openSUSE 15.4 SUSE-SU-2023:0329-1 Critical Mozilla Thunderbird Patch
opensuse
February 9, 2023
An update that fixes 9 vulnerabilities is now available.
Description
This update for MozillaThunderbird fixes the following issues:
Updated to version 102.7.1 (bsc#1207119):
* CVE-2022-46871: Fixed out of date libusrsctp.
* CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on
Linux.
* CVE-2023-23599: Fixed issue where malicious command that could be
hidden in devtools output on Windows.
* CVE-2023-23601: Fixed issue where URL being dragged from cross-origin
iframe into same tab triggers navigation.
* CVE-2023-23602: Fixed Content Security Policy not being correctly
applied to WebSockets in WebWorkers.
* CVE-2022-46877: Fixed fullscreen notification bypass.
* CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing
Content Security Policy via format directive.
* CVE-2023-23605: Fixed memory safety bugs.
Patch
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-329=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-329=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-329=1
Package List
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.7.1-150200.8.102.1
MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1
MozillaThunderbird-debugsource-102.7.1-150200.8.102.1
MozillaThunderbird-translations-common-102.7.1-150200.8.102.1
MozillaThunderbird-translations-other-102.7.1-150200.8.102.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-102.7.1-150200.8.102.1
MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1
MozillaThunderbird-debugsource-102.7.1-150200.8.102.1
MozillaThunderbird-translations-common-102.7.1-150200.8.102.1
MozillaThunderbird-translations-other-102.7.1-150200.8.102.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-102.7.1-150200.8.102.1
MozillaThunderbird-debuginfo-102.7.1-150200.8.102.1
MozillaThunderbird-debugsource-102.7.1-150200.8.102.1
MozillaThunderbird-translations-common-102.7.1-150200.8.102.1
MozillaThunderbird-translations-other-102.7.1-150200.8.102....
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2022-46871.html
https://www.suse.com/security/cve/CVE-2022-46877.html
https://www.suse.com/security/cve/CVE-2023-0430.html
https://www.suse.com/security/cve/CVE-2023-23598.html
https://www.suse.com/security/cve/CVE-2023-23599.html
https://www.suse.com/security/cve/CVE-2023-23601.html
https://www.suse.com/security/cve/CVE-2023-23602.html
https://www.suse.com/security/cve/CVE-2023-23603.html
https://www.suse.com/security/cve/CVE-2023-23605.html
https://bugzilla.suse.com/1207119
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:0329-1
Rating: important
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!