openSUSE: 2019:2464-1: important: Recommended MozillaThunderbird

    Date09 Nov 2019
    Posted ByLinuxSecurity Advisories
    An update that fixes 9 vulnerabilities is now available.
       openSUSE Security Update: Recommended update for MozillaThunderbird
    Announcement ID:    openSUSE-SU-2019:2464-1
    Rating:             important
    References:         #1149126 #1149429 #1151186 #1152778 #1153879 
    Cross-References:   CVE-2019-11757 CVE-2019-11758 CVE-2019-11759
                        CVE-2019-11760 CVE-2019-11761 CVE-2019-11762
                        CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
    Affected Products:
                        openSUSE Leap 15.0
       An update that fixes 9 vulnerabilities is now available.
       This update for MozillaThunderbird to version 68.2.1 provides the
       following fixes:
       - Security issues fixed (bsc#1154738):
         * CVE-2019-15903: Fixed a heap overflow in the expat library
         * CVE-2019-11757: Fixed a use-after-free when creating index updates in
           IndexedDB (bsc#1154738).
         * CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total
           Security (bsc#1154738).
         * CVE-2019-11759: Fixed a stack buffer overflow in HKDF output
         * CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking
         * CVE-2019-11761: Fixed an unintended access to a privileged JSONView
           object (bsc#1154738).
         * CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
         * CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
         * CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).
       Other fixes (bsc#1153879):
         * Some attachments couldn't be opened in messages originating from MS
           Outlook 2016.
         * Address book import from CSV.
         * Performance problem in message body search.
         * Ctrl+Enter to send a message would open an attachment if the
           attachment pane had focus.
         * Calendar: Issues with "Today Pane" start-up.
         * Calendar: Glitches with custom repeat and reminder number input.
         * Calendar: Problems with WCAP provider.
         * A language for the user interface can now be chosen in the advanced
         * Fixed an issue with Google authentication (OAuth2)
         * Fixed an issue where selected or unread messages were not shown in the
           correct color in the thread pane under some circumstances
         * Fixed an issue where when using a language pack, names of standard
           folders were not localized (bsc#1149126)
         * Fixed an issue where the address book default startup directory in
           preferences panel not persisted
         * Fixed various visual glitches
         * Fixed issues with the  chat
         * Fixed building with rust >= 1.38.
         * Fixrd LTO build without PGO.
         * Removed kde.js since disabling instantApply breaks extensions and is
           now obsolete with the move to HTML views for preferences. (bsc#1151186)
         * Updated (bsc#1152778)
         * Deactivated the crashreporter for the last remaining arch.
       This update was imported from the SUSE:SLE-15:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Leap 15.0:
          zypper in -t patch openSUSE-2019-2464=1
    Package List:
       - openSUSE Leap 15.0 (x86_64):
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.