[SECURITY] [DLA 3698-1] thunderbird security update

2023-12-2910:11:37

lists.debian.org

cve-2023-6856

smime

security tracker

denial of service

cve-2023-6858

spoofing

debian lts

cve-2023-6857

debian 10 buster

thunderbird

security update

arbitrary code

pgp/mime

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Debian LTS Advisory DLA-3698-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
December 29, 2023 https://wiki.debian.org/LTS

Package : thunderbird
Version : 1:115.6.0-1~deb10u1
CVE ID : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859
CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6864
CVE-2023-6873 CVE-2023-50761 CVE-2023-50762

Multiple security issues were discovered in Thunderbird, which could
result in denial of service, the execution of arbitrary code or spoofing
of signed PGP/MIME and SMIME emails.

For Debian 10 buster, these problems have been fixed in version
1:115.6.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10alliceweasel-l10n-oc< 1:115.6.0esr-1~deb10u1iceweasel-l10n-oc_1:115.6.0esr-1~deb10u1_all.deb
Debian11ppc64elthunderbird-dbgsym< 1:115.6.0-1~deb11u1thunderbird-dbgsym_1:115.6.0-1~deb11u1_ppc64el.deb
Debian11allfirefox-esr-l10n-zh-tw< 115.6.0esr-1~deb11u1firefox-esr-l10n-zh-tw_115.6.0esr-1~deb11u1_all.deb
Debian11allthunderbird-l10n-ka< 1:115.6.0-1~deb11u1thunderbird-l10n-ka_1:115.6.0-1~deb11u1_all.deb
Debian11arm64thunderbird-dbgsym< 1:115.6.0-1~deb11u1thunderbird-dbgsym_1:115.6.0-1~deb11u1_arm64.deb
Debian10allfirefox-esr-l10n-eu< 115.6.0esr-1~deb10u1firefox-esr-l10n-eu_115.6.0esr-1~deb10u1_all.deb
Debian12allthunderbird-l10n-en-ca< 1:115.6.0-1~deb12u1thunderbird-l10n-en-ca_1:115.6.0-1~deb12u1_all.deb
Debian10allfirefox-esr-l10n-ru< 115.6.0esr-1~deb10u1firefox-esr-l10n-ru_115.6.0esr-1~deb10u1_all.deb
Debian10allfirefox-esr-l10n-lv< 115.6.0esr-1~deb10u1firefox-esr-l10n-lv_115.6.0esr-1~deb10u1_all.deb
Debian12allfirefox-esr-l10n-en-gb< 115.6.0esr-1~deb12u1firefox-esr-l10n-en-gb_115.6.0esr-1~deb12u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	iceweasel-l10n-oc	< 1:115.6.0esr-1~deb10u1	iceweasel-l10n-oc_1:115.6.0esr-1~deb10u1_all.deb
Debian	11	ppc64el	thunderbird-dbgsym	< 1:115.6.0-1~deb11u1	thunderbird-dbgsym_1:115.6.0-1~deb11u1_ppc64el.deb
Debian	11	all	firefox-esr-l10n-zh-tw	< 115.6.0esr-1~deb11u1	firefox-esr-l10n-zh-tw_115.6.0esr-1~deb11u1_all.deb
Debian	11	all	thunderbird-l10n-ka	< 1:115.6.0-1~deb11u1	thunderbird-l10n-ka_1:115.6.0-1~deb11u1_all.deb
Debian	11	arm64	thunderbird-dbgsym	< 1:115.6.0-1~deb11u1	thunderbird-dbgsym_1:115.6.0-1~deb11u1_arm64.deb
Debian	10	all	firefox-esr-l10n-eu	< 115.6.0esr-1~deb10u1	firefox-esr-l10n-eu_115.6.0esr-1~deb10u1_all.deb
Debian	12	all	thunderbird-l10n-en-ca	< 1:115.6.0-1~deb12u1	thunderbird-l10n-en-ca_1:115.6.0-1~deb12u1_all.deb
Debian	10	all	firefox-esr-l10n-ru	< 115.6.0esr-1~deb10u1	firefox-esr-l10n-ru_115.6.0esr-1~deb10u1_all.deb
Debian	10	all	firefox-esr-l10n-lv	< 115.6.0esr-1~deb10u1	firefox-esr-l10n-lv_115.6.0esr-1~deb10u1_all.deb
Debian	12	all	firefox-esr-l10n-en-gb	< 115.6.0esr-1~deb12u1	firefox-esr-l10n-en-gb_115.6.0esr-1~deb12u1_all.deb