Mandriva Security Team
13/12/05, 22:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__________________________________________________ _____________________
Mandriva Linux Security Advisory MDKSA-2005:226
http://www.mandriva.com/security/
__________________________________________________ _____________________
Package : mozilla-thunderbird
Date : December 12, 2005
Affected: 2006.0, Corporate 3.0
__________________________________________________ _____________________
Problem Description:
A bug in enigmail, the GPG support extension for Mozilla MailNews and
Mozilla Thunderbird was discovered that could lead to the encryption
of an email with the wrong public key. This could potentially disclose
confidential data to unintended recipients.
The updated packages have been patched to prevent this problem.
__________________________________________________ _____________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3256
__________________________________________________ _____________________
Updated Packages:
Mandriva Linux 2006.0:
a76040e992150836998fc822a99b7624 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.i586.rpm
591b78809b7425ece0f63f96b65d2d2b 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.i586.rpm
72f81a292f80666ac90f6b4d6da8a694 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.i586.rpm
5b45958f898c7a0da52227b1b7791eb8 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
7732c8c52831cdc49dcad7f27bf02ff7 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.x86_64.rpm
63d0f9a9e474b6cf8259ee0e3e867c54 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.x86_64.rpm
3440b4677c7938a8d948d1f20b97ec33 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.x86_64.rpm
5b45958f898c7a0da52227b1b7791eb8 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm
Corporate 3.0:
fb13fdba83a8fb58fa7be5f879387776 corporate/3.0/RPMS/libnspr4-1.7.8-0.4.C30mdk.i586.rpm
d2c026c3005bb117b168fa710b6707eb corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.4.C30mdk.i586.rpm
00fe306b2e32a43b668855ac07a7bc3a corporate/3.0/RPMS/libnss3-1.7.8-0.4.C30mdk.i586.rpm
a1f58fd330e354d64098584a21075683 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.4.C30mdk.i586.rpm
ed922dcfda867e3e6aae232358e410d9 corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.i586.rpm
9af2dc6b388b787fa489dd6d50fd85e5 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.i586.rpm
f8b427e76177e505f4c461c36c58a6f4 corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.i586.rpm
35ce2664bb8516b0adeb0bcf23814ffa corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.i586.rpm
f794287f76a7aa84f8ab26a5f9e1390d corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.i586.rpm
886465435f0c81de9888a406ecfaf731 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.i586.rpm
7852834c9f2b9b95d39abe8751d3849b corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.i586.rpm
42968285510df5716902b6566c8fc9fc corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.i586.rpm
72ce466eed134f651d10ea9120d21f53 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.i586.rpm
99c49b1370c18c2fa14c9f20b04e148d corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
6642da49a0bdbec886a932fdab4d41e5 x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.4.C30mdk.x86_64.rpm
065391d250b7ceb31c01f12386cf3a04 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.4.C30mdk.x86_64.rpm
07cf6b5f1d4ce2212b76fc265aace41a x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.4.C30mdk.x86_64.rpm
e65788bcc7d582095b30a87431947a8f x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.4.C30mdk.x86_64.rpm
a855523066d7b231da9ed889a995ad1a x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.x86_64.rpm
7b894f998bd344841c861387be21c2b3 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.x86_64.rpm
7b5fc684552363acea77ab8f344d38f5 x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.x86_64.rpm
4e969e057bcdc0f763e269cbbfcd0fb9 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.x86_64.rpm
c84f31cefbbe5a92c1f1e6105a184fe8 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.x86_64.rpm
28791c7db8d3d9802e8198dc599fad87 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.x86_64.rpm
0308af9d9050d5cdeafd0a9baac05d48 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.x86_64.rpm
a993afbf2ed3e7d17734631b2ccee05c x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.x86_64.rpm
86f109cecac0a9de786f88d9400b0cf5 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.x86_64.rpm
99c49b1370c18c2fa14c9f20b04e148d x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm
__________________________________________________ _____________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________ _____________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDngX+mqjQ0CJFipgRAsFrAJ9o36+SsC3J4vHtqufdLR K+KhjrlwCdHFTP
ltbOZEx/kIvw+O9sBteLQsM=
=V712
-----END PGP SIGNATURE-----
Hash: SHA1
__________________________________________________ _____________________
Mandriva Linux Security Advisory MDKSA-2005:226
http://www.mandriva.com/security/
__________________________________________________ _____________________
Package : mozilla-thunderbird
Date : December 12, 2005
Affected: 2006.0, Corporate 3.0
__________________________________________________ _____________________
Problem Description:
A bug in enigmail, the GPG support extension for Mozilla MailNews and
Mozilla Thunderbird was discovered that could lead to the encryption
of an email with the wrong public key. This could potentially disclose
confidential data to unintended recipients.
The updated packages have been patched to prevent this problem.
__________________________________________________ _____________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3256
__________________________________________________ _____________________
Updated Packages:
Mandriva Linux 2006.0:
a76040e992150836998fc822a99b7624 2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.i586.rpm
591b78809b7425ece0f63f96b65d2d2b 2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.i586.rpm
72f81a292f80666ac90f6b4d6da8a694 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.i586.rpm
5b45958f898c7a0da52227b1b7791eb8 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
7732c8c52831cdc49dcad7f27bf02ff7 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.x86_64.rpm
63d0f9a9e474b6cf8259ee0e3e867c54 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk.x86_64.rpm
3440b4677c7938a8d948d1f20b97ec33 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk.x86_64.rpm
5b45958f898c7a0da52227b1b7791eb8 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.2.20060mdk.src.rpm
Corporate 3.0:
fb13fdba83a8fb58fa7be5f879387776 corporate/3.0/RPMS/libnspr4-1.7.8-0.4.C30mdk.i586.rpm
d2c026c3005bb117b168fa710b6707eb corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.4.C30mdk.i586.rpm
00fe306b2e32a43b668855ac07a7bc3a corporate/3.0/RPMS/libnss3-1.7.8-0.4.C30mdk.i586.rpm
a1f58fd330e354d64098584a21075683 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.4.C30mdk.i586.rpm
ed922dcfda867e3e6aae232358e410d9 corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.i586.rpm
9af2dc6b388b787fa489dd6d50fd85e5 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.i586.rpm
f8b427e76177e505f4c461c36c58a6f4 corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.i586.rpm
35ce2664bb8516b0adeb0bcf23814ffa corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.i586.rpm
f794287f76a7aa84f8ab26a5f9e1390d corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.i586.rpm
886465435f0c81de9888a406ecfaf731 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.i586.rpm
7852834c9f2b9b95d39abe8751d3849b corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.i586.rpm
42968285510df5716902b6566c8fc9fc corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.i586.rpm
72ce466eed134f651d10ea9120d21f53 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.i586.rpm
99c49b1370c18c2fa14c9f20b04e148d corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
6642da49a0bdbec886a932fdab4d41e5 x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.4.C30mdk.x86_64.rpm
065391d250b7ceb31c01f12386cf3a04 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.4.C30mdk.x86_64.rpm
07cf6b5f1d4ce2212b76fc265aace41a x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.4.C30mdk.x86_64.rpm
e65788bcc7d582095b30a87431947a8f x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.4.C30mdk.x86_64.rpm
a855523066d7b231da9ed889a995ad1a x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.4.C30mdk.x86_64.rpm
7b894f998bd344841c861387be21c2b3 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.4.C30mdk.x86_64.rpm
7b5fc684552363acea77ab8f344d38f5 x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.4.C30mdk.x86_64.rpm
4e969e057bcdc0f763e269cbbfcd0fb9 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.4.C30mdk.x86_64.rpm
c84f31cefbbe5a92c1f1e6105a184fe8 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.4.C30mdk.x86_64.rpm
28791c7db8d3d9802e8198dc599fad87 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.4.C30mdk.x86_64.rpm
0308af9d9050d5cdeafd0a9baac05d48 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.4.C30mdk.x86_64.rpm
a993afbf2ed3e7d17734631b2ccee05c x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.4.C30mdk.x86_64.rpm
86f109cecac0a9de786f88d9400b0cf5 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.4.C30mdk.x86_64.rpm
99c49b1370c18c2fa14c9f20b04e148d x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.4.C30mdk.src.rpm
__________________________________________________ _____________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
__________________________________________________ _____________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDngX+mqjQ0CJFipgRAsFrAJ9o36+SsC3J4vHtqufdLR K+KhjrlwCdHFTP
ltbOZEx/kIvw+O9sBteLQsM=
=V712
-----END PGP SIGNATURE-----