Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorysoftware updateFedoraFedora 39: FEDORA-2024-3699706b25 Critical: Thunderbird Security Update
Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-3699706b25 2024-03-08 01:18:13.751720 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 39 Version : 115.8.1 Release : 1.fc39 URL : https://wiki.mozilla.org/Thunderbird:Home_Page Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 5 2024 Eike Rathke - 115.8.1-1 - Update to 115.8.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3699706b25' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 08, 2024
•Critical
Fedora
203
security advisorymoderateremote accessMageia: 2021-0189 Moderate: OpenSSH Remote Access Vulnerability
An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991). A crafted OpenPGP key with an invalid user ID could be used to confuse the user (MOZ-2021-23992). . MGASA-2021-0189 - Updated thunderbird packages fix security vulnerabilities Publication date: 15 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0189.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-23991, CVE-2021-23993 An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991). A crafted OpenPGP key with an invalid user ID could be used to confuse the user (MOZ-2021-23992). Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993). References: - https://bugs.mageia.org/show_bug.cgi?id=28764 - https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ - https://www.thunderbird.net/en-US/thunderbird/78.9.1/releasenotes/ - https://www.cve.org/CVERecord?id=CVE-2021-23991 - https://www.cve.org/CVERecord?id=CVE-2021-23993 SRPMS: - 7/core/thunderbird-78.9.1-1.mga7 - 7/core/thunderbird-l10n-78.9.1-1.mga7 - 8/core/thunderbird-78.9.1-1.mga8 - 8/core/thunderbird-l10n-78.9.1-1.mga8 . Latest Thunderbird releases address significant vulnerabilities affecting password safeguarding and secure communication protocols.. Thunderbird Security,Mageia Updates,OpenPGP Threats,Email Encryption Risks. . LinuxSecurity.com Team
Apr 15, 2021
Mageia
200
security advisorymoderatesecurity updateScientific Linux: SLSA-2021-1215-2 Moderate: Thunderbird Security Fixes
This update upgrades Thunderbird to version 78.9.1. * Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991) * Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992) * Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993) For more [More...]. Synopsis: Moderate: thunderbird security update Advisory ID: SLSA-2021:1192-1 Issue Date: 2021-04-14 CVE Numbers: CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 -- This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991) * Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992) * Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- - Scientific Linux Development Team . Mozilla Firefox recent security patch addresses a range of vulnerabilities in web rendering processes. Further details can be found in this announcement.. Thunderbird Security, OpenPGP Management, Mozilla Fixes, Security Update. . LinuxSecurity.com Team
Apr 14, 2021
Scientific Linux
89
security advisoryFedoraGnuPGFedora 27 Security Advisory: Thunderbird-Enigmail 2.0.4 Critical Efail Fix
Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulnerability-affects-encrypted-mails. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-25525a9346 2018-05-27 19:50:53.638839 --------------------------------------------------------------------------------Name : thunderbird-enigmail Product : Fedora 27 Version : 2.0.4 Release : 1.fc27 URL : https://enigmail.net/index.php/en/ Summary : Authentication and encryption extension for Mozilla Thunderbird Description : Enigmail is an extension to the mail client Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG --------------------------------------------------------------------------------Update Information: Enigmail update to version 2.0.4, introduces fixes for the efail attack. Please check and modify your Thunderbird settings if required: https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulnerability-affects-encrypted-mails --------------------------------------------------------------------------------ChangeLog: * Sat May 19 2018 Christian Dersch - 2.0.4-1 - new version fixing efail vulnerability * Fri Feb 9 2018 Fedora Release Engineering - 1.9.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Dec 22 2017 Christian Dersch - 1.9.9-1 - new version --------------------------------------------------------------------------------References: [ 1 ] Bug #1577912 - CVE-2017-17688 CVE-2017-17689 thunderbird-enigmail: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1577912 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2018-25525a9346' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 27, 2018
•Critical
Fedora
202
security advisorymoderatesecurity updateopenSUSE: 2018:1329-1 Moderate: Enigmail Email Exfiltration Fix
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1329-1 Rating: moderate References: #1093151 #1093152 Cross-References: CVE-2017-17688 CVE-2017-17689 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms (bsc#1093151) - CVE-2017-17689: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (bsc#1093152) This update also includes new and updated functionality: - The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard - Support for the Autocrypt standard, which is now enabled by default - Support for Pretty Easy Privacy (p?p) - Support for Web Key Directory (WKD) - The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard forprotected Email Headers - keys on keyring are automatically refreshed from keyservers at irregular intervals - Subsequent updates of Enigmail no longer require a restart of Thunderbird - Keys are internally addressed using the fingerprint instead of the key ID Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-470=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): enigmail-2.0.4-9.1 References: https://www.suse.com/security/cve/CVE-2017-17688.html https://www.suse.com/security/cve/CVE-2017-17689.html https://bugzilla.suse.com/1093151 https://bugzilla.suse.com/1093152 -- . The latest Fedora update targets several significant vulnerabilities in Thunderbird, reinforcing the security of email communications and improving verification processes.. openSUSE Security, Enigmail Update, Email Security Issues. . LinuxSecurity.com Team
May 17, 2018
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!