openSUSE: 2019:2464-1: important: Recommended MozillaThunderbird

    Date09 Nov 2019
    CategoryopenSUSE
    118
    Posted ByLinuxSecurity Advisories
    Opensuse Large
    An update that fixes 9 vulnerabilities is now available.
       openSUSE Security Update: Recommended update for MozillaThunderbird
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2464-1
    Rating:             important
    References:         #1149126 #1149429 #1151186 #1152778 #1153879 
                        #1154738 
    Cross-References:   CVE-2019-11757 CVE-2019-11758 CVE-2019-11759
                        CVE-2019-11760 CVE-2019-11761 CVE-2019-11762
                        CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
                       
    Affected Products:
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that fixes 9 vulnerabilities is now available.
    
    Description:
    
       This update for MozillaThunderbird to version 68.2.1 provides the
       following fixes:
    
       - Security issues fixed (bsc#1154738):
         * CVE-2019-15903: Fixed a heap overflow in the expat library
           (bsc#1149429).
         * CVE-2019-11757: Fixed a use-after-free when creating index updates in
           IndexedDB (bsc#1154738).
         * CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total
           Security (bsc#1154738).
         * CVE-2019-11759: Fixed a stack buffer overflow in HKDF output
           (bsc#1154738).
         * CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking
           (bsc#1154738).
         * CVE-2019-11761: Fixed an unintended access to a privileged JSONView
           object (bsc#1154738).
         * CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
         * CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
         * CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).
    
       Other fixes (bsc#1153879):
         * Some attachments couldn't be opened in messages originating from MS
           Outlook 2016.
         * Address book import from CSV.
         * Performance problem in message body search.
         * Ctrl+Enter to send a message would open an attachment if the
           attachment pane had focus.
         * Calendar: Issues with "Today Pane" start-up.
         * Calendar: Glitches with custom repeat and reminder number input.
         * Calendar: Problems with WCAP provider.
         * A language for the user interface can now be chosen in the advanced
           settings
         * Fixed an issue with Google authentication (OAuth2)
         * Fixed an issue where selected or unread messages were not shown in the
           correct color in the thread pane under some circumstances
         * Fixed an issue where when using a language pack, names of standard
           folders were not localized (bsc#1149126)
         * Fixed an issue where the address book default startup directory in
           preferences panel not persisted
         * Fixed various visual glitches
         * Fixed issues with the  chat
         * Fixed building with rust >= 1.38.
         * Fixrd LTO build without PGO.
         * Removed kde.js since disabling instantApply breaks extensions and is
           now obsolete with the move to HTML views for preferences. (bsc#1151186)
         * Updated create-tar.sh. (bsc#1152778)
         * Deactivated the crashreporter for the last remaining arch.
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-2464=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.0 (x86_64):
    
          MozillaThunderbird-68.2.1-lp150.3.54.1
          MozillaThunderbird-debuginfo-68.2.1-lp150.3.54.1
          MozillaThunderbird-debugsource-68.2.1-lp150.3.54.1
          MozillaThunderbird-translations-common-68.2.1-lp150.3.54.1
          MozillaThunderbird-translations-other-68.2.1-lp150.3.54.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-11757.html
       https://www.suse.com/security/cve/CVE-2019-11758.html
       https://www.suse.com/security/cve/CVE-2019-11759.html
       https://www.suse.com/security/cve/CVE-2019-11760.html
       https://www.suse.com/security/cve/CVE-2019-11761.html
       https://www.suse.com/security/cve/CVE-2019-11762.html
       https://www.suse.com/security/cve/CVE-2019-11763.html
       https://www.suse.com/security/cve/CVE-2019-11764.html
       https://www.suse.com/security/cve/CVE-2019-15903.html
       https://bugzilla.suse.com/1149126
       https://bugzilla.suse.com/1149429
       https://bugzilla.suse.com/1151186
       https://bugzilla.suse.com/1152778
       https://bugzilla.suse.com/1153879
       https://bugzilla.suse.com/1154738
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.