Mageia: 2019-0377 Moderate: Thunderbird Stack Corruption & Buffer Overflow
mageia
December 8, 2019
Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code
Summary
Updated thunderbird packages fix security vulnerabilities:
Stack corruption due to incorrect number of arguments in WebRTC code.
(CVE-2019-13722)
Buffer overflow in plain text serializer. (CVE-2019-17005)
Use-after-free in worker destruction. (CVE-2019-17008)
Updater temporary files accessible to unprivileged processes.
(CVE-2019-17009)
Use-after-free when performing device orientation checks.
(CVE-2019-17010)
Use-after-free when retrieving a document in antitracking.
(CVE-2019-17011)
Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3.
(CVE-2019-17012)
References
- https://bugs.mageia.org/show_bug.cgi?id=25821
- https://www.thunderbird.net/en-US/thunderbird/68.3.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
- https://www.cve.org/CVERecord?id=CVE-2019-13722
- https://www.cve.org/CVERecord?id=CVE-2019-17005
- https://www.cve.org/CVERecord?id=CVE-2019-17008
- https://www.cve.org/CVERecord?id=CVE-2019-17009
- https://www.cve.org/CVERecord?id=CVE-2019-17010
- https://www.cve.org/CVERecord?id=CVE-2019-17011
- https://www.cve.org/CVERecord?id=CVE-2019-17012
Topics Covered
Resolution
SRPMS
- 7/core/thunderbird-68.3.0-1.mga7
- 7/core/thunderbird-l10n-68.3.0-1.mga7
PREVIOUS
NEXT
Publication date: 08 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0377.html
Type: security
CVE: CVE-2019-13722,
CVE-2019-17005,
CVE-2019-17008,
CVE-2019-17009,
CVE-2019-17010,
CVE-2019-17011,
CVE-2019-17012
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!