openSUSE Leap 42.3: Security Update for MozillaThunderbird - Important
opensuse
September 8, 2018
An update that fixes 13 vulnerabilities is now available.
Description
This update for MozillaThunderbird to version 60.0 fixes the following
issues:
These security issues were fixed:
- CVE-2018-12359: Prevent buffer overflow using computed size of canvas
element (bsc#1098998).
- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998).
- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998).
- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998).
- CVE-2018-5156: Prevent media recorder segmentation fault when track type
is changed during capture (bsc#1098998).
- CVE-2018-12363: Prevent use-after-free when appending DOM nodes
(bsc#1098998).
- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI
plugins (bsc#1098998).
- CVE-2018-12365: Prevent compromised IPC child process listing local
filenames (bsc#1098998).
- CVE-2018-12371: Prevent integer overflow in Skia library during edge
builder allocation (bsc#1098998).
-...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-994=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-994=1
Package List
- openSUSE Leap 42.3 (x86_64):
MozillaThunderbird-60.0-74.1
MozillaThunderbird-buildsymbols-60.0-74.1
MozillaThunderbird-debuginfo-60.0-74.1
MozillaThunderbird-debugsource-60.0-74.1
MozillaThunderbird-translations-common-60.0-74.1
MozillaThunderbird-translations-other-60.0-74.1
- openSUSE Leap 15.0 (x86_64):
MozillaThunderbird-60.0-lp150.3.14.1
MozillaThunderbird-buildsymbols-60.0-lp150.3.14.1
MozillaThunderbird-debuginfo-60.0-lp150.3.14.1
MozillaThunderbird-debugsource-60.0-lp150.3.14.1
MozillaThunderbird-translations-common-60.0-lp150.3.14.1
MozillaThunderbird-translations-other-60.0-lp150.3.14.1
References
https://www.suse.com/security/cve/CVE-2018-12359.html
https://www.suse.com/security/cve/CVE-2018-12360.html
https://www.suse.com/security/cve/CVE-2018-12361.html
https://www.suse.com/security/cve/CVE-2018-12362.html
https://www.suse.com/security/cve/CVE-2018-12363.html
https://www.suse.com/security/cve/CVE-2018-12364.html
https://www.suse.com/security/cve/CVE-2018-12365.html
https://www.suse.com/security/cve/CVE-2018-12366.html
https://www.suse.com/security/cve/CVE-2018-12367.html
https://www.suse.com/security/cve/CVE-2018-12371.html
https://www.suse.com/security/cve/CVE-2018-5156.html
https://www.suse.com/security/cve/CVE-2018-5187.html
https://www.suse.com/security/cve/CVE-2018-5188.html
https://bugzilla.suse.com/1084603
https://bugzilla.suse.com/1098998
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:2658-1
Rating: important
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!