Rocky Linux: RLSA-2023:1809 thunderbird security update
Summary
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): * Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427) * Mozilla: Fullscreen notification obscured (CVE-2023-29533) * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535) * Mozilla: Invalid free from JavaScript code (CVE-2023-29536) * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550) * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945) * Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479) * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539) * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541) * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548) * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
thunderbird-0:102.10.0-2.el9_1.src.rpm
thunderbird-0:102.10.0-2.el9_1.x86_64.rpm
thunderbird-debuginfo-0:102.10.0-2.el9_1.x86_64.rpm
thunderbird-debugsource-0:102.10.0-2.el9_1.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2183278
https://bugzilla.redhat.com/show_bug.cgi?id=2186101
https://bugzilla.redhat.com/show_bug.cgi?id=2186102
https://bugzilla.redhat.com/show_bug.cgi?id=2186103
https://bugzilla.redhat.com/show_bug.cgi?id=2186104
https://bugzilla.redhat.com/show_bug.cgi?id=2186105
https://bugzilla.redhat.com/show_bug.cgi?id=2186106
https://bugzilla.redhat.com/show_bug.cgi?id=2186109
https://bugzilla.redhat.com/show_bug.cgi?id=2186110
https://bugzilla.redhat.com/show_bug.cgi?id=2186111
https://bugzilla.redhat.com/show_bug.cgi?id=2186734
https://bugzilla.redhat.com/show_bug.cgi?id=2186735