openSUSE: 2011:1076-2 Important: Mozilla Thunderbird Memory Issues

opensuse

October 4, 2011

An update that contains security fixes can now be installed

Description

Mozilla Thunderbird was updated to version 3.1.14, fixing

various bugs and security issues.

MFSA 2011-36: Mozilla developers identified and fixed

several memory safety bugs in the browser engine used in

Firefox and other Mozilla-based products. Some of these

bugs showed evidence of memory corruption under certain

circumstances, and we presume that with enough effort at

least some of these could be exploited to run arbitrary

code.

In general these flaws cannot be exploited through email in

the Thunderbird and SeaMonkey products because scripting is

disabled, but are potentially a risk in browser or

browser-like contexts in those products.

Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported

memory safety problems that affected Firefox 3.6 and

Firefox 6. (CVE-2011-2995)

Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor

Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous

reported memory safety problems...

Read the Full Advisory

Topics Covered

security advisory update exploit important memory safety Mozilla Thunderbird openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch MozillaThunderbird-5204

- openSUSE 11.3:

zypper in -t patch MozillaThunderbird-5204

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64) [New Version: 3.1.15]:

MozillaThunderbird-3.1.15-0.17.1

MozillaThunderbird-buildsymbols-3.1.15-0.17.1

MozillaThunderbird-devel-3.1.15-0.17.1

MozillaThunderbird-translations-common-3.1.15-0.17.1

MozillaThunderbird-translations-other-3.1.15-0.17.1

enigmail-1.1.2+3.1.15-0.17.1

- openSUSE 11.3 (i586 x86_64) [New Version: 3.1.15]:

MozillaThunderbird-3.1.15-0.21.1

MozillaThunderbird-devel-3.1.15-0.21.1

MozillaThunderbird-translations-common-3.1.15-0.21.1

MozillaThunderbird-translations-other-3.1.15-0.21.1

enigmail-1.1.2+3.1.15-0.21.1

References

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2011:1076-2

Rating: important

Affected Products: openSUSE 11.4 openSUSE 11.3 led. It includes two new package versions.

Topics Covered

security advisory update exploit important memory safety Mozilla Thunderbird openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2011:1076-2 Important: Mozilla Thunderbird Memory Issues

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2011:1076-2 Important: Mozilla Thunderbird Memory Issues

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!