Nacionalni CERT

Otklonjeni sigurnosni problemi paketa Sunbird

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-3267
2010-03-02 00:31:02
--------------------------------------------------------------------------------

Name : sunbird
Product : Fedora 11
Version : 1.0
Release : 0.14.20090715hg.fc11
URL : http://www.mozilla.org/projects/calendar/sunbird/
Summary : Calendar application built upon Mozilla toolkit
Description :
Mozilla Sunbird is a cross-platform calendar application, built upon
Mozilla Toolkit. It brings Mozilla-style ease-of-use to your
calendar, without tying you to a particular storage solution.

--------------------------------------------------------------------------------
Update Information:

Update thunderbird to upstream version 3.0.2. *
http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/ *
http://www.mozilla.org/security/known-
vulnerabilities/thunderbird30.html#thunderbird3.0.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 25 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.14.20090715hg
- Rebuild against new Thunderbird
* Tue Jan 26 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.13.20090715hg
- Fixed sunbird exec script
* Thu Jan 21 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.12.20090715hg
- Rebuild against new Thunderbird
* Wed Dec 9 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.11.20090715hg
- Rebuild against new Thunderbird
* Thu Dec 3 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.10.20090715hg
- Rebuild against new Thunderbird
* Wed Nov 25 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.9.20090715hg
- Rebuild against new Thunderbird
* Fri Oct 16 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.7.20090715hg
- Rebuild due to new version of Thunderbird
* Tue Sep 22 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.7.20090715hg
- Sync up with Thunderbird
* Tue Aug 18 2009 Lubomir Rintel <lkundrak@v3.sk> - 1.0-0.6.20090715hg
- Update langpacks
* Sun Jun 28 2009 Lubomir Rintel <lkundrak@v3.sk> - 1.0-0.5.20090715hg
- Sync up with Thunderbird
* Sun Jun 28 2009 Lubomir Rintel <lkundrak@v3.sk> - 1.0-0.5.20090513hg
- Sync up with Thunderbird
- Enable the Google Data Provider
* Fri May 15 2009 Lubomir Rintel <lkundrak@v3.sk> - 1.0-0.4.20090302hg
- Fixed thunderbird dependency
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #566047 - CVE-2010-0159 Mozilla crashes with evidence of memory
corruption (MFSA 2010-01)
https://bugzilla.redhat.com/show_bug.cgi?id=566047
[ 2 ] Bug #566050 - CVE-2009-1571 Mozilla incorrectly frees used memory
(MFSA
2010-03)
https://bugzilla.redhat.com/show_bug.cgi?id=566050
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update sunbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-3230
2010-03-02 00:30:12
--------------------------------------------------------------------------------

Name : sunbird
Product : Fedora 12
Version : 1.0
Release : 0.19.20090916hg.fc12
URL : http://www.mozilla.org/projects/calendar/sunbird/
Summary : Calendar application built upon Mozilla toolkit
Description :
Mozilla Sunbird is a cross-platform calendar application, built upon
Mozilla Toolkit. It brings Mozilla-style ease-of-use to your
calendar, without tying you to a particular storage solution.

--------------------------------------------------------------------------------
Update Information:

Update thunderbird to upstream version 3.0.2. *
http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/ *
http://www.mozilla.org/security/known-
vulnerabilities/thunderbird30.html#thunderbird3.0.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 25 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.19.20090916hg
- Rebuild against new Thunderbird
* Tue Jan 26 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.18.20090916hg
- Fixed sunbird exec script
* Thu Jan 21 2010 Jan Horak <jhorak@redhat.com> - 1.0-0.17.20090916hg
- Rebuild against new Thunderbird
* Wed Dec 9 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.16.20090916hg
- Rebuild against new Thunderbird
* Thu Dec 3 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.15.20090916hg
- Rebuild against new Thunderbird
* Wed Nov 25 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.14.20090916hg
- Rebuild against new Thunderbird
* Tue Nov 10 2009 Jan Horak <jhorak@redhat.com> - 1.0-0.13.20090916hg
- Rebuild due to Thunderbird update
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #566047 - CVE-2010-0159 Mozilla crashes with evidence of memory
corruption (MFSA 2010-01)
https://bugzilla.redhat.com/show_bug.cgi?id=566047
[ 2 ] Bug #566050 - CVE-2009-1571 Mozilla incorrectly frees used memory
(MFSA
2010-03)
https://bugzilla.redhat.com/show_bug.cgi?id=566050
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update sunbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

U programskom paketu Sunbird otkriveni su sigurnosni problemi. Riječ je o digitalnom organizatoru koji se može koristiti na različitim operacijskim sustavima, uključujući Windows, Linux, Mac OS X i dr. Spomenuti problemi posljedice su neodgovarajućeg rukovanja memorijom. Udaljeni napadač može ih iskoristiti za izvođenje napada uskraćivanja usluge ili za pokretanje proizvoljnog programskog koda. Kako bi spriječili zlouporabe, svim korisnicima savjetuje se nadogradnja na najnoviju inačicu u kojoj su ranjivosti otklonjene.