Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE 11.4: openSUSE-SU-2011:0935-2 Important: Mozilla Thunderbird

opensuse
Calendar Grey August 29, 2011
Dist Opensuse Esm H88
Important release for Mozilla Thunderbird tackling various vulnerabilities and improving memory integrity. Update today!
An update that contains security fixes can now be An update that contains security fixes can now be An update that contains security fixes can now be installed

Description

Mozilla Thunderbird was updated to 3.1.12 fixing various

bugs and security issues:

Mozilla Foundation Security Advisory 2011-32 (MFSA 2011-32)

https://www.mozilla.org/en-US/security/advisories/mfsa2011-32/

Many of the issues listed below are not exploitable through

mail since JavaScript is disabled by default in

Thunderbird. These particular issues may be triggered while

viewing RSS feeds and displaying full remote content rather

than the feed summary. Addons that expose browser

functionality may also enable such issues to be exploited.

* Miscellaneous memory safety hazards (rv:1.9.2.20)

Mozilla developers and community members identified and

fixed several memory safety bugs in the browser engine used

in Thunderbird 3.1 and other Mozilla-based products. Some

of these bugs showed evidence of memory corruption under

certain circumstances, and we presume that with enough

effort at least some of these could be exploited to run

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch MozillaThunderbird-5050 mozilla-js192-5010

- openSUSE 11.3:

zypper in -t patch MozillaThunderbird-5050

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.20 and 3.1.12]:

MozillaThunderbird-3.1.12-0.11.1

MozillaThunderbird-buildsymbols-3.1.12-0.11.1

MozillaThunderbird-devel-3.1.12-0.11.1

MozillaThunderbird-translations-common-3.1.12-0.11.1

MozillaThunderbird-translations-other-3.1.12-0.11.1

enigmail-1.1.2+3.1.12-0.11.1

mozilla-js192-1.9.2.20-1.2.1

mozilla-xulrunner192-1.9.2.20-1.2.1

mozilla-xulrunner192-buildsymbols-1.9.2.20-1.2.1

mozilla-xulrunner192-devel-1.9.2.20-1.2.1

mozilla-xulrunner192-gnome-1.9.2.20-1.2.1

mozilla-xulrunner192-translations-common-1.9.2.20-1.2.1

mozilla-xulrunner192-translations-other-1.9.2.20-1.2.1

- openSUSE 11.4 (x86_64) [New Version: 1.9.2.20]:

mozilla-js192-32bit-1.9.2.20-1.2.1

mozilla-xulrunner192-32bit-1.9.2.20-1.2.1

mozilla-xulrunner192-gnome-32bit-1.9.2.20-1.2.1

mozilla-xulrunner192-translations-common-32bit-1.9.2.20-1.2.1

mozilla-xulrunner192-translations-other-32bit-1.9.2.20-1.2.1

- openSUSE 11.3 (i586 x86_64) [New Version: 3.1.12]:

MozillaThunderbird-3.1.12-0.15.1

MozillaThun...

Read the Full Advisory

References

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2011:0935-2
Rating: important
Affected Products: openSUSE 11.4 openSUSE 11.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.