FrSIRT - Fedora Security Update Fixes Seamonkey and Thunderbird Multiple Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Seamonkey and Thunderbird Multiple Vulnerabilities

Title : Fedora Security Update Fixes Seamonkey and Thunderbird Multiple Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-2026
CVE ID : CVE-2007-1362 - CVE-2007-1558 - CVE-2007-1562 - CVE-2007-2867 - CVE-2007-2868 - CVE-2007-2869 - CVE-2007-2870 - CVE-2007-2871
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-04

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/7/

8b74897a7e0341f37a84c054ed730db0eab64ca2 seamonkey-1.1.2-1.fc7.ppc64.rpm
cc7d4165f4e13303e0b19553a145d3018903aee4 seamonkey-debuginfo-1.1.2-1.fc7.ppc64.rpm
7ba215c52a09738a858bac466807a1ac8d5c0517 seamonkey-debuginfo-1.1.2-1.fc7.i386.rpm
668178f4aeaa63b0607329e831d3f1b4f03bbacb seamonkey-1.1.2-1.fc7.i386.rpm
e45927dbc6f76917599322c33c586c3903a1c697 seamonkey-debuginfo-1.1.2-1.fc7.x86_64.rpm
d872bda2bec5277570e6f38d39bc08b243a41dbe seamonkey-1.1.2-1.fc7.x86_64.rpm
2e3db146527a2985f1416e0e7eeed8a541d21a21 seamonkey-1.1.2-1.fc7.ppc.rpm
bf3fafd1d132f22c4b5d652ac6c448d43f9bbfcd seamonkey-debuginfo-1.1.2-1.fc7.ppc.rpm
511bf0c98ac0dc936cd994910e9b37c586e6f064 seamonkey-1.1.2-1.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

b2bc6b0b1873b30decc11855918c76642e0519c5 SRPMS/thunderbird-1.5.0.12-1.fc6.src.rpm
b2bc6b0b1873b30decc11855918c76642e0519c5 noarch/thunderbird-1.5.0.12-1.fc6.src.rpm
319cb9203c2c79699043204a8a110e402f783d7a ppc/debug/thunderbird-debuginfo-1.5.0.12-1.fc6.ppc.rpm
d026f2c02fae7bb3d554bb3d4ce8e412ae8f32ec ppc/thunderbird-1.5.0.12-1.fc6.ppc.rpm
fddac5a083a0319c39ba81f18d43422682079a91 x86_64/thunderbird-1.5.0.12-1.fc6.x86_64.rpm
ea9caab8666767718ae24cb44943dd5097e6f7b2 x86_64/debug/thunderbird-debuginfo-1.5.0.12-1.fc6.x86_64.rpm
1eafd155c1d1013e137c0b948a06210145269f16 i386/thunderbird-1.5.0.12-1.fc6.i386.rpm
07bf8d163e7592a8adc9ee29a972b8f02bcb8f8b i386/debug/thunderbird-debuginfo-1.5.0.12-1.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

9d6bcf40d81d9d0f281ff9e934ccde1636a82ad2 SRPMS/thunderbird-1.5.0.12-1.fc5.src.rpm
9d6bcf40d81d9d0f281ff9e934ccde1636a82ad2 noarch/thunderbird-1.5.0.12-1.fc5.src.rpm
ae8c17a9b856514272d3ad2c55a329717e9cb72b ppc/debug/thunderbird-debuginfo-1.5.0.12-1.fc5.ppc.rpm
005323944a0e7ff4a66361b59746228ab5f5a161 ppc/thunderbird-1.5.0.12-1.fc5.ppc.rpm
c29fb2dff816698d248fe2138cd4455bb9c1cb85 x86_64/debug/thunderbird-debuginfo-1.5.0.12-1.fc5.x86_64.rpm
3a1694d8866f0a4ddf6c06eec6b528f4e4dde4b9 x86_64/thunderbird-1.5.0.12-1.fc5.x86_64.rpm
8bb7e372c859690a4f8ca6a4f8944ee3d20d5c96 i386/debug/thunderbird-debuginfo-1.5.0.12-1.fc5.i386.rpm
d1baff4693caacf1896eebf6c06551a58293a886 i386/thunderbird-1.5.0.12-1.fc5.i386.rpm
d097d329fcc14226207e03feb051fd178654c518 SRPMS/seamonkey-1.0.9-1.fc5.src.rpm
d097d329fcc14226207e03feb051fd178654c518 noarch/seamonkey-1.0.9-1.fc5.src.rpm
af3c13a62a5c719f2ef9e3a571ee73fd9dfcf84f ppc/seamonkey-1.0.9-1.fc5.ppc.rpm
ecd0cc46cab09c1b0deb64a5822a39ae37c9fc25 ppc/debug/seamonkey-debuginfo-1.0.9-1.fc5.ppc.rpm
5b0f2481d2f21ca022642d02b311fce60a73e8f9 ppc/seamonkey-js-debugger-1.0.9-1.fc5.ppc.rpm
f65231af0064b2b110ffbe8b97c631189f6be467 ppc/seamonkey-mail-1.0.9-1.fc5.ppc.rpm
2e38ac784a687d95ca55ad21f0a38e8b70f61add ppc/seamonkey-dom-inspector-1.0.9-1.fc5.ppc.rpm
c1a3f8acfd8f153096816d1fbe38a1d14d72e81d ppc/seamonkey-devel-1.0.9-1.fc5.ppc.rpm
547fe1520b3759f449472963b8edbc9e8bafb948 ppc/seamonkey-chat-1.0.9-1.fc5.ppc.rpm
99c14431b09e82a17d10547c7e20fa89f79f64be x86_64/seamonkey-dom-inspector-1.0.9-1.fc5.x86_64.rpm
34866fb6795fca53e30344457bdbb2088fcb2587 x86_64/seamonkey-devel-1.0.9-1.fc5.x86_64.rpm
e608060c3863ce2f2bf166a8e5ee1908bb2db6b7 x86_64/seamonkey-js-debugger-1.0.9-1.fc5.x86_64.rpm
9d41cdfb0694dd6fa5c13aa8cbc8cba20f411478 x86_64/seamonkey-1.0.9-1.fc5.x86_64.rpm
ee27045e12188268010b7d5f7738b6e3fd2c439b x86_64/seamonkey-chat-1.0.9-1.fc5.x86_64.rpm
fd58a33d9ae701661fa499e157bbfbc5e74c6a4e x86_64/seamonkey-mail-1.0.9-1.fc5.x86_64.rpm
c2c281e8818145761d9dc90fb1cdbd099499e016 x86_64/debug/seamonkey-debuginfo-1.0.9-1.fc5.x86_64.rpm
026cfd55c1a74b8172df78af632a67e77e8a1ed3 i386/seamonkey-devel-1.0.9-1.fc5.i386.rpm
1bf11eaae35d4e525bded75d4499beeaae67cfd1 i386/seamonkey-dom-inspector-1.0.9-1.fc5.i386.rpm
fd557a8d93ef82c3ec079eba84a898264c8890c3 i386/debug/seamonkey-debuginfo-1.0.9-1.fc5.i386.rpm
64f814f2239657dbd777fe1e7e6cdc084e299844 i386/seamonkey-js-debugger-1.0.9-1.fc5.i386.rpm
aa8011ceba48b69177d57459037a965d6c16d9fb i386/seamonkey-mail-1.0.9-1.fc5.i386.rpm
e61f1037c452166539953ab4109547a3f689a233 i386/seamonkey-1.0.9-1.fc5.i386.rpm
143488a2691b79878ad25250a0314e7377875f03 i386/seamonkey-chat-1.0.9-1.fc5.i386.rpm

ChangeLog

2007-06-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities