Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE: 2019:1990-1 Moderate: MozillaThunderbird Security Patch

opensuse
Calendar Grey August 23, 2019
Dist Opensuse Esm H88
Essential security patch for Mozilla Thunderbird on openSUSE tackling various concerns and threats. Upgrade immediately.
An update that fixes 10 vulnerabilities is now available.

Description

This update for MozillaThunderbird fixes the following issues:

- Generate langpacks sequentially to avoid file corruption from racy file

writes (boo#1137970)

- Mozilla Thunderbird 60.8.0

* Calendar: Problems when editing event times, some related to AM/PM

setting in non-English locales MFSA 2019-23 (boo#1140868)

* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape

via installation of malicious languagepack

* CVE-2019-11711 (bmo#1552541) Script injection within domain through

inner window reuse

* CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made

with NPAPI plugins by following 308 redirects

* CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream

* CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys

may trigger a segmentation fault

* CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to

content XSS

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate openSUSE sandbox escape script injection MozillaThunderbird

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1990=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-60.8.0-88.1

MozillaThunderbird-buildsymbols-60.8.0-88.1

MozillaThunderbird-translations-common-60.8.0-88.1

MozillaThunderbird-translations-other-60.8.0-88.1

References

https://www.suse.com/security/cve/CVE-2019-11709.html

https://www.suse.com/security/cve/CVE-2019-11711.html

https://www.suse.com/security/cve/CVE-2019-11712.html

https://www.suse.com/security/cve/CVE-2019-11713.html

https://www.suse.com/security/cve/CVE-2019-11715.html

https://www.suse.com/security/cve/CVE-2019-11717.html

https://www.suse.com/security/cve/CVE-2019-11719.html

https://www.suse.com/security/cve/CVE-2019-11729.html

https://www.suse.com/security/cve/CVE-2019-11730.html

https://www.suse.com/security/cve/CVE-2019-9811.html

https://bugzilla.suse.com/1137970

https://bugzilla.suse.com/1140868

--

Announcement ID: openSUSE-SU-2019:1990-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory moderate openSUSE sandbox escape script injection MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here