Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2020-0142 Moderate: Thunderbird Security Issues Resolved

mageia
Calendar Grey March 14, 2020
Dist Mageia Esm H88
The latest updates for Thunderbird in Mageia fix numerous vulnerabilities regarding memory integrity and command execution risks.
The updated packages fix a security vulnerabilities: Out of bounds reads in sctp_load_addresses_from_init

Summary

The updated packages fix a security vulnerabilities:
Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)
Use-after-free when removing data about origins. (CVE-2020-6805)
BodyStream::OnInputStreamReady was missing protections against state confusion. (CVE-2020-6806)
Use-after-free in cubeb during stream destruction. (CVE-2020-6807)
Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection. (CVE-2020-6811)
The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission. (CVE-2020-6812)
Memory safety bugs fixed in Thunderbird 68.6. (CVE-2020-6814)

References

- https://bugs.mageia.org/show_bug.cgi?id=26334

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/

- https://www.thunderbird.net/en-US/thunderbird/68.6.0/releasenotes/

- https://www.cve.org/CVERecord?id=CVE-2019-20503

- https://www.cve.org/CVERecord?id=CVE-2020-6805

- https://www.cve.org/CVERecord?id=CVE-2020-6806

- https://www.cve.org/CVERecord?id=CVE-2020-6807

- https://www.cve.org/CVERecord?id=CVE-2020-6811

- https://www.cve.org/CVERecord?id=CVE-2020-6812

- https://www.cve.org/CVERecord?id=CVE-2020-6814

Topics%20covered

Topics Covered

security advisory command injection thunderbird memory safety out of bounds use-after-free Mageia

Resolution

SRPMS

- 7/core/thunderbird-68.6.0-1.mga7

- 7/core/thunderbird-l10n-68.6.0-1.mga7

Publication date: 14 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0142.html
Type: security
CVE: CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814

Topics%20covered

Topics Covered

security advisory command injection thunderbird memory safety out of bounds use-after-free Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here