Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

openSUSE 12.3 Advisory: 2013:1141-1 Important: MozillaThunderbird Update

opensuse
Calendar Grey July 4, 2013
Dist Opensuse Esm H88
The latest update for openSUSE addresses 10 vulnerabilities in MozillaThunderbird. Upgrade promptly to maintain security and enhance stability.
An update that fixes 10 vulnerabilities is now available

Description

MozillaThunderbird was updated to Thunderbird 17.0.7

(bnc#825935)

Security issues fixed:

* MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety

hazards

* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686

Memory corruption found using Address Sanitizer

* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)

Privileged content access and execution via XBL

* MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of

unmapped memory through onreadystatechange event

* MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the

body of XHR HEAD requests leads to CSRF attacks

* MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can

lead to information disclosure

* MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper

has inconsistent behavior

* MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a

privileged context

Topics%20covered

Topics Covered

security advisory update memory safety execution issue patch instruction openSUSE MozillaThunderbird

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-554

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-554

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

MozillaThunderbird-17.0.7-61.17.1

MozillaThunderbird-buildsymbols-17.0.7-61.17.1

MozillaThunderbird-debuginfo-17.0.7-61.17.1

MozillaThunderbird-debugsource-17.0.7-61.17.1

MozillaThunderbird-devel-17.0.7-61.17.1

MozillaThunderbird-devel-debuginfo-17.0.7-61.17.1

MozillaThunderbird-translations-common-17.0.7-61.17.1

MozillaThunderbird-translations-other-17.0.7-61.17.1

enigmail-1.5.1+17.0.7-61.17.1

enigmail-debuginfo-1.5.1+17.0.7-61.17.1

- openSUSE 12.2 (i586 x86_64):

MozillaThunderbird-17.0.7-49.47.1

MozillaThunderbird-buildsymbols-17.0.7-49.47.1

MozillaThunderbird-debuginfo-17.0.7-49.47.1

MozillaThunderbird-debugsource-17.0.7-49.47.1

MozillaThunderbird-devel-17.0.7-49.47.1

MozillaThunderbird-devel-debuginfo-17.0.7-49.47.1

MozillaThunderbird-translations-common-17.0.7-49.47.1

MozillaThunderbird-translations-other-17.0.7-49.47.1

enigmail-1.5.1+17.0.7-49.47.1

enigmail-debuginfo-1.5.1+17.0.7-49.47.1

References

https://www.suse.com/security/cve/CVE-2013-1682.html

https://www.suse.com/security/cve/CVE-2013-1684.html

https://www.suse.com/security/cve/CVE-2013-1685.html

https://www.suse.com/security/cve/CVE-2013-1686.html

https://www.suse.com/security/cve/CVE-2013-1687.html

https://www.suse.com/security/cve/CVE-2013-1690.html

https://www.suse.com/security/cve/CVE-2013-1692.html

https://www.suse.com/security/cve/CVE-2013-1693.html

https://www.suse.com/security/cve/CVE-2013-1694.html

https://www.suse.com/security/cve/CVE-2013-1697.html

https://login.microfocus.com/nidp/app/login?sid=0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:1141-1
Rating: important
Affected Products: openSUSE 12.3 openSUSE 12.2 .

Topics%20covered

Topics Covered

security advisory update memory safety execution issue patch instruction openSUSE MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here