ArchLinux: 201605-21: thunderbird: arbitrary code execution
Summary
- CVE-2016-2804:
Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve
Fink reported memory safety problems and crashes.
- CVE-2016-2805:
Christian Holler reported a memory safety problem.
- CVE-2016-2806:
Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten
Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory
safety problems and crashes.
- CVE-2016-2807:
Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety
problems and crashes.
Resolution
Upgrade to 45.1.0-1.
# pacman -Syu "thunderbird>=45.1.0-1"
The problem has been fixed upstream in version 45.1.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ https://access.redhat.com/security/cve/CVE-2016-2804 https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2806 https://access.redhat.com/security/cve/CVE-2016-2807
Workaround
None.