Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

openSUSE: 2019:1577-1 Important: Mozilla Thunderbird Buffer Overflows

opensuse
Calendar Grey June 18, 2019
Dist Opensuse Esm H88
A fresh Mozilla Thunderbird security patch has been released for openSUSE addressing numerous vulnerabilities. This significant update includes essential corrections.
An update that fixes four vulnerabilities is now available.

Description

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird was updated to 60.7.1:

Security issues fixed with MFSA 2019-17 (boo#1137595)

- CVE-2019-11703: Fixed a heap-based buffer overflow in

icalmemorystrdupanddequote() (bsc#1137595).

- CVE-2019-11704: Fixed a heap-based buffer overflow in

parser_get_next_char() (bsc#1137595).

- CVE-2019-11705: Fixed a stack-based buffer overflow in

icalrecur_add_bydayrules() (bsc#1137595).

- CVE-2019-11706: Fixed a type confusion in

icaltimezone_get_vtimezone_properties() (bsc#1137595).

Also fixed:

- No prompt for smartcard PIN when S/MIME signing is used

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1577=1

Package List

- openSUSE Leap 42.3 (x86_64):

MozillaThunderbird-60.7.1-95.1

MozillaThunderbird-buildsymbols-60.7.1-95.1

MozillaThunderbird-debuginfo-60.7.1-95.1

MozillaThunderbird-debugsource-60.7.1-95.1

MozillaThunderbird-translations-common-60.7.1-95.1

MozillaThunderbird-translations-other-60.7.1-95.1

References

https://www.suse.com/security/cve/CVE-2019-11703.html

https://www.suse.com/security/cve/CVE-2019-11704.html

https://www.suse.com/security/cve/CVE-2019-11705.html

https://www.suse.com/security/cve/CVE-2019-11706.html

https://bugzilla.suse.com/1137595

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1577-1
Rating: important
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.