Ubuntu Security Notice USN-382-1
21st November, 2006
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.10
- Ubuntu 6.06 LTS
- Ubuntu 5.10
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.10:
- mozilla-thunderbird 126.96.36.199-0ubuntu0.6.10
- Ubuntu 6.06 LTS:
- mozilla-thunderbird 188.8.131.52-0ubuntu0.6.06
- Ubuntu 5.10:
- mozilla-thunderbird 184.108.40.206-0ubuntu0.5.10
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.