Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisorysoftware updatesecurity fixRocky Linux 9: RLSA-2024:8025 important: thunderbird security fix
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:8025", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2317442", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2317442", "description": ""}], "cves": [{"name": "CVE-2024-9680", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-9680", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-10-25T17:17:26.358059Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:128.3.1-1.el9_4.aarch64.rpm", "thunderbird-0:128.3.1-1.el9_4.ppc64le.rpm", "thunderbird-0:128.3.1-1.el9_4.s390x.rpm", "thunderbird-0:128.3.1-1.el9_4.src.rpm", "thunderbird-0:128.3.1-1.el9_4.x86_64.rpm", "thunderbird-debuginfo-0:128.3.1-1.el9_4.aarch64.rpm", "thunderbird-debuginfo-0:128.3.1-1.el9_4.ppc64le.rpm", "thunderbird-debuginfo-0:128.3.1-1.el9_4.s390x.rpm", "thunderbird-debuginfo-0:128.3.1-1.el9_4.x86_64.rpm", "thunderbird-debugsource-0:128.3.1-1.el9_4.aarch64.rpm", "thunderbird-debugsource-0:128.3.1-1.el9_4.ppc64le.rpm", "thunderbird-debugsource-0:128.3.1-1.el9_4.s390x.rpm", "thunderbird-debugsource-0:128.3.1-1.el9_4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Amajor update for Thunderbird security on Rocky Linux 9 tackles critical vulnerabilities, providing improved safety measures for its users.. Rocky Linux 9 update, thunderbird security patch, important mail client fix, software security advisory. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2024
•Important
Rocky Linux
98
security advisorysecurity impactred hat enterpriseRed Hat Enterprise Linux 8: RHSA-2022-1301-01 Important Thunderbird Update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2022:1301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1301 Issue date: 2022-04-11 CVE Names: CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Security Fix(es): * Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097) * Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281) * Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289) * Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196) * Mozilla: OpenPGP revocation information was ignored (CVE-2022-1197) * Mozilla: Use-after-free inDocumentL10n::TranslateDocument (CVE-2022-28282) * Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285) * Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713) * Mozilla: iframe contents could be rendered outside the border (CVE-2022-28286) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2072559 - CVE-2022-1097 Mozilla: Use-after-free in NSSToken objects 2072560 - CVE-2022-28281 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions 2072561 - CVE-2022-1196 Mozilla: Use-after-free after VR Process destruction 2072562 - CVE-2022-28282 Mozilla: Use-after-free in DocumentL10n::TranslateDocument 2072563 - CVE-2022-28285 Mozilla: Incorrect AliasSet used in JIT Codegen 2072564 - CVE-2022-28286 Mozilla: iframe contents could be rendered outside the border 2072565 - CVE-2022-24713 Mozilla: Denial of Service via complex regular expressions 2072566 - CVE-2022-28289 Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 2072963 - CVE-2022-1197 Mozilla: OpenPGP revocation information was ignored 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: thunderbird-91.8.0-1.el8_5.src.rpm aarch64: thunderbird-91.8.0-1.el8_5.aarch64.rpm thunderbird-debuginfo-91.8.0-1.el8_5.aarch64.rpm thunderbird-debugsource-91.8.0-1.el8_5.aarch64.rpm ppc64le: thunderbird-91.8.0-1.el8_5.ppc64le.rpm thunderbird-debuginfo-91.8.0-1.el8_5.ppc64le.rpm thunderbird-debugsource-91.8.0-1.el8_5.ppc64le.rpm s390x: thunderbird-91.8.0-1.el8_5.s390x.rpm thunderbird-debuginfo-91.8.0-1.el8_5.s390x.rpm thunderbird-debugsource-91.8.0-1.el8_5.s390x.rpm x86_64: thunderbird-91.8.0-1.el8_5.x86_64.rpm thunderbird-debuginfo-91.8.0-1.el8_5.x86_64.rpm thunderbird-debugsource-91.8.0-1.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1097 https://access.redhat.com/security/cve/CVE-2022-1196 https://access.redhat.com/security/cve/CVE-2022-1197 https://access.redhat.com/security/cve/CVE-2022-24713 https://access.redhat.com/security/cve/CVE-2022-28281 https://access.redhat.com/security/cve/CVE-2022-28282 https://access.redhat.com/security/cve/CVE-2022-28285 https://access.redhat.com/security/cve/CVE-2022-28286 https://access.redhat.com/security/cve/CVE-2022-28289 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYlRU3dzjgjWX9erEAQg6OQ/9F/mdFA4b6dMdqUjxegABy4f9aPnLxe6z gIzjBq6xxnBUFA5M8RJzkjscIdiTABJQCIpL/d+UE0SyGTCqxeP9oOB+7M/ThkPh SDzRAvfyFpm1qPei9HoWjllLwIvb6BwI+3KM91bro2QNqGwpYtZQsu3U9XEMtONa 51J4iJtRORVIZL+Cs/2dVlm2UxIGCxnp0qlwqQ5wt0q0ADYbWMwK9ez4ay+HtwRr onWjPXaGlbeCoA251q83PuFTYn26KiMghig8sDat942rmcLZImWdauUaJqul938X Ir9p3SD2kAr9icMdj3Tjrs/lYgjv8f8GRSNR3E5ZQkYPhTYoC8ePXCSslO1ehMAT mb1KbyMmWOS3zAl9faeVhE3q+OMAqmu6f5nzoYBLvuU3SazuL5NB19Gs69eFG29E cxRJdimS1JKSNdA2DPKhr6747G9W5CyI94skXHsSJu8JDmu9ug6nf76O3NVlfOeH oVXQCWbpMjvUtSUBcbuYtv7y8wrD+BPqx21U00vASoRTy5XoqK0fC4TaLyPT+uVI hWBrJu03NbYWnVQRaaGttpKBUFe00o2eAS3ckhnewJ92LJ2BAS4R7RWgcZCFgY4R Cr2R+sczmTIXaypK+bM0lJyfD5Sk7jLCq2SydhhvjfQsN4msrJsn202EcMhobkTr FZa7nVMwMSI=ajJw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 11, 2022
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat 8.1: RHSA-2020:5231-01 Important: Thunderbird Security Flaws
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:5231-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5231 Issue date: 2020-11-30 CVE Names: CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API)(CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1898731 - CVE-2020-26951 Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code 1898732 - CVE-2020-16012 Mozilla: Variable time processing of cross-origin images during drawImage calls 1898733 - CVE-2020-26953 Mozilla: Fullscreen could be enabled without displaying the security UI 1898734 - CVE-2020-26956 Mozilla: XSS through paste (manual and clipboard API) 1898735 - CVE-2020-26958 Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions 1898736 - CVE-2020-26959 Mozilla: Use-after-free in WebRequestService 1898737 - CVE-2020-26960 Mozilla: Potential use-after-free in uses of nsTArray 1898738 - CVE-2020-26961 Mozilla: DoH did not filter IPv4 mapped IP Addresses 1898739 - CVE-2020-26965 Mozilla: Software keyboards may have remembered typed passwords 1898741 - CVE-2020-26968 Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: thunderbird-78.5.0-1.el8_1.src.rpm ppc64le: thunderbird-78.5.0-1.el8_1.ppc64le.rpm thunderbird-debuginfo-78.5.0-1.el8_1.ppc64le.rpm thunderbird-debugsource-78.5.0-1.el8_1.ppc64le.rpm x86_64: thunderbird-78.5.0-1.el8_1.x86_64.rpm thunderbird-debuginfo-78.5.0-1.el8_1.x86_64.rpm thunderbird-debugsource-78.5.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-16012 https://access.redhat.com/security/cve/CVE-2020-26951 https://access.redhat.com/security/cve/CVE-2020-26953 https://access.redhat.com/security/cve/CVE-2020-26956 https://access.redhat.com/security/cve/CVE-2020-26958 https://access.redhat.com/security/cve/CVE-2020-26959 https://access.redhat.com/security/cve/CVE-2020-26960 https://access.redhat.com/security/cve/CVE-2020-26961 https://access.redhat.com/security/cve/CVE-2020-26965 https://access.redhat.com/security/cve/CVE-2020-26968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX8SwL9zjgjWX9erEAQj7yg/7BdsCMo0IKEBuou/DzcN+p42pRrpQVuVx qlM8PJSI10jo2crBSyt/eJf+nj2B+Mh35PAQ17PXqB15TiA/LWHwM2KUb37HgzfF PxcwQpL4prjPXQPR3FgJ502Llv7icTq/68LP/a5aMZEQXv0TBKJGUN3uJGWigwl0 wEB57zexbe//g/K7Q7RVvuIvxePgMOB1m4wIMxykiOz05OTGldKRxHwq25/f4dyt M7zFh+eDH/X85gg+zvV1UaCsHz5Ku85Rz7qgwQcCpmKBU/WHSD8CnTcBB3BIFSql ofkY5Ooj/atCO9YQCTFUrFV1Cw+p2bChTJzd8hHYK++avZVvDJGZgeSf0A80Vsu7 Oa+VJ5StygsBW93dR9UYaErUEj095EXVpvBybtPdi0waIH2O7NBFle4BRHFucT/2 aXNrZYoAmnOcqUxae9P7oZpuKHd/oNXlkGZQTG/n+M7MWibCtC+5ykA8CP2RQkCf 70prhG25Lv6qL8kDN/CNDLusNPRx/4fHndCYZRLCpo6DG1J4QaYniZ+6SLjd2Ak+ rPcTfoQ+YAqGJ9VTL0G5QX2EVgVQGYyhH5zkzAQR6iq40oINUEKvTII50bpQEAHU 5nC/5dmWtOAKMv3we8D6qKivFoc3yW1MF9gLVgF6l3G8oS6DI/e901s3U1yIl5XC 04xTb6CVzII=ourn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 30, 2020
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat 8.0: RHSA-2020:5240-01 Critical: Thunderbird Security Update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:5240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5240 Issue date: 2020-11-30 CVE Names: CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manualand clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1898731 - CVE-2020-26951 Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code 1898732 - CVE-2020-16012 Mozilla: Variable time processing of cross-origin images during drawImage calls 1898733 - CVE-2020-26953 Mozilla: Fullscreen could be enabled without displaying the security UI 1898734 - CVE-2020-26956 Mozilla: XSS through paste (manual and clipboard API) 1898735 - CVE-2020-26958 Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions 1898736 - CVE-2020-26959 Mozilla: Use-after-free in WebRequestService 1898737 - CVE-2020-26960 Mozilla: Potential use-after-free in uses of nsTArray 1898738 - CVE-2020-26961 Mozilla: DoH did not filter IPv4 mapped IP Addresses 1898739 - CVE-2020-26965 Mozilla: Software keyboards may have remembered typed passwords 1898741 - CVE-2020-26968 Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.0): Source: thunderbird-78.5.0-1.el8_0.src.rpm ppc64le: thunderbird-78.5.0-1.el8_0.ppc64le.rpm thunderbird-debuginfo-78.5.0-1.el8_0.ppc64le.rpm thunderbird-debugsource-78.5.0-1.el8_0.ppc64le.rpm x86_64: thunderbird-78.5.0-1.el8_0.x86_64.rpm thunderbird-debuginfo-78.5.0-1.el8_0.x86_64.rpm thunderbird-debugsource-78.5.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-16012 https://access.redhat.com/security/cve/CVE-2020-26951 https://access.redhat.com/security/cve/CVE-2020-26953 https://access.redhat.com/security/cve/CVE-2020-26956 https://access.redhat.com/security/cve/CVE-2020-26958 https://access.redhat.com/security/cve/CVE-2020-26959 https://access.redhat.com/security/cve/CVE-2020-26960 https://access.redhat.com/security/cve/CVE-2020-26961 https://access.redhat.com/security/cve/CVE-2020-26965 https://access.redhat.com/security/cve/CVE-2020-26968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX8SvAtzjgjWX9erEAQghFBAAjz/Z7f/txj9beANFkBnkRyDGJ9LfBdrP b4WgXzxaqM6jJXFIdgTz+bGvX/vSoivkgtqFR5A6x5M0/QUskEBqWY/WhwOG4b0A RtVeuKUa2ASYTVb0caaOuAN41QCIzCEemZDvWr6Xi1vqM8m5EbayxfDqyV/oA8eN hOKtJUVfi8jD5+CCKnYlWXIAc6CQLCmxZzLmiLbIVVg0SXvdFRqcC0fd7TauE1+K GlGVk7k6tsFEackhn9vEEhRwMs2wH5G+HdfeLMmq9J6WQdCiXCvAhDZzV50u27u4 pfzJiqHGnpdDOltCkakX2DtFTKJtGEiPUBviXpygHocHF/eRY3WUf2vgxBGFn6ua 8eBMgWJ9D8vZr9M5OZP7OyNpyWuY+4SzAHApuEBUHgriUS7LUr7Yy+ixMEPQ8psu rQAOBJulm235rp8sSltcgbqErHZOIqHjqqq4CtvdWNBGqNDGWEFUArwPtqzjn0Qi obox9p7N8wsFWWWz1UtYKuCdzNXGyjTneoHPsa8dqo2EFYJo+Knv7n+0p8nyp1Eu tClVfuZcbZYnhzZCzbAB5YIPiLQ29g5AfIPiFDCH1IhKw8XNWF/i0Phpl0DdD6NH nNF0GrYbBdNaQwc98GFALJQUxk/DB43qIxYsudmkAOvz4VyuBkSdiVj2WzJjMOVo r62UI5pNWyU=/YnT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 30, 2020
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat: RHSA-2019-2774-01 Important: Thunderbird Security Update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:2774-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2774 Issue date: 2019-09-16 CVE Names: CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video(CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1748652 - CVE-2019-11740 Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 1748653 - CVE-2019-11742 Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images 1748654 - CVE-2019-11743 Mozilla: Cross-origin access to unload event attributes 1748655 - CVE-2019-11744 Mozilla: XSS by breaking out of title and textarea elements using innerHTML 1748656 - CVE-2019-11746 Mozilla: Use-after-free while manipulating video 1748657 - CVE-2019-11752 Mozilla: Use-after-free while extracting a key value in IndexedDB 1752307 - CVE-2019-11739 Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-60.9.0-2.el8_0.src.rpm ppc64le: thunderbird-60.9.0-2.el8_0.ppc64le.rpm thunderbird-debuginfo-60.9.0-2.el8_0.ppc64le.rpm thunderbird-debugsource-60.9.0-2.el8_0.ppc64le.rpm x86_64: thunderbird-60.9.0-2.el8_0.x86_64.rpm thunderbird-debuginfo-60.9.0-2.el8_0.x86_64.rpm thunderbird-debugsource-60.9.0-2.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-11739 https://access.redhat.com/security/cve/CVE-2019-11740 https://access.redhat.com/security/cve/CVE-2019-11742 https://access.redhat.com/security/cve/CVE-2019-11743 https://access.redhat.com/security/cve/CVE-2019-11744 https://access.redhat.com/security/cve/CVE-2019-11746 https://access.redhat.com/security/cve/CVE-2019-11752 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXX+ay9zjgjWX9erEAQg3DA/9F7Fm3th+1cfA+itR1i5EuWEPV22dNjJ1 iq+DvGxRg02TuicqDxMdnKL7ID/a67/6B2PSeCOk6wfneu4qHvpnGoXXNUUFVAtM fjjaJexa8zYOJCfFo8/LbHy2UVGtnt6Z5UJhcZYMhI42ajIDH1GFi3MzfXX9X7bj pQjlkHmyJvU4yTny6leXLBQDe4kH+4lg9B5DtXaoGOvQuC9wyYaTaF9P5SKE22ph QAb9JyYI/nYBYirPdCk0HEn0U4mSz1j34BJ8P0J4fzF5IB+bTyxX1qqlb8h2BNBF Y7sXXIZrcaTuXyzptznBRP2bJwjx6koynGmHVLB1JuPjH8Re60M7r0ohxVbO/CFw mFO9KDVnPcVvuIg3j1Hz35H1kOpjgymBXwJg4p30G+RJjuzpQ+eTxaPYs/Pd3RIo eAQCYBhRibUJVZIR9QujdxGdU2E+BXrc3q8e4HShHdAdR5wIk3Y3FwmBGTDhyG+C 4TfHt4I119maKgksPtq8eaCuvHtNVkuzh7GbXJS+H6U1iHF5XhUdMKjgJt5HGyV8 eeY/YI+mXNzlyOiMZR1ajJGJ5mxwqaugIUlaw7P+0UYYF63qzJgXBpabzK3srYWY F26hm4iVXOFimM1cOVCRE1V6M0xqYVvPsECEKpc1pfZDsWbFEjX/b6v4haRuwYls KYumzyA6O8E=2a8M -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 16, 2019
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!