Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2020:0094-1 Important: MozillaThunderbird Security Update

opensuse
Calendar Grey January 22, 2020
Dist Opensuse Esm H88
Mozilla Thunderbird's latest security patch resolves 7 significant vulnerabilities on openSUSE, improving both reliability and protection.
An update that fixes 7 vulnerabilities is now available.

Description

This update for MozillaThunderbird to version 68.4.1 fixes the following

issues:

Security issues fixed:

- CVE-2019-17026: IonMonkey type confusion with StoreElementHole and

FallibleStoreElement

- CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting

- CVE-2019-17017: Type Confusion in XPCVariant.cpp

- CVE-2019-17022: CSS sanitization does not escape HTML tags

- CVE-2019-17024: multiple Memory safety bugs fixed

Non-security issues fixed:

- Various improvements when setting up an account for a Microsoft Exchange

server. For example better detection for Office 365 accounts.

This update was imported from the SUSE:SLE-15:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-94=1

Package List

- openSUSE Leap 15.1 (x86_64):

MozillaThunderbird-68.4.1-lp151.2.22.2

MozillaThunderbird-debuginfo-68.4.1-lp151.2.22.2

MozillaThunderbird-debugsource-68.4.1-lp151.2.22.2

MozillaThunderbird-translations-common-68.4.1-lp151.2.22.2

MozillaThunderbird-translations-other-68.4.1-lp151.2.22.2

References

https://www.suse.com/security/cve/CVE-2019-17015.html

https://www.suse.com/security/cve/CVE-2019-17016.html

https://www.suse.com/security/cve/CVE-2019-17017.html

https://www.suse.com/security/cve/CVE-2019-17021.html

https://www.suse.com/security/cve/CVE-2019-17022.html

https://www.suse.com/security/cve/CVE-2019-17024.html

https://www.suse.com/security/cve/CVE-2019-17026.html

https://bugzilla.suse.com/1160305

https://bugzilla.suse.com/1160498

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:0094-1
Rating: important
Affected Products: openSUSE Leap 15.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here