Ubuntu Security Notice USN-2360-2
24th September, 2014
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software description
- thunderbird
– Mozilla Open Source mail and newsgroup client
Details
USN-2360-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Thunderbird.
Original advisory details:
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
thunderbird
1:31.1.2+build1-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
thunderbird
1:31.1.2+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.