Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia: 2019-0316 Moderate: Thunderbird Use-After-Free and Overflow Issues

mageia
Calendar Grey November 7, 2019
Dist Mageia Esm H88
Recent Thunderbird updates in Mageia tackle serious security threats and address various vulnerabilities. For more information, click this link.
The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB

Summary

The updated packages fix security issues:
Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757)
Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758)
Stack buffer overflow in HKDF output. (CVE-2019-11759)
Stack buffer overflow in WebRTC networking. (CVE-2019-11760)
Unintended access to a privileged JSONView object. (CVE-2019-11761)
document.domain-based origin isolation has same-origin-property violation. (CVE-2019-11762)
Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)
Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764)
Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903)
Enigmail has been updated to 2.1.3.

References

- https://bugs.mageia.org/show_bug.cgi?id=25597

- https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/

- https://enigmail.net/index.php/en/download/changelog#enig2.1.3

- https://access.redhat.com/errata/RHSA-2019:3237

- https://www.cve.org/CVERecord?id=CVE-2019-11757

- https://www.cve.org/CVERecord?id=CVE-2019-11758

- https://www.cve.org/CVERecord?id=CVE-2019-11759

- https://www.cve.org/CVERecord?id=CVE-2019-11760

- https://www.cve.org/CVERecord?id=CVE-2019-11761

- https://www.cve.org/CVERecord?id=CVE-2019-11762

- https://www.cve.org/CVERecord?id=CVE-2019-11763

- https://www.cve.org/CVERecord?id=CVE-2019-11764

- https://www.cve.org/CVERecord?id=CVE-2019-15903

Topics%20covered

Topics Covered

security advisory update html parsing thunderbird stack overflow use-after-free mageia

Resolution

SRPMS

- 7/core/thunderbird-68.2.1-1.mga7

- 7/core/thunderbird-l10n-68.2.1-1.mga7

Publication date: 07 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0316.html
Type: security
CVE: CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903

Topics%20covered

Topics Covered

security advisory update html parsing thunderbird stack overflow use-after-free mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here