Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

openSUSE Leap 42.3: 2017:2710-1 Important Mozilla Thunderbird Updates

opensuse
Calendar Grey October 12, 2017
Dist Opensuse Esm H88
Mozilla Thunderbird has released an update addressing 9 security vulnerabilities, among them critical weaknesses and a buffer overflow issue. It is advised to install the update immediately.
An update that fixes 9 vulnerabilities is now available

Description

Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)

* new behavior was introduced for replies to mailing list posts: "When

replying to a mailing list, reply will be sent to address in From

header ignoring Reply-to header". A new preference

mail.override_list_reply_to allows to restore the previous behavior.

* Under certain circumstances (image attachment and non-image

attachment), attached images were shown truncated in messages stored

in IMAP folders not synchronised for offline use.

* IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko

52.4esr

* CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API

* CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array

manipulation

* CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in

design mode

* CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and

validating elements with ANGLE

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical issue update buffer overflow important fix Mozilla Thunderbird openSUSE Leap

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1144=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1144=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

MozillaThunderbird-52.4.0-47.1

MozillaThunderbird-buildsymbols-52.4.0-47.1

MozillaThunderbird-debuginfo-52.4.0-47.1

MozillaThunderbird-debugsource-52.4.0-47.1

MozillaThunderbird-devel-52.4.0-47.1

MozillaThunderbird-translations-common-52.4.0-47.1

MozillaThunderbird-translations-other-52.4.0-47.1

- openSUSE Leap 42.2 (i586 x86_64):

MozillaThunderbird-52.4.0-41.18.1

MozillaThunderbird-buildsymbols-52.4.0-41.18.1

MozillaThunderbird-debuginfo-52.4.0-41.18.1

MozillaThunderbird-debugsource-52.4.0-41.18.1

MozillaThunderbird-devel-52.4.0-41.18.1

MozillaThunderbird-translations-common-52.4.0-41.18.1

MozillaThunderbird-translations-other-52.4.0-41.18.1

References

https://www.suse.com/security/cve/CVE-2017-7793.html

https://www.suse.com/security/cve/CVE-2017-7805.html

https://www.suse.com/security/cve/CVE-2017-7810.html

https://www.suse.com/security/cve/CVE-2017-7814.html

https://www.suse.com/security/cve/CVE-2017-7818.html

https://www.suse.com/security/cve/CVE-2017-7819.html

https://www.suse.com/security/cve/CVE-2017-7823.html

https://www.suse.com/security/cve/CVE-2017-7824.html

https://www.suse.com/security/cve/CVE-2017-7825.html

https://bugzilla.suse.com/1060445

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2710-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 .

Topics%20covered

Topics Covered

security advisory critical issue update buffer overflow important fix Mozilla Thunderbird openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here