Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:155-1)

Critical Nessus Plugin ID 36242

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811).

This update provides the latest Thunderbird to correct these issues.
It also provides Thunderbird 2.x for Corporate 3.0 systems.

Update :

The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.

Solution

Update the affected packages.

See Also

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.mozilla.org/security/announce/2008/mfsa2008-15.html

http://www.mozilla.org/security/announce/2008/mfsa2008-21.html

http://www.mozilla.org/security/announce/2008/mfsa2008-24.html

http://www.mozilla.org/security/announce/2008/mfsa2008-25.html

https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/

http://www.mozilla.org/security/announce/2008/mfsa2008-29.html

http://www.mozilla.org/security/announce/2008/mfsa2008-31.html

http://www.mozilla.org/security/announce/2008/mfsa2008-33.html

http://www.mozilla.org/security/announce/2008/mfsa2008-34.html

Plugin Details

Severity: Critical

ID: 36242

File Name: mandriva_MDVSA-2008-155.nasl

Version: 1.18

Type: local

Published: 2009/04/23

Updated: 2018/11/15

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/07/27

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811

BID: 28448, 29802, 30038

MDVSA: 2008:155-1

CWE: 20, 79, 94, 189, 200, 264, 399