Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE: 2016:3019-1 Important: MozillaThunderbird Security Risk

opensuse
Calendar Grey December 6, 2016
Dist Opensuse Esm H88
This patch tackles vital vulnerabilities in Mozilla Firefox for Fedora, improving security and system reliability.
An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata is ...

Description

This update for MozillaThunderbird fixes some potential security issues

and bugs.

The following security flaws cannot be exploited through email because

scripting is disabled when reading mail, but are potentially risks in

browser or browser-like contexts:

- CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,

bsc#1012964)

- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1

(bsc#1010411)

- CVE-2016-5297: Incorrect argument length checking in Javascript

(bsc#1010401)

- CVE-2016-9066: Integer overflow leading to a buffer overflow in

nsScriptLoadHandler (bsc#1010404)

- CVE-2016-5291: Same-origin policy violation using local HTML file and

saved shortcut file (bsc#1010410)

- CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5

(bsc#1010427)

The update contains changes in behavior:

- Changed recipient address entry: Arrow-keys now copy the pop-up value to

the input field....

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue software update important openSUSE MozillaThunderbird

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2016-1412=1

To bring your system up-to-date, use "zypper patch".

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 s390x x86_64):

MozillaThunderbird-45.5.1-17.1

MozillaThunderbird-devel-45.5.1-17.1

MozillaThunderbird-translations-common-45.5.1-17.1

MozillaThunderbird-translations-other-45.5.1-17.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-buildsymbols-45.5.1-17.1

References

https://www.suse.com/security/cve/CVE-2016-5290.html

https://www.suse.com/security/cve/CVE-2016-5291.html

https://www.suse.com/security/cve/CVE-2016-5296.html

https://www.suse.com/security/cve/CVE-2016-5297.html

https://www.suse.com/security/cve/CVE-2016-9066.html

https://www.suse.com/security/cve/CVE-2016-9079.html

https://bugzilla.suse.com/1009026

https://bugzilla.suse.com/1010401

https://bugzilla.suse.com/1010404

https://bugzilla.suse.com/1010410

https://bugzilla.suse.com/1010411

https://bugzilla.suse.com/1010427

https://bugzilla.suse.com/1012964

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:3019-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory security issue software update important openSUSE MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here