Red Hat Product Errata RHSA-2006:0760 - Security Advisory

Issued:: 2006-12-19
Updated:: 2006-12-19

RHSA-2006:0760 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: thunderbird security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause Thunderbird to crash or
execute arbitrary code as the user running Thunderbird. JavaScript support
is disabled by default in Thunderbird; this issue is not exploitable
without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503, CVE-2006-6504)

Several flaws were found in the way Thunderbird renders web pages. A
malicious web page could cause the browser to crash or possibly execute
arbitrary code as the user running Thunderbird. (CVE-2006-6497)

A heap based buffer overflow flaw was found in the way Thunderbird parses
the Content-Type mail header. A malicious mail message could cause the
Thunderbird client to crash or possibly execute arbitrary code as the user
running Thunderbird. (CVE-2006-6505)

Users of Thunderbird are advised to apply this update, which contains
Thunderbird version 1.5.0.9 that corrects these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 219686 - CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)

CVEs

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
thunderbird-1.5.0.9-0.1.el4.src.rpm	SHA-256: 4e0f201c8b3ea02459dd11b1c54a36fc2b373c3077f23f8f688608318132e311
x86_64
thunderbird-1.5.0.9-0.1.el4.x86_64.rpm	SHA-256: 39a37747cb8759830a93a3575f8c25a1943ab353cc5f5beea7527f0b13705a9c
thunderbird-1.5.0.9-0.1.el4.x86_64.rpm	SHA-256: 39a37747cb8759830a93a3575f8c25a1943ab353cc5f5beea7527f0b13705a9c
ia64
thunderbird-1.5.0.9-0.1.el4.ia64.rpm	SHA-256: e4033f14a667b9e1edade4bcbe031b5598445738bdf47a470870c15a9231d9f8
thunderbird-1.5.0.9-0.1.el4.ia64.rpm	SHA-256: e4033f14a667b9e1edade4bcbe031b5598445738bdf47a470870c15a9231d9f8
i386
thunderbird-1.5.0.9-0.1.el4.i386.rpm	SHA-256: 97e9ccbc1e50f5323694c6bb1583c3f589e95f340fb7501068a573e8a1ade25c
thunderbird-1.5.0.9-0.1.el4.i386.rpm	SHA-256: 97e9ccbc1e50f5323694c6bb1583c3f589e95f340fb7501068a573e8a1ade25c

Red Hat Enterprise Linux Workstation 4

SRPM
thunderbird-1.5.0.9-0.1.el4.src.rpm	SHA-256: 4e0f201c8b3ea02459dd11b1c54a36fc2b373c3077f23f8f688608318132e311
x86_64
thunderbird-1.5.0.9-0.1.el4.x86_64.rpm	SHA-256: 39a37747cb8759830a93a3575f8c25a1943ab353cc5f5beea7527f0b13705a9c
ia64
thunderbird-1.5.0.9-0.1.el4.ia64.rpm	SHA-256: e4033f14a667b9e1edade4bcbe031b5598445738bdf47a470870c15a9231d9f8
i386
thunderbird-1.5.0.9-0.1.el4.i386.rpm	SHA-256: 97e9ccbc1e50f5323694c6bb1583c3f589e95f340fb7501068a573e8a1ade25c

Red Hat Enterprise Linux Desktop 4

SRPM
thunderbird-1.5.0.9-0.1.el4.src.rpm	SHA-256: 4e0f201c8b3ea02459dd11b1c54a36fc2b373c3077f23f8f688608318132e311
x86_64
thunderbird-1.5.0.9-0.1.el4.x86_64.rpm	SHA-256: 39a37747cb8759830a93a3575f8c25a1943ab353cc5f5beea7527f0b13705a9c
i386
thunderbird-1.5.0.9-0.1.el4.i386.rpm	SHA-256: 97e9ccbc1e50f5323694c6bb1583c3f589e95f340fb7501068a573e8a1ade25c

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
thunderbird-1.5.0.9-0.1.el4.src.rpm	SHA-256: 4e0f201c8b3ea02459dd11b1c54a36fc2b373c3077f23f8f688608318132e311
s390x
thunderbird-1.5.0.9-0.1.el4.s390x.rpm	SHA-256: a3660283cc684f441408fdb7dfc1f57a07c3a0dd741ce4b34b9375fe5d7cce1b
s390
thunderbird-1.5.0.9-0.1.el4.s390.rpm	SHA-256: 46c589540b459c1f49f8384886a188cebfb2219433e1614ff4487000731225f9

Red Hat Enterprise Linux for Power, big endian 4

SRPM
thunderbird-1.5.0.9-0.1.el4.src.rpm	SHA-256: 4e0f201c8b3ea02459dd11b1c54a36fc2b373c3077f23f8f688608318132e311
ppc
thunderbird-1.5.0.9-0.1.el4.ppc.rpm	SHA-256: 7e9249ce0f8320951619483fc396cc302db5877d6e65ff9633b698a93745e197

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories