Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201605-21 ========================================= Severity: Critical Date : 2016-05-15 CVE-ID : CVE-2016-2804 CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package thunderbird before version 45.1.0-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 45.1.0-1. # pacman -Syu "thunderbird>=45.1.0-1" The problem has been fixed upstream in version 45.1.0. Workaround ========= None. Description ========== - CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes. - CVE-2016-2805: Christian Holler reported a memory safety problem. - CVE-2016-2806: Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes. - CVE-2016-2807: Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety problems and crashes. Impact ===== A remote attacker can execute arbitrary code on the affected host. References ========= https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ https://access.redhat.com/security/cve/CVE-2016-2804 https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2806 https://access.redhat.com/security/cve/CVE-2016-2807