Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorysoftware updatesecurity patchMageia 7: 2020-0300 Moderate: Thunderbird Email Security Patch
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection (CVE-2020-12398). When browsing a malicious page, a race condition in our SharedWorkerService . MGASA-2020-0300 - Updated thunderbird packages fix security vulnerability Publication date: 31 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0300.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421 If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection (CVE-2020-12398). When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash due to a use-after-free (CVE-2020-12405). Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash due to type confusion with NativeTypes. We presume that with enough effort that it could be exploited to run arbitrary code (CVE-2020-12406). Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12410). Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript (CVE-2020-12418). When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free in nsGlobalWindowInner. This could have led to memory corruption and a potentially exploitable crash(CVE-2020-12419). When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash (CVE-2020-12420). If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker (MFSA-2020-0001). When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user (CVE-2020-12421). References: - https://bugs.mageia.org/show_bug.cgi?id=26891 - https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/ - https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/ - https://www.cve.org/CVERecord?id=CVE-2020-12398 - https://www.cve.org/CVERecord?id=CVE-2020-12405 - https://www.cve.org/CVERecord?id=CVE-2020-12406 - https://www.cve.org/CVERecord?id=CVE-2020-12410 - https://www.cve.org/CVERecord?id=CVE-2020-12418 - https://www.cve.org/CVERecord?id=CVE-2020-12419 - https://www.cve.org/CVERecord?id=CVE-2020-12420 - https://www.cve.org/CVERecord?id=CVE-2020-12421 SRPMS: - 7/core/thunderbird-68.10.0-1.mga7 - 7/core/thunderbird-l10n-68.10.0-1.mga7 . Revised Thunderbird editions tackle critical vulnerabilities, improving the safeguarding of email information and ensuring user security.. Thunderbird Security, Mageia Updates, Email Protection, Security Fixes, Communication Encryption. . Severity: Important. LinuxSecurity.com Team
Jul 31, 2020
•Important
Mageia
202
security advisorymoderatesecurity updateopenSUSE: 2018:1708-1 Moderate: Enigmail Email Spoofing Fix
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1708-1 Rating: moderate References: #1096745 #1097525 Cross-References: CVE-2018-12019 CVE-2018-12020 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures: - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-630=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-630=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): enigmail-2.0.7-21.1 - openSUSE Leap 15.0 (x86_64): enigmail-2.0.7-lp150.2.12.1 References: https://www.suse.com/security/cve/CVE-2018-12019.html https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/show_bug.cgi?id=1096745 https://bugzilla.suse.com/show_bug.cgi?id=1097525 -- . This patch resolves a pair of security flaws in Enigmail for openSUSE. Ensure your system is protected against these issues.. openSUSE Security Update, Enigmail Fix, Email Spoofing, Moderate Security. . LinuxSecurity.com Team
Jun 15, 2018
OpenSUSE
202
security advisorymoderate threatemail protectionopenSUSE Leap 42.3 Security Advisory: 2018:1330-1 Moderate Enigmail Fix
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1330-1 Rating: moderate References: #1093151 #1093152 Cross-References: CVE-2017-17688 CVE-2017-17689 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms (bsc#1093151) - CVE-2017-17689: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (bsc#1093152) This update also includes new and updated functionality: - The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard - Support for the Autocrypt standard, which is now enabled by default - Support for Pretty Easy Privacy (p?p) - Support for Web Key Directory (WKD) - The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard forprotected Email Headers - keys on keyring are automatically refreshed from keyservers at irregular intervals - Subsequent updates of Enigmail no longer require a restart of Thunderbird - Keys are internally addressed using the fingerprint instead of the key ID Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for yourproduct: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-470=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): enigmail-2.0.4-12.1 References: https://www.suse.com/security/cve/CVE-2017-17688.html https://www.suse.com/security/cve/CVE-2017-17689.html https://bugzilla.suse.com/1093151 https://bugzilla.suse.com/1093152 -- . This patch addresses a couple of significant issues in Enigmail for Fedora, improving both email protection and overall user experience.. openSUSE, Enigmail Update, Email Protection Patch. . LinuxSecurity.com Team
May 17, 2018
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!