Linux Security
Linux Security
Linux Security

RedHat: RHSA-2021-1201:01 Moderate: thunderbird security update

Date 14 Apr 2021
230
Posted By LinuxSecurity Advisories
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: thunderbird security update
Advisory ID:       RHSA-2021:1201-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1201
Issue date:        2021-04-14
CVE Names:         CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.1.

Security Fix(es):

* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism
to poison an existing key (CVE-2021-23991)

* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to
confuse the user (CVE-2021-23992)

* Mozilla: Inability to send encrypted OpenPGP email after importing a
crafted OpenPGP key (CVE-2021-23993)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1948393 - CVE-2021-23991 Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
1948394 - CVE-2021-23992 Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user
1948395 - CVE-2021-23993 Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
thunderbird-78.9.1-1.el8_2.src.rpm

aarch64:
thunderbird-78.9.1-1.el8_2.aarch64.rpm
thunderbird-debuginfo-78.9.1-1.el8_2.aarch64.rpm
thunderbird-debugsource-78.9.1-1.el8_2.aarch64.rpm

ppc64le:
thunderbird-78.9.1-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.9.1-1.el8_2.ppc64le.rpm
thunderbird-debugsource-78.9.1-1.el8_2.ppc64le.rpm

x86_64:
thunderbird-78.9.1-1.el8_2.x86_64.rpm
thunderbird-debuginfo-78.9.1-1.el8_2.x86_64.rpm
thunderbird-debugsource-78.9.1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23991
https://access.redhat.com/security/cve/CVE-2021-23992
https://access.redhat.com/security/cve/CVE-2021-23993
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYHchvtzjgjWX9erEAQioWBAApYJoRX4W1v/xiSPoBq2VLuo13qIjFxxy
Eb9MHUTAqOT4REPPCQesCOeSf4MXEtu/G2m0FtyNu8eh3OShxZXF7rH4OJTVfDY1
3iivbzmU5A2I+Z30ImS7Nwg6AYRVk3lUV+uF4et5xae4F3J2houRioSoYPXSzNpJ
mLYj9jCGedYiMk5KZEgUSCS2NBWXH5Vay98zUsnF4Yt0Nr2UDzfVzmoGi+RtUj1V
54Fy4LsZfqU7XMCBkCZPIjrAVdPJSAMo3q7EKC8/TGzIGbh5oMQREYoeepcIklES
3+dJzUT0MvRsJ9exNsVDNZ+a5YQdnubr2P+lQoRXOo80BgUPjJ44lFt0h15Y+kaN
wDoav90gPyLyU9YG6c39G1OT8PfTiPIjycE1eO0GUqP0PxfQWwtUvJtAL6NPxTQC
wtO5Ni4MilhJ4B19UfxrgXf6x44+gdj+yXBNQSQXJxJgB+X8ScAb/CFXxpPHVw8D
w/WR9N2r6Y3uFtk9kyfLTEbtA9ufgkXzDvxwbIYnPDGpWK7/KqXa9dKW9oRFqIKc
VVuEs8MNuBjdKgjywpAHK8s8qgrzAlFa9SlfC2W/afdJxi43p59tB3rZ1Qo1ZDZl
BC0wXs5JJuTSubJuoqwdBhWktP8tZLRbKUigkEG++y7axdY+f+wYXbNkPNxlmWFB
2FHm1T+hlz0=
=dRF5
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
https://listman.redhat.com/mailman/listinfo/rhsa-announce

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"69","type":"x","order":"1","pct":75.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.79,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.