Revizija sigurnosnog upozorenja vezanog uz paket Mozilla Thunderbird

Objavljena je revizija sigurnosnog upozorenja izvorne oznake openSUSE-SU-2011:1031-1 u kojoj je ispravljeno pogrešno rukovanje certifikatima u programskom paketu Mozilla Firefox. Spomenuti je propust zlonamjernim korisnicima omogućavao pokretanje tzv. MITM (eng. man-in-the-middle) napada. Ova je inačica revizije vezana uz programski paket Mozilla Thunderbird.

Paket:	thunderbird 3.x
Operacijski sustavi:	openSUSE 11.3, openSUSE 11.4
Problem:	nepravilno rukovanje ovlastima
Iskorištavanje:	udaljeno
Posljedica:	izmjena podataka
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	openSUSE-SU-2011:1031-2
Izvor:	SUSE

Problem:
Sigurnosni nedostatak posljedica je uporabe neispravnih digitalnih certifikata potpisanih od strane autentifikacijskog tijela DigiNotar.
Posljedica:
Udaljeni, zlonamjerni korisnici mogu iskoristiti neispravne certifikate za pokretanje tzv. MITM (eng. man-in-the-middle) napada.
Rješenje:
Neispravni certifikati dodani su u listu blokiranih certifikata u osvježenim inačicama ranjivog paketa te se svim korisnicima savjetuje njihova primjena.

Izvorni tekst preporuke

   openSUSE Security Update: MozillaThunderbird: 3.1.13
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:1031-2
Rating:             important
References:         #714931 
Affected Products:
                    openSUSE 11.4
                    openSUSE 11.3
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes 5 new package versions.

Description:

   This update brings Mozilla Thunderbird to 3.1.13.

   The purpose of this update is to blacklist the compromised
   DigiNotar Certificate Authority.

   For more information read: MFSA 2011-34
   http://www.mozilla.org/security/announce/2011/mfsa2011-34.ht
   ml


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch MozillaThunderbird-5120 mozilla-js192-5127
seamonkey-5122

   - openSUSE 11.3:

      zypper in -t patch MozillaFirefox-5118 MozillaThunderbird-5120
seamonkey-5122

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.22,2.3.3 and 3.1.14]:

      MozillaThunderbird-3.1.14-0.15.1
      MozillaThunderbird-buildsymbols-3.1.14-0.15.1
      MozillaThunderbird-devel-3.1.14-0.15.1
      MozillaThunderbird-translations-common-3.1.14-0.15.1
      MozillaThunderbird-translations-other-3.1.14-0.15.1
      enigmail-1.1.2+3.1.14-0.15.1
      mozilla-js192-1.9.2.22-0.2.1
      mozilla-xulrunner192-1.9.2.22-0.2.1
      mozilla-xulrunner192-buildsymbols-1.9.2.22-0.2.1
      mozilla-xulrunner192-devel-1.9.2.22-0.2.1
      mozilla-xulrunner192-gnome-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-common-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-other-1.9.2.22-0.2.1
      seamonkey-2.3.3-0.2.1
      seamonkey-dom-inspector-2.3.3-0.2.1
      seamonkey-irc-2.3.3-0.2.1
      seamonkey-translations-common-2.3.3-0.2.1
      seamonkey-translations-other-2.3.3-0.2.1
      seamonkey-venkman-2.3.3-0.2.1

   - openSUSE 11.4 (x86_64) [New Version: 1.9.2.22]:

      mozilla-js192-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-common-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-other-32bit-1.9.2.22-0.2.1

   - openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.22,2.3.3,3.1.14 and
3.6.22]:

      MozillaFirefox-3.6.22-0.2.1
      MozillaFirefox-branding-upstream-3.6.22-0.2.1
      MozillaFirefox-translations-common-3.6.22-0.2.1
      MozillaFirefox-translations-other-3.6.22-0.2.1
      MozillaThunderbird-3.1.14-0.19.1
      MozillaThunderbird-devel-3.1.14-0.19.1
      MozillaThunderbird-translations-common-3.1.14-0.19.1
      MozillaThunderbird-translations-other-3.1.14-0.19.1
      enigmail-1.1.2+3.1.14-0.19.1
      mozilla-js192-1.9.2.22-0.2.1
      mozilla-xulrunner192-1.9.2.22-0.2.1
      mozilla-xulrunner192-buildsymbols-1.9.2.22-0.2.1
      mozilla-xulrunner192-devel-1.9.2.22-0.2.1
      mozilla-xulrunner192-gnome-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-common-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-other-1.9.2.22-0.2.1
      seamonkey-2.3.3-0.2.1
      seamonkey-dom-inspector-2.3.3-0.2.1
      seamonkey-irc-2.3.3-0.2.1
      seamonkey-translations-common-2.3.3-0.2.1
      seamonkey-translations-other-2.3.3-0.2.1
      seamonkey-venkman-2.3.3-0.2.1

   - openSUSE 11.3 (x86_64) [New Version: 1.9.2.22]:

      mozilla-js192-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-common-32bit-1.9.2.22-0.2.1
      mozilla-xulrunner192-translations-other-32bit-1.9.2.22-0.2.1


References:

   https://bugzilla.novell.com/714931

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Revizija sigurnosnog upozorenja vezanog uz paket Mozilla Thunderbird

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Revizija sigurnosnog upozorenja vezanog uz paket Mozilla Thunderbird

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti