Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
98
security advisorysoftware updatesecurity impactRed Hat Enterprise Linux 8: RHSA-2023-3221-01 Important Email Update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:3221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3221 Issue date: 2023-05-18 CVE Names: CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212) * Mozilla: Potentialmemory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups 2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver 2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking 2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code 2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar 2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData() 2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-102.11.0-1.el8_7.src.rpm aarch64: thunderbird-102.11.0-1.el8_7.aarch64.rpm thunderbird-debuginfo-102.11.0-1.el8_7.aarch64.rpm thunderbird-debugsource-102.11.0-1.el8_7.aarch64.rpm ppc64le: thunderbird-102.11.0-1.el8_7.ppc64le.rpm thunderbird-debuginfo-102.11.0-1.el8_7.ppc64le.rpm thunderbird-debugsource-102.11.0-1.el8_7.ppc64le.rpm s390x: thunderbird-102.11.0-1.el8_7.s390x.rpm thunderbird-debuginfo-102.11.0-1.el8_7.s390x.rpm thunderbird-debugsource-102.11.0-1.el8_7.s390x.rpm x86_64: thunderbird-102.11.0-1.el8_7.x86_64.rpm thunderbird-debuginfo-102.11.0-1.el8_7.x86_64.rpm thunderbird-debugsource-102.11.0-1.el8_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-32205 https://access.redhat.com/security/cve/CVE-2023-32206 https://access.redhat.com/security/cve/CVE-2023-32207 https://access.redhat.com/security/cve/CVE-2023-32211 https://access.redhat.com/security/cve/CVE-2023-32212 https://access.redhat.com/security/cve/CVE-2023-32213 https://access.redhat.com/security/cve/CVE-2023-32215 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGYTKtzjgjWX9erEAQhh9g//e6xjoTQYWgazBuzFX51wi8Cf00uhetg1 qhLjfKtX5Hx+/UdPxmLRZ7J57v9+ST4ubDnW9aAzhzzlk0uuI7e5oFgDA4a7bJFv NAYD42Cu3w6XTY4otDjlCeMtyJYBAcbFpbghSeQETbhIfqN+X8jRLcHXS38mZOdw mh/OYXisQC3j/zhs9Pa4jfaiIh1Cm0/zpUsEgIlcplE7YrBpD4i0c4XQPT1lAuD3 GX5Q+XRsP7W5ewtHEhVc0mc0WRrEOfzTnoosf7xn5cuINfnN1f0H/X53iUmqDfSR n8mj3zNn4iyW7bsVItWJmWVxM54UNXsIH+tZ0cwnuGhXKWZ35AF+i9cpa5p65JOm bOXymO1nw7tPNryswniTG/tRS6nP9W/OQNP2pXDzdI87SHMGcfRdiSyivCMD9ZFI Peet/iaOL0cGX0DRkqN0UxwNxozOgv4Ff5m747QNmnen2s+o/hxMZDA1+PYL16E2 kB4OBOtuqwxhhTJ4YeXvsg9wqxPiCfy5M36kjPauL3EXZd2teo2ZR2oJA81l5Apv 8mqSaJVEDD3i37I5zCP4XBcjXssxooXSj2M3MExaN01g+P77XOSUdzvRevByLo5r rZia4OzDHtNDdK9y1ZbXlKMJPgfeSjsrPdu3NK0imIoKMT0/XsZautjOcDD/BrGu blfouVD1Ks0=oAUw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2023
•Important
Red Hat
98
security advisoryRed Hat Enterprise LinuxMozillaRed Hat: 7 Important: Thunderbird Update Security Issues
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:0661-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0661 Issue date: 2021-02-24 CVE Names: CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1932109 - CVE-2021-23969 Mozilla: Content Security Policy violation report could have contained the destination of a redirect 1932110 - CVE-2021-23968 Mozilla: Content Security Policy violation report could have contained the destination of a redirect 1932111 - CVE-2021-23973 Mozilla: MediaError message property could have leaked information about cross-origin resources 1932112 - CVE-2021-23978 Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-78.8.0-1.el7_9.src.rpm x86_64: thunderbird-78.8.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-78.8.0-1.el7_9.src.rpm ppc64le: thunderbird-78.8.0-1.el7_9.ppc64le.rpm thunderbird-debuginfo-78.8.0-1.el7_9.ppc64le.rpm x86_64: thunderbird-78.8.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-78.8.0-1.el7_9.src.rpm x86_64: thunderbird-78.8.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-23968 https://access.redhat.com/security/cve/CVE-2021-23969 https://access.redhat.com/security/cve/CVE-2021-23973 https://access.redhat.com/security/cve/CVE-2021-23978 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZ4E9zjgjWX9erEAQhj2A/+InFXkTs3DbcxgUJ3Y5gpV0dEH2Z5tTra tWKLZNL2LH/TlGs9bg2N1C/ikaoT7u9/idRuQZYajXAJ9ATXVqinF55EzWUPw64J NqOooyNphFjgE3udlemNOrjW02OM+eUgMnT3VPWRG/YQdHHsc65lbhA/aQOMUC2D iGar5RkVnPx9gH99mrAVv+UjH2XOwo6y/GEiZgGlaELayWFZw3YYg4RFzN8VrAgt MBMst4gP/6r7Fm/EhkQKOOS/dRvJlBUM+dIxEd2m0Q2uYKw4JEfnPJCCgdXzw6Va 4yPVTJiQefafOB2g/+42PuHKH8TP+Y/aNbUlddAdW7nuolyV744hwU+JpVSz8aku bwkIuHK3X3Ezgaz6Pl6AgslvKtjNKnb4n/gbEoxwm7nAcC8OsSPJrifwMVKy8dcW ApxA0W7IIFD9mWkFVshhKn6n4wZOBACHi1PV87iEQJaOFXnmNBQOTFYx1X31Pt/G 4dfdJ92ibNLuAysAYXl7ZGKInvHqK2+ikowKjU4CC2/9Cs2eNgrHY0n8BL7P2U+R VTUunHsEnofKCB150Pg+/B3pgbyD9mENuel9BA8X0AUzKOorMw7Tr07Vs367bAs1 mJZHifAz+SYrhXuYZdKi+QMdpDpIERsauLg9fZb7UNwSbOJ7VvWt8oM8cf2lvuEc nQgp3YsR7q0=E0zZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 24, 2021
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat 8.0: RHSA-2020:5240-01 Critical: Thunderbird Security Update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:5240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5240 Issue date: 2020-11-30 CVE Names: CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manualand clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1898731 - CVE-2020-26951 Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code 1898732 - CVE-2020-16012 Mozilla: Variable time processing of cross-origin images during drawImage calls 1898733 - CVE-2020-26953 Mozilla: Fullscreen could be enabled without displaying the security UI 1898734 - CVE-2020-26956 Mozilla: XSS through paste (manual and clipboard API) 1898735 - CVE-2020-26958 Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions 1898736 - CVE-2020-26959 Mozilla: Use-after-free in WebRequestService 1898737 - CVE-2020-26960 Mozilla: Potential use-after-free in uses of nsTArray 1898738 - CVE-2020-26961 Mozilla: DoH did not filter IPv4 mapped IP Addresses 1898739 - CVE-2020-26965 Mozilla: Software keyboards may have remembered typed passwords 1898741 - CVE-2020-26968 Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.0): Source: thunderbird-78.5.0-1.el8_0.src.rpm ppc64le: thunderbird-78.5.0-1.el8_0.ppc64le.rpm thunderbird-debuginfo-78.5.0-1.el8_0.ppc64le.rpm thunderbird-debugsource-78.5.0-1.el8_0.ppc64le.rpm x86_64: thunderbird-78.5.0-1.el8_0.x86_64.rpm thunderbird-debuginfo-78.5.0-1.el8_0.x86_64.rpm thunderbird-debugsource-78.5.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-16012 https://access.redhat.com/security/cve/CVE-2020-26951 https://access.redhat.com/security/cve/CVE-2020-26953 https://access.redhat.com/security/cve/CVE-2020-26956 https://access.redhat.com/security/cve/CVE-2020-26958 https://access.redhat.com/security/cve/CVE-2020-26959 https://access.redhat.com/security/cve/CVE-2020-26960 https://access.redhat.com/security/cve/CVE-2020-26961 https://access.redhat.com/security/cve/CVE-2020-26965 https://access.redhat.com/security/cve/CVE-2020-26968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX8SvAtzjgjWX9erEAQghFBAAjz/Z7f/txj9beANFkBnkRyDGJ9LfBdrP b4WgXzxaqM6jJXFIdgTz+bGvX/vSoivkgtqFR5A6x5M0/QUskEBqWY/WhwOG4b0A RtVeuKUa2ASYTVb0caaOuAN41QCIzCEemZDvWr6Xi1vqM8m5EbayxfDqyV/oA8eN hOKtJUVfi8jD5+CCKnYlWXIAc6CQLCmxZzLmiLbIVVg0SXvdFRqcC0fd7TauE1+K GlGVk7k6tsFEackhn9vEEhRwMs2wH5G+HdfeLMmq9J6WQdCiXCvAhDZzV50u27u4 pfzJiqHGnpdDOltCkakX2DtFTKJtGEiPUBviXpygHocHF/eRY3WUf2vgxBGFn6ua 8eBMgWJ9D8vZr9M5OZP7OyNpyWuY+4SzAHApuEBUHgriUS7LUr7Yy+ixMEPQ8psu rQAOBJulm235rp8sSltcgbqErHZOIqHjqqq4CtvdWNBGqNDGWEFUArwPtqzjn0Qi obox9p7N8wsFWWWz1UtYKuCdzNXGyjTneoHPsa8dqo2EFYJo+Knv7n+0p8nyp1Eu tClVfuZcbZYnhzZCzbAB5YIPiLQ29g5AfIPiFDCH1IhKw8XNWF/i0Phpl0DdD6NH nNF0GrYbBdNaQwc98GFALJQUxk/DB43qIxYsudmkAOvz4VyuBkSdiVj2WzJjMOVo r62UI5pNWyU=/YnT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 30, 2020
•Important
Red Hat
200
security advisorycode executionDoS threatScientific Linux 6: Thunderbird Important CVE-2013-0788 Security Update
Important: thunderbird security update. Date: Tue, 2 Apr 2013 08:41:29 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploadedto i386: autofs-5.0.5-74.el6_4.i686.rpm boost-1.41.0-17.el6_4.i686.rpm boost-date-time-1.41.0-17.el6_4.i686.rpm boost-devel-1.41.0-17.el6_4.i686.rpm boost-doc-1.41.0-17.el6_4.i686.rpm boost-filesystem-1.41.0-17.el6_4.i686.rpm boost-graph-1.41.0-17.el6_4.i686.rpm boost-graph-mpich2-1.41.0-17.el6_4.i686.rpm boost-graph-openmpi-1.41.0-17.el6_4.i686.rpm boost-iostreams-1.41.0-17.el6_4.i686.rpm boost-math-1.41.0-17.el6_4.i686.rpm boost-mpich2-1.41.0-17.el6_4.i686.rpm boost-mpich2-devel-1.41.0-17.el6_4.i686.rpm boost-mpich2-python-1.41.0-17.el6_4.i686.rpm boost-openmpi-1.41.0-17.el6_4.i686.rpm boost-openmpi-devel-1.41.0-17.el6_4.i686.rpm boost-openmpi-python-1.41.0-17.el6_4.i686.rpm boost-program-options-1.41.0-17.el6_4.i686.rpm boost-python-1.41.0-17.el6_4.i686.rpm boost-regex-1.41.0-17.el6_4.i686.rpm boost-serialization-1.41.0-17.el6_4.i686.rpm boost-signals-1.41.0-17.el6_4.i686.rpm boost-static-1.41.0-17.el6_4.i686.rpm boost-system-1.41.0-17.el6_4.i686.rpm boost-test-1.41.0-17.el6_4.i686.rpm boost-thread-1.41.0-17.el6_4.i686.rpm boost-wave-1.41.0-17.el6_4.i686.rpm debugmode-9.03.38-1.el6_4.1.i686.rpm fence-agents-3.1.5-25.el6_4.2.i686.rpm ghostscript-8.70-15.el6_4.1.i686.rpm ghostscript-devel-8.70-15.el6_4.1.i686.rpm ghostscript-doc-8.70-15.el6_4.1.i686.rpm ghostscript-gtk-8.70-15.el6_4.1.i686.rpm gnome-power-manager-2.28.3-7.el6_4.i686.rpm gnome-power-manager-extra-2.28.3-7.el6_4.i686.rpm initscripts-9.03.38-1.el6_4.1.i686.rpm ipa-admintools-3.0.0-26.el6_4.2.i686.rpm ipa-client-3.0.0-26.el6_4.2.i686.rpm ipa-python-3.0.0-26.el6_4.2.i686.rpm ipa-server-3.0.0-26.el6_4.2.i686.rpm ipa-server-selinux-3.0.0-26.el6_4.2.i686.rpm ipa-server-trust-ad-3.0.0-26.el6_4.2.i686.rpm ipmitool-1.8.11-14.el6_4.1.i686.rpm libcgroup-0.37-7.1.el6_4.i686.rpm libcgroup-devel-0.37-7.1.el6_4.i686.rpm libcgroup-pam-0.37-7.1.el6_4.i686.rpm libvirt-0.10.2-18.el6_4.2.i686.rpm libvirt-client-0.10.2-18.el6_4.2.i686.rpm libvirt-devel-0.10.2-18.el6_4.2.i686.rpm libvirt-python-0.10.2-18.el6_4.2.i686.rpm openldap-2.4.23-32.el6_4.i686.rpm openldap-clients-2.4.23-32.el6_4.i686.rpm openldap-devel-2.4.23-32.el6_4.i686.rpm openldap-servers-2.4.23-32.el6_4.i686.rpm openldap-servers-sql-2.4.23-32.el6_4.i686.rpm pcs-0.9.26-10.el6_4.1.noarch.rpm piranha-0.8.6-2.el6_4.1.i686.rpm qemu-guest-agent-0.12.1.2-2.355.el6_4.1.i686.rpm spice-vdagent-0.12.0-4.el6_4.1.i686.rpm virt-viewer-0.5.2-18.el6_4.2.i686.rpm vsftpd-2.2.2-11.el6_4.1.i686.rpm x86_64: autofs-5.0.5-74.el6_4.x86_64.rpm boost-1.41.0-17.el6_4.x86_64.rpm boost-date-time-1.41.0-17.el6_4.i686.rpm boost-date-time-1.41.0-17.el6_4.x86_64.rpm boost-devel-1.41.0-17.el6_4.i686.rpm boost-devel-1.41.0-17.el6_4.x86_64.rpm boost-doc-1.41.0-17.el6_4.x86_64.rpm boost-filesystem-1.41.0-17.el6_4.i686.rpm boost-filesystem-1.41.0-17.el6_4.x86_64.rpm boost-graph-1.41.0-17.el6_4.i686.rpm boost-graph-1.41.0-17.el6_4.x86_64.rpm boost-graph-mpich2-1.41.0-17.el6_4.i686.rpm boost-graph-mpich2-1.41.0-17.el6_4.x86_64.rpm boost-graph-openmpi-1.41.0-17.el6_4.x86_64.rpm boost-iostreams-1.41.0-17.el6_4.i686.rpm boost-iostreams-1.41.0-17.el6_4.x86_64.rpm boost-math-1.41.0-17.el6_4.x86_64.rpm boost-mpich2-1.41.0-17.el6_4.i686.rpm boost-mpich2-1.41.0-17.el6_4.x86_64.rpm boost-mpich2-devel-1.41.0-17.el6_4.i686.rpm boost-mpich2-devel-1.41.0-17.el6_4.x86_64.rpm boost-mpich2-python-1.41.0-17.el6_4.i686.rpm boost-mpich2-python-1.41.0-17.el6_4.x86_64.rpm boost-openmpi-1.41.0-17.el6_4.x86_64.rpm boost-openmpi-devel-1.41.0-17.el6_4.i686.rpm boost-openmpi-devel-1.41.0-17.el6_4.x86_64.rpm boost-openmpi-python-1.41.0-17.el6_4.x86_64.rpm boost-program-options-1.41.0-17.el6_4.i686.rpm boost-program-options-1.41.0-17.el6_4.x86_64.rpm boost-python-1.41.0-17.el6_4.i686.rpm boost-python-1.41.0-17.el6_4.x86_64.rpm boost-regex-1.41.0-17.el6_4.i686.rpm boost-regex-1.41.0-17.el6_4.x86_64.rpm boost-serialization-1.41.0-17.el6_4.i686.rpm boost-serialization-1.41.0-17.el6_4.x86_64.rpm boost-signals-1.41.0-17.el6_4.i686.rpm boost-signals-1.41.0-17.el6_4.x86_64.rpm boost-static-1.41.0-17.el6_4.x86_64.rpm boost-system-1.41.0-17.el6_4.i686.rpm boost-system-1.41.0-17.el6_4.x86_64.rpm boost-test-1.41.0-17.el6_4.i686.rpm boost-test-1.41.0-17.el6_4.x86_64.rpm boost-thread-1.41.0-17.el6_4.i686.rpm boost-thread-1.41.0-17.el6_4.x86_64.rpm boost-wave-1.41.0-17.el6_4.i686.rpm boost-wave-1.41.0-17.el6_4.x86_64.rpm debugmode-9.03.38-1.el6_4.1.x86_64.rpm fence-agents-3.1.5-25.el6_4.2.x86_64.rpm ghostscript-8.70-15.el6_4.1.i686.rpm ghostscript-8.70-15.el6_4.1.x86_64.rpm ghostscript-devel-8.70-15.el6_4.1.i686.rpm ghostscript-devel-8.70-15.el6_4.1.x86_64.rpm ghostscript-doc-8.70-15.el6_4.1.x86_64.rpm ghostscript-gtk-8.70-15.el6_4.1.x86_64.rpm gnome-power-manager-2.28.3-7.el6_4.x86_64.rpm gnome-power-manager-extra-2.28.3-7.el6_4.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.1.1.el6_4.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.1.1.el6_4.x86_64.rpm initscripts-9.03.38-1.el6_4.1.x86_64.rpm ipa-admintools-3.0.0-26.el6_4.2.x86_64.rpm ipa-client-3.0.0-26.el6_4.2.x86_64.rpm ipa-python-3.0.0-26.el6_4.2.x86_64.rpm ipa-server-3.0.0-26.el6_4.2.x86_64.rpm ipa-server-selinux-3.0.0-26.el6_4.2.x86_64.rpm ipa-server-trust-ad-3.0.0-26.el6_4.2.x86_64.rpm ipmitool-1.8.11-14.el6_4.1.x86_64.rpm libcgroup-0.37-7.1.el6_4.i686.rpm libcgroup-0.37-7.1.el6_4.x86_64.rpm libcgroup-devel-0.37-7.1.el6_4.i686.rpm libcgroup-devel-0.37-7.1.el6_4.x86_64.rpm libcgroup-pam-0.37-7.1.el6_4.i686.rpm libcgroup-pam-0.37-7.1.el6_4.x86_64.rpm libvirt-0.10.2-18.el6_4.2.x86_64.rpm libvirt-client-0.10.2-18.el6_4.2.i686.rpm libvirt-client-0.10.2-18.el6_4.2.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.2.i686.rpm libvirt-devel-0.10.2-18.el6_4.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.2.x86_64.rpm libvirt-python-0.10.2-18.el6_4.2.x86_64.rpm openldap-2.4.23-32.el6_4.i686.rpm openldap-2.4.23-32.el6_4.x86_64.rpm openldap-clients-2.4.23-32.el6_4.x86_64.rpm openldap-devel-2.4.23-32.el6_4.i686.rpm openldap-devel-2.4.23-32.el6_4.x86_64.rpm openldap-servers-2.4.23-32.el6_4.x86_64.rpm openldap-servers-sql-2.4.23-32.el6_4.x86_64.rpm pcs-0.9.26-10.el6_4.1.noarch.rpm piranha-0.8.6-2.el6_4.1.x86_64.rpm qemu-guest-agent-0.12.1.2-2.355.el6_4.1.x86_64.rpm qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.1.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.1.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.1.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.1.x86_64.rpm spice-vdagent-0.12.0-4.el6_4.1.x86_64.rpm virt-viewer-0.5.2-18.el6_4.2.x86_64.rpm vsftpd-2.2.2-11.el6_4.1.x86_64.rpm Date: Tue, 2 Apr 2013 23:12:34 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: thunderbird on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: thunderbird security update Issue Date: 2013-04-02 CVE Numbers: CVE-2013-0788 CVE-2013-0800 CVE-2013-0796 CVE-2013-0795 CVE-2013-0793 -- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0788) A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same- origin policy and execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0795) A flaw was found in the embedded WebGL library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: This issue only affected systems using the Intel Mesa graphics drivers. (CVE-2013-0796) An out-of-bounds write flaw was found in the embedded Cairo library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0800) A flaw was found in the way Thunderbird handled the JavaScript history functions. Malicious content could cause a page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks. (CVE-2013-0793) Note: All issues except CVE-2013-0800 cannot beexploited by a specially- crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. -- SL5 x86_64 thunderbird-17.0.5-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.5-1.el5_9.x86_64.rpm i386 thunderbird-17.0.5-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.5-1.el5_9.i386.rpm SL6 x86_64 thunderbird-17.0.5-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.5-1.el6_4.x86_64.rpm i386 thunderbird-17.0.5-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.5-1.el6_4.i686.rpm - Scientific Linux Development Team . Critical Thunderbird update addresses multiple security issues; ensure to restart for changes to apply.. Scientific Linux Update, Thunderbird Security Fix, Important Security Errata. . Severity: Important. LinuxSecurity.com Team
Apr 02, 2013
•Important
Scientific Linux
98
security advisorycriticalsecurity impactRed Hat: Urgent Notification RHSA-2011-0887-02 on Thunderbird Risks
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:0887-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0887.html Issue date: 2011-06-21 CVE Names: CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 ==================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could causeThunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2377) Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Thunderbird handled JavaScript Array objects. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2371) A use-after-free flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2373) It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 714576 - CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375,CVE-2011-2376 Mozilla Miscellaneous memory safety hazards (MFSA 2011-19) 714577 - CVE-2011-2373 Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20) 714580 - CVE-2011-2371 Mozilla Integer overflow and arbitrary code execution (MFSA 2011-22) 714581 - CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23) 714583 - CVE-2011-2362 Mozilla Cookie isolation error (MFSA 2011-24) 714929 - CVE-2011-2377 Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: thunderbird-1.5.0.12-39.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-39.el4.i386.rpm ia64: thunderbird-1.5.0.12-39.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.ia64.rpm ppc: thunderbird-1.5.0.12-39.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-39.el4.ppc.rpm s390: thunderbird-1.5.0.12-39.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-39.el4.s390.rpm s390x: thunderbird-1.5.0.12-39.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-39.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-39.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: thunderbird-1.5.0.12-39.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-39.el4.i386.rpm x86_64: thunderbird-1.5.0.12-39.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: thunderbird-1.5.0.12-39.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-39.el4.i386.rpm ia64: thunderbird-1.5.0.12-39.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-39.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: thunderbird-1.5.0.12-39.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-39.el4.i386.rpm ia64: thunderbird-1.5.0.12-39.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-39.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-39.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: thunderbird-2.0.0.24-18.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-18.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-18.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-18.el5_6.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: i386: thunderbird-2.0.0.24-18.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-18.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-18.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-18.el5_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-0083 https://access.redhat.com/security/cve/CVE-2011-0085 https://access.redhat.com/security/cve/CVE-2011-2362 https://access.redhat.com/security/cve/CVE-2011-2363 https://access.redhat.com/security/cve/CVE-2011-2364 https://access.redhat.com/security/cve/CVE-2011-2365 https://access.redhat.com/security/cve/CVE-2011-2371 https://access.redhat.com/security/cve/CVE-2011-2373 https://access.redhat.com/security/cve/CVE-2011-2374 https://access.redhat.com/security/cve/CVE-2011-2375 https://access.redhat.com/security/cve/CVE-2011-2376 https://access.redhat.com/security/cve/CVE-2011-2377 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOASiIXlSAg2UNWIIRAtZYAJ9ZBRu60zLLdoBrUyCrIZy0/phyMgCgky71 r+NwqFOqCUeak8TCpitMBnk=QSbg -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list
Jun 21, 2011
•Critical
Red Hat
98
security advisoryremote code executionmoderate impactRed Hat Enterprise 7: RHSA-2021-3009-01 Critical: Firefox Vulnerabilities
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0896-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0896.html Issue date: 2010-11-17 CVE Names: CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 ==================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious contentcould cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards 642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter 642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73) 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm ppc64: thunderbird-3.1.6-1.el6_0.ppc64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.ppc64.rpm s390x: thunderbird-3.1.6-1.el6_0.s390x.rpm thunderbird-debuginfo-3.1.6-1.el6_0.s390x.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3175 https://access.redhat.com/security/cve/CVE-2010-3176 https://access.redhat.com/security/cve/CVE-2010-3178 https://access.redhat.com/security/cve/CVE-2010-3179 https://access.redhat.com/security/cve/CVE-2010-3180 https://access.redhat.com/security/cve/CVE-2010-3182 https://access.redhat.com/security/cve/CVE-2010-3183 https://access.redhat.com/security/cve/CVE-2010-3765 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4/MMXlSAg2UNWIIRAvsVAJ0aDdhKalioIxr5ZqA1HB8HlqABpQCfQLnr Qjknaq4cNEmD5x+CdKRTHUw=2+Jy -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 17, 2010
Red Hat
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 4 RHSA-2010-0154-02 Moderate: Thunderbird Risk
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0154-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0154.html Issue date: 2010-03-17 CVE Names: CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3979 CVE-2010-0159 ==================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges ofthe user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick theuser into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 512128 - CVE-2009-2462 Mozilla Browser engine crashes 512131 - CVE-2009-2463 Mozilla Base64 decoding crash 512136 - CVE-2009-2466 Mozilla JavaScript engine crashes 512145 - CVE-2009-2470 Mozilla data corruption with SOCKS5 reply 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530162 - CVE-2009-0689 (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 546694 - CVE-2009-3979 Mozilla crash with evidence of memory corruption 566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) 566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm ppc: thunderbird-1.5.0.12-25.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ppc.rpm s390: thunderbird-1.5.0.12-25.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-25.el4.s390.rpm s390x: thunderbird-1.5.0.12-25.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-25.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2009-0689 https://access.redhat.com/security/cve/CVE-2009-1571 https://access.redhat.com/security/cve/CVE-2009-2462 https://access.redhat.com/security/cve/CVE-2009-2463 https://access.redhat.com/security/cve/CVE-2009-2466 https://access.redhat.com/security/cve/CVE-2009-2470 https://access.redhat.com/security/cve/CVE-2009-3072 https://access.redhat.com/security/cve/CVE-2009-3075 https://access.redhat.com/security/cve/CVE-2009-3076 https://access.redhat.com/security/cve/CVE-2009-3077 https://access.redhat.com/security/cve/CVE-2009-3274 https://access.redhat.com/security/cve/CVE-2009-3376 https://access.redhat.com/security/cve/CVE-2009-3380 https://access.redhat.com/security/cve/CVE-2009-3979 https://access.redhat.com/security/cve/CVE-2010-0159 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoPZMXlSAg2UNWIIRAuy2AJsGUflse43NwGrqRXD2m3hgkjiabQCfXXzl xxXD5RY2tiPE+loC0q4iBdk=SWx6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 17, 2010
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!