ArchLinux: 201906-10: thunderbird: multiple issues

    Date14 Jun 2019
    CategoryArchLinux
    491
    Posted ByLinuxSecurity Advisories
    The package thunderbird before version 60.7.1-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
    Arch Linux Security Advisory ASA-201906-10
    ==========================================
    
    Severity: High
    Date    : 2019-06-14
    CVE-ID  : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706
    Package : thunderbird
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-980
    
    Summary
    =======
    
    The package thunderbird before version 60.7.1-1 is vulnerable to
    multiple issues including arbitrary code execution and denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 60.7.1-1.
    
    # pacman -Syu "thunderbird>=60.7.1-1"
    
    The problems have been fixed upstream in version 60.7.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-11703 (arbitrary code execution)
    
    A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a
    heap buffer overflow in parser_get_next_char when processing certain
    email messages, resulting in a potentially exploitable crash.
    
    - CVE-2019-11704 (arbitrary code execution)
    
    A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a
    heap buffer overflow in icalmemory_strdup_and_dequote when processing
    certain email messages, resulting in a potentially exploitable crash.
    
    - CVE-2019-11705 (arbitrary code execution)
    
    A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a
    stack buffer overflow in icalrecur_add_bydayrules when processing
    certain email messages, resulting in a potentially exploitable crash.
    
    - CVE-2019-11706 (denial of service)
    
    A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a
    type confusion in icaltimezone_get_vtimezone_properties when processing
    certain email messages, resulting in a crash.
    
    Impact
    ======
    
    A remote attacker can crash thunderbird or execute arbitrary code on
    the affected host via a crafted email message.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11703
    https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11704
    https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11705
    https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11706
    https://security.archlinux.org/CVE-2019-11703
    https://security.archlinux.org/CVE-2019-11704
    https://security.archlinux.org/CVE-2019-11705
    https://security.archlinux.org/CVE-2019-11706
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.