Debian DSA-4940-1 : thunderbird - security update

high Nessus Plugin ID 151807

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4940 advisory.

- Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the thunderbird packages.

For the stable distribution (buster), these problems have been fixed in version 1

See Also

https://security-tracker.debian.org/tracker/source-package/thunderbird

https://www.debian.org/security/2021/dsa-4940

https://security-tracker.debian.org/tracker/CVE-2021-29969

https://security-tracker.debian.org/tracker/CVE-2021-29970

https://security-tracker.debian.org/tracker/CVE-2021-29976

https://security-tracker.debian.org/tracker/CVE-2021-30547

https://packages.debian.org/source/buster/thunderbird

Plugin Details

Severity: High

ID: 151807

File Name: debian_DSA-4940.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/18/2021

Updated: 8/12/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

CVSS Score Source: CVE-2021-30547

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:calendar-google-provider, p-cpe:/a:debian:debian_linux:lightning, p-cpe:/a:debian:debian_linux:lightning-l10n-ar, p-cpe:/a:debian:debian_linux:lightning-l10n-ast, p-cpe:/a:debian:debian_linux:lightning-l10n-be, p-cpe:/a:debian:debian_linux:lightning-l10n-bg, p-cpe:/a:debian:debian_linux:lightning-l10n-br, p-cpe:/a:debian:debian_linux:lightning-l10n-ca, p-cpe:/a:debian:debian_linux:lightning-l10n-cs, p-cpe:/a:debian:debian_linux:lightning-l10n-cy, p-cpe:/a:debian:debian_linux:lightning-l10n-da, p-cpe:/a:debian:debian_linux:lightning-l10n-de, p-cpe:/a:debian:debian_linux:lightning-l10n-dsb, p-cpe:/a:debian:debian_linux:lightning-l10n-el, p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb, p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar, p-cpe:/a:debian:debian_linux:lightning-l10n-es-es, p-cpe:/a:debian:debian_linux:lightning-l10n-et, p-cpe:/a:debian:debian_linux:lightning-l10n-eu, p-cpe:/a:debian:debian_linux:lightning-l10n-fi, p-cpe:/a:debian:debian_linux:lightning-l10n-fr, p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl, p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie, p-cpe:/a:debian:debian_linux:lightning-l10n-gd, p-cpe:/a:debian:debian_linux:lightning-l10n-gl, p-cpe:/a:debian:debian_linux:lightning-l10n-he, p-cpe:/a:debian:debian_linux:lightning-l10n-hr, p-cpe:/a:debian:debian_linux:lightning-l10n-hsb, p-cpe:/a:debian:debian_linux:lightning-l10n-hu, p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am, p-cpe:/a:debian:debian_linux:lightning-l10n-id, p-cpe:/a:debian:debian_linux:lightning-l10n-is, p-cpe:/a:debian:debian_linux:lightning-l10n-it, p-cpe:/a:debian:debian_linux:lightning-l10n-ja, p-cpe:/a:debian:debian_linux:lightning-l10n-kab, p-cpe:/a:debian:debian_linux:lightning-l10n-kk, p-cpe:/a:debian:debian_linux:lightning-l10n-ko, p-cpe:/a:debian:debian_linux:lightning-l10n-lt, p-cpe:/a:debian:debian_linux:lightning-l10n-ms, p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no, p-cpe:/a:debian:debian_linux:lightning-l10n-nl, p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no, p-cpe:/a:debian:debian_linux:lightning-l10n-pl, p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br, p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt, p-cpe:/a:debian:debian_linux:lightning-l10n-rm, p-cpe:/a:debian:debian_linux:lightning-l10n-ro, p-cpe:/a:debian:debian_linux:lightning-l10n-ru, p-cpe:/a:debian:debian_linux:lightning-l10n-si, p-cpe:/a:debian:debian_linux:lightning-l10n-sk, p-cpe:/a:debian:debian_linux:lightning-l10n-sl, p-cpe:/a:debian:debian_linux:lightning-l10n-sq, p-cpe:/a:debian:debian_linux:lightning-l10n-sr, p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se, p-cpe:/a:debian:debian_linux:lightning-l10n-tr, p-cpe:/a:debian:debian_linux:lightning-l10n-uk, p-cpe:/a:debian:debian_linux:lightning-l10n-vi, p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn, p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw, p-cpe:/a:debian:debian_linux:thunderbird, p-cpe:/a:debian:debian_linux:thunderbird-l10n-all, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast, p-cpe:/a:debian:debian_linux:thunderbird-l10n-be, p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg, p-cpe:/a:debian:debian_linux:thunderbird-l10n-br, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca, p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak, p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs, p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy, p-cpe:/a:debian:debian_linux:thunderbird-l10n-da, p-cpe:/a:debian:debian_linux:thunderbird-l10n-de, p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb, p-cpe:/a:debian:debian_linux:thunderbird-l10n-el, p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb, p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar, p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es, p-cpe:/a:debian:debian_linux:thunderbird-l10n-et, p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu, p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi, p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr, p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie, p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd, p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl, p-cpe:/a:debian:debian_linux:thunderbird-l10n-he, p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr, p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb, p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu, p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am, p-cpe:/a:debian:debian_linux:thunderbird-l10n-id, p-cpe:/a:debian:debian_linux:thunderbird-l10n-is, p-cpe:/a:debian:debian_linux:thunderbird-l10n-it, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka, p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab, p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko, p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms, p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no, p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl, p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no, p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl, p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br, p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt, p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro, p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru, p-cpe:/a:debian:debian_linux:thunderbird-l10n-si, p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk, p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl, p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq, p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr, p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se, p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr, p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk, p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz, p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi, p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn, p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2021

Vulnerability Publication Date: 6/8/2021

Reference Information

CVE: CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547

IAVA: 2021-A-0309-S, 2021-A-0293-S