Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

openSUSE: 2017:2707-1 Essential Update for Mozilla Thunderbird - High Risk

opensuse
Calendar Grey October 12, 2017
Dist Opensuse Esm H88
Crucial Mozilla Thunderbird patch addresses nine security flaws for openSUSE users. Act promptly to protect your device!
An update that fixes 9 vulnerabilities is now available.

Description

Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)

* new behavior was introduced for replies to mailing list posts: "When

replying to a mailing list, reply will be sent to address in From

header ignoring Reply-to header". A new preference

mail.override_list_reply_to allows to restore the previous behavior.

* Under certain circumstances (image attachment and non-image

attachment), attached images were shown truncated in messages stored

in IMAP folders not synchronised for offline use.

* IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko

52.4esr

* CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API

* CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array

manipulation

* CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in

design mode

* CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and

validating elements with ANGLE

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow data protection important update Mozilla Thunderbird use-after-free SUSE Linux Enterprise

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1144=1

To bring your system up-to-date, use "zypper patch".

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-52.4.0-45.1

MozillaThunderbird-buildsymbols-52.4.0-45.1

MozillaThunderbird-debuginfo-52.4.0-45.1

MozillaThunderbird-debugsource-52.4.0-45.1

MozillaThunderbird-devel-52.4.0-45.1

MozillaThunderbird-translations-common-52.4.0-45.1

MozillaThunderbird-translations-other-52.4.0-45.1

References

https://www.suse.com/security/cve/CVE-2017-7793.html

https://www.suse.com/security/cve/CVE-2017-7805.html

https://www.suse.com/security/cve/CVE-2017-7810.html

https://www.suse.com/security/cve/CVE-2017-7814.html

https://www.suse.com/security/cve/CVE-2017-7818.html

https://www.suse.com/security/cve/CVE-2017-7819.html

https://www.suse.com/security/cve/CVE-2017-7823.html

https://www.suse.com/security/cve/CVE-2017-7824.html

https://www.suse.com/security/cve/CVE-2017-7825.html

https://bugzilla.suse.com/1060445

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2707-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory buffer overflow data protection important update Mozilla Thunderbird use-after-free SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here