3103 2008.1/i586/mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.1.i586.rpm 9691615659ca64991ac5e6af350880ad 2008.1/i586/mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.1.i586.rpm 7511fd992f624b2511ac685f2ee07a6b 2008.1/i586/mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.1.i586.rpm 4ea8e7705bc3c18a267588c8130fa29c 2008.1/i586/mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.1.i586.rpm 100444753100ab77cc01e3ecc5067e27 2008.1/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.1.i586.rpm 23b865f16b112c04b07595bb93c6e6c4 2008.1/i586/mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.1.i586.rpm 9c798a90124db103f996a1bdab4d66a8 2008.1/i586/mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.1.i586.rpm 969f11d844c5e1eeeeadd2859d3dac5c 2008.1/i586/mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.1.i586.rpm a31b7bfdca64777e5bf270a6d53b6e8f 2008.1/i586/mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.1.i586.rpm 0f9865fc519d626c509908ecfd2b3c9a 2008.1/i586/mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.1.i586.rpm c0699066b63f70069175d7d1f7fda0d6 2008.1/i586/mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.1.i586.rpm 9fd23299dd66e902e1c27c6824690a90 2008.1/i586/mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.1.i586.rpm 157ecaabda89ad40c2cf6910a9efefd2 2008.1/i586/mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.1.i586.rpm b9a54b1898af2f8747bf50be583042ff 2008.1/i586/mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.1.i586.rpm 591f4770d42aab8db431fec22a31d7ff 2008.1/i586/mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.1.i586.rpm 6b46b0216f379ee42a252661fd09e34d 2008.1/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.1.i586.rpm e62766e42886225c9a149700de7c4655 2008.1/i586/mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.1.i586.rpm 00c6395fc3fcff185a096cc5660a3172 2008.1/i586/mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.1.i586.rpm 10a1729957bd7e2df5ea4d22cad866df 2008.1/i586/mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.1.i586.rpm 791edb744c0f597d34a324c9317c0836 2008.1/i586/mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.1.i586.rpm ba94130af0841d4f74691d6a5751e804 2008.1/i586/mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.1.i586.rpm c6f4ac427fb06564610158b3315d7313 2008.1/i586/mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.1.i586.rpm 874ccb15ebc89f64a965ea56dd8e04c3 2008.1/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.1.i586.rpm cd3e14d0b33818ed51ea9aa862f9f749 2008.1/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.1.i586.rpm c56b94b1d6b3fa44da39d96a4d3bca4d 2008.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.16-1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 688b67d73c4496c57f703102a2d5fca9 2008.1/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.1.x86_64.rpm 511f3af7a7017fed3fba374fb8ddafd6 2008.1/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.1.x86_64.rpm 22b02c7508c03276214a3d01e08c049e 2008.1/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.1.x86_64.rpm e239f36377b2411786d215c67ce5b021 2008.1/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.1.x86_64.rpm 598e67c1fdb69ee05dd0334dd2abb7a5 2008.1/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.1.x86_64.rpm bf1597eb79e01f2a2bb76ae093149ca0 2008.1/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.1.x86_64.rpm 8d55ca0ee7169d9fd3a37bc58d8a67dd 2008.1/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.1.x86_64.rpm 87d104e54d9dc3fd15e9511e1a43fcba 2008.1/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.1.x86_64.rpm d3d043ad79856eef9a250b480220cfe0 2008.1/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.1.x86_64.rpm d2604bdef5e189a7fdcfa78e5fb6c535 2008.1/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.1.x86_64.rpm 8c12a6e985b9d06f7e04156bc6057de7 2008.1/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.1.x86_64.rpm cad4b5ebc03a39c59c0d624905f35947 2008.1/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.1.x86_64.rpm 5f0613001cc56c744d0ef58bf65c93dc 2008.1/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.1.x86_64.rpm 5da93c69acee1ad9b74b763160c9bfe2 2008.1/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.1.x86_64.rpm 7e0ce771ed2632d7ca4b465eecb949e5 2008.1/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.1.x86_64.rpm 6600edbd2c214e823e31d14ea2e6b7b3 2008.1/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.1.x86_64.rpm 297827a568ea42ed4f17faba1c65b4ec 2008.1/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.1.x86_64.rpm 9710316057ab1b4275b9d7bb8f14bcc9 2008.1/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.1.x86_64.rpm 545613d01d7adb14eceab355fb795d34 2008.1/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.1.x86_64.rpm 6fc439fac98e58e10c291bfdac9d9a8d 2008.1/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.1.x86_64.rpm a3e34394ad5ec48ef2ea9c36367fb3c6 2008.1/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.1.x86_64.rpm 1a503519fb58dbfae6e1ef1cb36c124e 2008.1/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.1.x86_64.rpm 3310d4acb08e30d01571b296295f3494 2008.1/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.1.x86_64.rpm 0555de39aef1d7aec5ae62724afaff79 2008.1/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.1.x86_64.rpm c58fa13ff6f4098d75a923c9661e24a0 2008.1/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.1.x86_64.rpm e03fad72bb53630b78627594dbb30e47 2008.1/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.1.x86_64.rpm c56b94b1d6b3fa44da39d96a4d3bca4d 2008.1/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.16-1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIjJaXmqjQ0CJFipgRAgrwAJwO2wRPkObPXc7KxYup6oApV38EugCfXNOv Nxvy6qkeXUkpYIiA4kAIraQ= =79pY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/