This week, important updates have been issued for Thunderbird, Firefox and libsndfile
We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select.
On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!
Yours in Open Source,
Thunderbird The Discovery
Multiple important security issues have been discovered in the Thunderbird mail and newsgroup client. These vulnerabilities include uninitialized memory in a canvas object (CVE-2021-29980), incorrect instruction reordering during JIT optimization (CVE-2021-29984), a race condition when resolving DNS names (CVE-2021-29986), incorrect style treatment (CVE-2021-29988), use-after-free media channels (CVE-2021-29985) and memory safety bugs (CVE-2021-29989).
These flaws could result in memory corruption and the execution of arbitrary code.
These problems have been fixed in Thunderbird version 78.13.0. Upgrade now to secure your system and prevent attacks.
Mozilla developers and community members have reported multiple remotely-exploitable memory safety bugs in Firefox before version 91 (CVE-2021-29980, CVE-2021-29981, CVE-2021-29982 and CVE-2021-29984).
A remote attacker could exploit these issues to execute arbitrary code or trick the user into accepting additional site permissions through maliciously crafted webcontent.
These problems have been fixed upstream in Firefox version 91.0. Upgrade Firefox to version 91.0-1 immediately to protect sensitive information and prevent system compromise.
Four critical vulnerabilities have been discovered in the widely used libsndfile C library. They include a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 (CVE-2018-13139), a NULL pointer dereference in the function sf_write_int in sndfile.c (CVE-2018-19432), a heap buffer overflow vulnerability in msadpcm_decode_block (CVE-2021-3246) and a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 (CVE-2018-19758).
These issues allow remote attackers to cause denial of service (DoS) conditions.
An update for libsndfile fixes these flaws. Users impacted by these dangerous vulnerabilities should apply updates released by their distro(s) promptly to protect the integrity and availability of their systems.