Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 9 MGASA-2024-0006 moderate: Thunderbird security concerns

mageia
Calendar Grey January 12, 2024
Dist Mageia Esm H88
Refined Thunderbird packages resolve multiple security flaws, enhancing safety for users and addressing serious concerns efficiently.
The updated packages fix security vulnerabilities: Truncated signed text was shown with a valid OpenPGP signature

Summary

The updated packages fix security vulnerabilities: Truncated signed text was shown with a valid OpenPGP signature. (CVE-2023-50762) S/MIME signature accepted despite mismatching message date. (CVE-2023-50761) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856) Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857) Heap buffer overflow in nsTextFragment. (CVE-2023-6858) Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859) Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861) Use-after-free in nsDNSService. (CVE-2023-6862) Undefined behavior in ShutdownObserver(). (CVE-2023-6863) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)

References

- https://bugs.mageia.org/show_bug.cgi?id=32643

- https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/

- https://www.cve.org/CVERecord?id=CVE-2023-6856

- https://www.cve.org/CVERecord?id=CVE-2023-6857

- https://www.cve.org/CVERecord?id=CVE-2023-6858

- https://www.cve.org/CVERecord?id=CVE-2023-6859

- https://www.cve.org/CVERecord?id=CVE-2023-6860

- https://www.cve.org/CVERecord?id=CVE-2023-6861

- https://www.cve.org/CVERecord?id=CVE-2023-6862

- https://www.cve.org/CVERecord?id=CVE-2023-6863

- https://www.cve.org/CVERecord?id=CVE-2023-6864

- https://www.cve.org/CVERecord?id=CVE-2023-50761

- https://www.cve.org/CVERecord?id=CVE-2023-50762

Topics%20covered

Topics Covered

security advisory moderate heap overflow Thunderbird OpenPGP Mageia

Resolution

SRPMS

- 9/core/thunderbird-115.6.0-1.mga9

- 9/core/thunderbird-l10n-115.6.0-1.mga9

Publication date: 12 Jan 2024
URL: https://advisories.mageia.org/MGASA-2024-0006.html
Type: security
CVE: CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-50761, CVE-2023-50762

Topics%20covered

Topics Covered

security advisory moderate heap overflow Thunderbird OpenPGP Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here