Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE: 2014:0976-1 Important: MozillaThunderbird Crash Issue

opensuse
Calendar Grey August 11, 2014
Dist Opensuse Esm H88
Upgrade to MozillaThunderbird version 24.7.0 to address several critical security vulnerabilities specifically impacting openSUSE users. Ensure your safety!
An update that fixes 6 vulnerabilities is now available.

Description

MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)

* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety

hazards

* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with

FireOnStateChange event

* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with

Cesium JavaScript library

* MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when

manipulating certificates in the trusted cache (solved with NSS 3.16.2

requirement)

* MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when

scaling high quality images

A standalone enigmail 1.7 package that was previously built as part of

MozillaThunderbird was added.

Topics%20covered

Topics Covered

security advisory software update important crash fix memory safety openSUSE MozillaThunderbird

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-487

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-487

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 x86_64):

MozillaThunderbird-24.7.0-70.27.1

MozillaThunderbird-buildsymbols-24.7.0-70.27.1

MozillaThunderbird-debuginfo-24.7.0-70.27.1

MozillaThunderbird-debugsource-24.7.0-70.27.1

MozillaThunderbird-devel-24.7.0-70.27.1

MozillaThunderbird-translations-common-24.7.0-70.27.1

MozillaThunderbird-translations-other-24.7.0-70.27.1

enigmail-1.7-2.1

enigmail-debuginfo-1.7-2.1

enigmail-debugsource-1.7-2.1

- openSUSE 12.3 (i586 x86_64):

MozillaThunderbird-24.7.0-61.55.1

MozillaThunderbird-buildsymbols-24.7.0-61.55.1

MozillaThunderbird-debuginfo-24.7.0-61.55.1

MozillaThunderbird-debugsource-24.7.0-61.55.1

MozillaThunderbird-devel-24.7.0-61.55.1

MozillaThunderbird-translations-common-24.7.0-61.55.1

MozillaThunderbird-translations-other-24.7.0-61.55.1

enigmail-1.7-2.1

enigmail-debuginfo-1.7-2.1

enigmail-debugsource-1.7-2.1

References

https://www.suse.com/security/cve/CVE-2014-1544.html

https://www.suse.com/security/cve/CVE-2014-1547.html

https://www.suse.com/security/cve/CVE-2014-1548.html

https://www.suse.com/security/cve/CVE-2014-1555.html

https://www.suse.com/security/cve/CVE-2014-1556.html

https://www.suse.com/security/cve/CVE-2014-1557.html

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2014:0976-1
Rating: important
Affected Products: openSUSE 13.1 openSUSE 12.3

Topics%20covered

Topics Covered

security advisory software update important crash fix memory safety openSUSE MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here