RedHat: RHSA-2020-3341-01 Important: Thunderbird Security Advisory
Aug 06, 2020
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:3341-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3341
Issue date: 2020-08-06
CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652
CVE-2020-15659
====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.11.0.
Security Fix(es):
* chromium-browser: Use after free in ANGLE (CVE-2020-6463)
* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)
* Mozilla: Potential leak of redirect targets when loading scripts in a
worker (CVE-2020-15652)
* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
(CVE-2020-15659)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker
1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-68.11.0-1.el8_2.src.rpm
aarch64:
thunderbird-68.11.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-68.11.0-1.el8_2.aarch64.rpm
ppc64le:
thunderbird-68.11.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-68.11.0-1.el8_2.ppc64le.rpm
x86_64:
thunderbird-68.11.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-68.11.0-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
7. References:
https://access.redhat.com/security/cve/CVE-2020-6463
https://access.redhat.com/security/cve/CVE-2020-6514
https://access.redhat.com/security/cve/CVE-2020-15652
https://access.redhat.com/security/cve/CVE-2020-15659
https://access.redhat.com/security/updates/classification#important
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXyutytzjgjWX9erEAQjfvA//StnG9BRnJa+Caz6k11lQmAmsLO+6yBII
MdfU1zT1s9qAd0/g4OeHnaFnXQAHPbuyt99eiCZkJkNDFrO+rm3kUzxONDh8R1LZ
RhrNIYNrhy8T76C2AyKdTI+Yi6eDCOy3YKhZGrMfZpHgsf2Im6clP6wZYxu8zX7t
+fkevwPgi+vYs0PxOau0HG9m00JL6dAE434S6x+CLwJ7RlNNDKjA7iU061/+HJPH
rKOCrSk8xAGaMOd3qAtcJEjYYZEUpCVoaAniMgccpA6C/Xu16y8Hp0shniCHtb6Q
gcezEdavzhK6KcycWZHNPqprIhAhUGEqkp2Fhh0XWauYN2n7EOkynr/Oc9kIoWpu
9N+fiK5+UJjkL/FnNIaAcajdX0/PPnGDYsDC2nU1tl6LP1PjzppQviPLpTwj/jdx
m27xMID/RHewaserMJ7h4dJo+mfARe6rq8s9ManIC8Y6s+6V5CBEIa0zPC8dFoA0
a53+WEAut9UJA0BhDCB6gtCf4DrUpeF5ABrNrF5eaZyammHX18iUasiLS8y1pLCL
r56mCA1RftS7xKc5V5SJ1dfsvA5mY1ucf4dDgdl4lACbEpv1GGtopeLn5YVo3ejg
p4OYbmdHwWT9Z2YY64hq4ubMY0MYAF3uEqCxaWt1Q1mMqTzEIQh6TSF+YYLLEyk5
wjlzQ8KQVFQ=UPhn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
RedHat: RHSA-2020-3341-01 Important: Thunderbird Security Advisory
red hat
August 6, 2020
An update for thunderbird is now available for Red Hat Enterprise Linux 8
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
Summary
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.11.0.
Security Fix(es):
* chromium-browser: Use after free in ANGLE (CVE-2020-6463)
* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)
* Mozilla: Potential leak of redirect targets when loading scripts in a
worker (CVE-2020-15652)
* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
(CVE-2020-15659)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2020-6463 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-15652 https://access.redhat.com/security/cve/CVE-2020-15659 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-68.11.0-1.el8_2.src.rpm
aarch64:
thunderbird-68.11.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-68.11.0-1.el8_2.aarch64.rpm
ppc64le:
thunderbird-68.11.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-68.11.0-1.el8_2.ppc64le.rpm
x86_64:
thunderbird-68.11.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-68.11.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-68.11.0-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:3341-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3341
Issue date: 2020-08-06
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64
Bugs Fixed
1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker
1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!