SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1458-1
Rating:             important
References:         #1130694 #1133267 #1135824 
Cross-References:   CVE-2018-18511 CVE-2019-11691 CVE-2019-11692
                    CVE-2019-11693 CVE-2019-11694 CVE-2019-11698
                    CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
                    CVE-2019-9800 CVE-2019-9815 CVE-2019-9816
                    CVE-2019-9817 CVE-2019-9818 CVE-2019-9819
                    CVE-2019-9820
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15-SP1
                    SUSE Linux Enterprise Workstation Extension 15
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   This update for MozillaThunderbird fixes the following issues:

   Mozilla Thunderbird was updated to 60.7.0.

   * Attachment pane of Write window no longer focussed when attaching files
     using a keyboard shortcut

   These security issues were fixed (MFSA 2019-15 bsc#1135824):

   * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on
     macOS
   * CVE-2019-9816: Type confusion with object groups and UnboxedObjects
   * CVE-2019-9817: Stealing of cross-domain images using canvas
   * CVE-2019-9818: Use-after-free in crash generation server
   * CVE-2019-9819: Compartment mismatch with fetch API
   * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
   * CVE-2019-11691: Use-after-free in XMLHttpRequest
   * CVE-2019-11692: Use-after-free removing listeners in the event listener
     manager
   * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
   * CVE-2019-7317: Use-after-free in png_image_free of libpng library
   * CVE-2019-9797: Cross-origin theft of images with createImageBitmap
   * CVE-2018-18511: Cross-origin theft of images with
     ImageBitmapRenderingContext
   * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in
     Windows sandbox
   * CVE-2019-11698: Theft of user history data through drag and drop of
     hyperlinks to and from bookmarks
   * CVE-2019-5798: Out-of-bounds read in Skia
   * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR
     60.7


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15-SP1:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1458=1

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2019-1458=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):

      MozillaThunderbird-60.7.0-3.33.2
      MozillaThunderbird-debuginfo-60.7.0-3.33.2
      MozillaThunderbird-debugsource-60.7.0-3.33.2
      MozillaThunderbird-translations-common-60.7.0-3.33.2
      MozillaThunderbird-translations-other-60.7.0-3.33.2

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):

      MozillaThunderbird-60.7.0-3.33.2
      MozillaThunderbird-debuginfo-60.7.0-3.33.2
      MozillaThunderbird-debugsource-60.7.0-3.33.2
      MozillaThunderbird-translations-common-60.7.0-3.33.2
      MozillaThunderbird-translations-other-60.7.0-3.33.2


References:

   https://www.suse.com/security/cve/CVE-2018-18511.html
   https://www.suse.com/security/cve/CVE-2019-11691.html
   https://www.suse.com/security/cve/CVE-2019-11692.html
   https://www.suse.com/security/cve/CVE-2019-11693.html
   https://www.suse.com/security/cve/CVE-2019-11694.html
   https://www.suse.com/security/cve/CVE-2019-11698.html
   https://www.suse.com/security/cve/CVE-2019-5798.html
   https://www.suse.com/security/cve/CVE-2019-7317.html
   https://www.suse.com/security/cve/CVE-2019-9797.html
   https://www.suse.com/security/cve/CVE-2019-9800.html
   https://www.suse.com/security/cve/CVE-2019-9815.html
   https://www.suse.com/security/cve/CVE-2019-9816.html
   https://www.suse.com/security/cve/CVE-2019-9817.html
   https://www.suse.com/security/cve/CVE-2019-9818.html
   https://www.suse.com/security/cve/CVE-2019-9819.html
   https://www.suse.com/security/cve/CVE-2019-9820.html
   https://bugzilla.suse.com/1130694
   https://bugzilla.suse.com/1133267
   https://bugzilla.suse.com/1135824

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2019:1458-1 important: MozillaThunderbird

June 11, 2019
An update that fixes 16 vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 60.7.0. * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut These security issues were fixed (MFSA 2019-15 bsc#1135824): * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816: Type confusion with object groups and UnboxedObjects * CVE-2019-9817: Stealing of cross-domain images using canvas * CVE-2019-9818: Use-after-free in crash generation server * CVE-2019-9819: Compartment mismatch with fetch API * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell * CVE-2019-11691: Use-after-free in XMLHttpRequest * CVE-2019-11692: Use-after-free removing listeners in the event listener manager * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317: Use-after-free in png_image_free of libpng library * CVE-2019-9797: Cross-origin theft of images with createImageBitmap * CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-5798: Out-of-bounds read in Skia * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1458=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1458=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.7.0-3.33.2 MozillaThunderbird-debuginfo-60.7.0-3.33.2 MozillaThunderbird-debugsource-60.7.0-3.33.2 MozillaThunderbird-translations-common-60.7.0-3.33.2 MozillaThunderbird-translations-other-60.7.0-3.33.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.7.0-3.33.2 MozillaThunderbird-debuginfo-60.7.0-3.33.2 MozillaThunderbird-debugsource-60.7.0-3.33.2 MozillaThunderbird-translations-common-60.7.0-3.33.2 MozillaThunderbird-translations-other-60.7.0-3.33.2

References

#1130694 #1133267 #1135824

Cross- CVE-2018-18511 CVE-2019-11691 CVE-2019-11692

CVE-2019-11693 CVE-2019-11694 CVE-2019-11698

CVE-2019-5798 CVE-2019-7317 CVE-2019-9797

CVE-2019-9800 CVE-2019-9815 CVE-2019-9816

CVE-2019-9817 CVE-2019-9818 CVE-2019-9819

CVE-2019-9820

Affected Products:

SUSE Linux Enterprise Workstation Extension 15-SP1

SUSE Linux Enterprise Workstation Extension 15

https://www.suse.com/security/cve/CVE-2018-18511.html

https://www.suse.com/security/cve/CVE-2019-11691.html

https://www.suse.com/security/cve/CVE-2019-11692.html

https://www.suse.com/security/cve/CVE-2019-11693.html

https://www.suse.com/security/cve/CVE-2019-11694.html

https://www.suse.com/security/cve/CVE-2019-11698.html

https://www.suse.com/security/cve/CVE-2019-5798.html

https://www.suse.com/security/cve/CVE-2019-7317.html

https://www.suse.com/security/cve/CVE-2019-9797.html

https://www.suse.com/security/cve/CVE-2019-9800.html

https://www.suse.com/security/cve/CVE-2019-9815.html

https://www.suse.com/security/cve/CVE-2019-9816.html

https://www.suse.com/security/cve/CVE-2019-9817.html

https://www.suse.com/security/cve/CVE-2019-9818.html

https://www.suse.com/security/cve/CVE-2019-9819.html

https://www.suse.com/security/cve/CVE-2019-9820.html

https://bugzilla.suse.com/1130694

https://bugzilla.suse.com/1133267

https://bugzilla.suse.com/1135824

Severity
Announcement ID: SUSE-SU-2019:1458-1
Rating: important

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved