--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-1491 2006-12-20 ---------------------------------------------------------------------
Product : Fedora Core 6 Name : thunderbird Version : 1.5.0.9 Release : 2.fc6 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. --------------------------------------------------------------------- Update Information: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; this issue is not exploitable without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504) Several flaws were found in the way Thunderbird renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6497) A heap based buffer overflow flaw was found in the way Thunderbird parses the Content-Type mail header. A malicious mail message could cause the Thunderbird client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6505) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.9 that corrects these issues. --------------------------------------------------------------------- * Tue Dec 19 2006 Matthias Clasen <[EMAIL PROTECTED]> 1.5.0.9-2 - Add a Requires: launchmail (#219884) * Tue Dec 19 2006 Christopher Aillon <[EMAIL PROTECTED]> 1.5.0.9-1 - Update to 1.5.0.9 - Take firefox's pango fixes - Don't offer to import...nothing. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ b412bd483c481eb2adcb833db850a36c333978bf SRPMS/thunderbird-1.5.0.9-2.fc6.src.rpm b412bd483c481eb2adcb833db850a36c333978bf noarch/thunderbird-1.5.0.9-2.fc6.src.rpm 5c371d13b3209d5507448e9ebe9078521deac5fe ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.ppc.rpm a44fb695adca3b8addda5c1331a44aeea1825fb1 ppc/thunderbird-1.5.0.9-2.fc6.ppc.rpm 3cd6cc302db68faa3b1e2505820161fcc6af8efc x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.x86_64.rpm 3452f2cb4e52493ed7ccd23adae523721a3e7c63 x86_64/thunderbird-1.5.0.9-2.fc6.x86_64.rpm c13038e3e9c6615e5b9896fc0c979a5535d7ea49 i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc6.i386.rpm ab9a4abdbad15b2e26b60e112331e5cc2741d1d5 i386/thunderbird-1.5.0.9-2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce