Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE: 2018:1359-1 Important Update for Mozilla Thunderbird

opensuse
Calendar Grey May 21, 2018
Dist Opensuse Esm H88
The recent Mozilla Thunderbird upgrade targets various security issues impacting openSUSE users, implementing essential fixes for critical vulnerabilities.
An update that fixes 13 vulnerabilities is now available.

Description

This update for Mozilla Thunderbird to version 52.8 fixes the following

issues:

Security issues fixed (MFSA 2018-13, boo#1092548):

- CVE-2018-5183: Backport critical security fixes in Skia

- CVE-2018-5154: Use-after-free with SVG animations and clip paths

- CVE-2018-5155: Use-after-free with SVG animations and text paths

- CVE-2018-5159: Integer overflow and out-of-bounds write in Skia

- CVE-2018-5168: Lightweight themes can be installed without user

interaction

- CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion

through legacy extension

- CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,

and Thunderbird 52.8

- CVE-2018-5161: Hang via malformed headers (bsc#1093970)

- CVE-2018-5162: Encrypted mail leaks plaintext through src attribute

(bsc#1093971)

- CVE-2018-5170: Filename spoofing for external attachments (bsc#1093972)

- CVE-2018-5184: Full plaintext recovery in S/MIME via...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow patch important Mozilla Thunderbird openSUSE alert

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-486=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-52.8-60.1

MozillaThunderbird-buildsymbols-52.8-60.1

MozillaThunderbird-debuginfo-52.8-60.1

MozillaThunderbird-debugsource-52.8-60.1

MozillaThunderbird-devel-52.8-60.1

MozillaThunderbird-translations-common-52.8-60.1

MozillaThunderbird-translations-other-52.8-60.1

References

https://www.suse.com/security/cve/CVE-2018-5150.html

https://www.suse.com/security/cve/CVE-2018-5154.html

https://www.suse.com/security/cve/CVE-2018-5155.html

https://www.suse.com/security/cve/CVE-2018-5159.html

https://www.suse.com/security/cve/CVE-2018-5161.html

https://www.suse.com/security/cve/CVE-2018-5162.html

https://www.suse.com/security/cve/CVE-2018-5168.html

https://www.suse.com/security/cve/CVE-2018-5170.html

https://www.suse.com/security/cve/CVE-2018-5174.html

https://www.suse.com/security/cve/CVE-2018-5178.html

https://www.suse.com/security/cve/CVE-2018-5183.html

https://www.suse.com/security/cve/CVE-2018-5184.html

https://www.suse.com/security/cve/CVE-2018-5185.html

https://bugzilla.suse.com/1092548

https://bugzilla.suse.com/1093152

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:1359-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory buffer overflow patch important Mozilla Thunderbird openSUSE alert

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here