You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Mozilla Thunderbird

Sigurnosni nedostaci programskog paketa Mozilla Thunderbird

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201908-20
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: August 16, 2019
Bugs: #688032, #690664
ID: 201908-20

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the
worst of which could result in the arbitrary execution of code.

Background
==========

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 mail-client/thunderbird < 60.8.0 >= 60.8.0
2 mail-client/thunderbird-bin
< 60.8.0 >= 60.8.0
——————————————————————-
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=mail-client/thunderbird-60.8.0”

All Mozilla Thunderbird binary users should upgrade to the latest
version:

# emerge –sync
# emerge –ask –oneshot -v “>=mail-client/thunderbird-bin-60.8.0”

References
==========

[ 1 ] CVE-2019-11703
https://nvd.nist.gov/vuln/detail/CVE-2019-11703
[ 2 ] CVE-2019-11704
https://nvd.nist.gov/vuln/detail/CVE-2019-11704
[ 3 ] CVE-2019-11705
https://nvd.nist.gov/vuln/detail/CVE-2019-11705
[ 4 ] CVE-2019-11706
https://nvd.nist.gov/vuln/detail/CVE-2019-11706
[ 5 ] CVE-2019-11709
https://nvd.nist.gov/vuln/detail/CVE-2019-11709
[ 6 ] CVE-2019-11711
https://nvd.nist.gov/vuln/detail/CVE-2019-11711
[ 7 ] CVE-2019-11712
https://nvd.nist.gov/vuln/detail/CVE-2019-11712
[ 8 ] CVE-2019-11713
https://nvd.nist.gov/vuln/detail/CVE-2019-11713
[ 9 ] CVE-2019-11715
https://nvd.nist.gov/vuln/detail/CVE-2019-11715
[ 10 ] CVE-2019-11717
https://nvd.nist.gov/vuln/detail/CVE-2019-11717
[ 11 ] CVE-2019-11719
https://nvd.nist.gov/vuln/detail/CVE-2019-11719
[ 12 ] CVE-2019-11729
https://nvd.nist.gov/vuln/detail/CVE-2019-11729
[ 13 ] CVE-2019-11730
https://nvd.nist.gov/vuln/detail/CVE-2019-11730
[ 14 ] CVE-2019-9811
https://nvd.nist.gov/vuln/detail/CVE-2019-9811

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-20

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl1W9RJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz
MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2
BVnGdQf+NtjUzsnfm6//pBkUJiL5viI6slJ4nF9Afj7sECh8LaV24c19ps3xpOlY
1wi1vUfvgkDvYoS/JG2TjdKeG0nDUsxc2Cjw6DQ/liHBl1TBOQhvS7HYOrSllQnt
ejWqOVnFImKyWajsKuv76w59hDbtTtuHpt2wEiuZCB2ZGvZmrkir9W2eEd6bIIxD
eMLltbxwaQDjL6BHQSlf157k0S2+eV+fQJg8nGNh8zfWQaFn3ddM0PEtnKAyx6vE
0OL0Dg3vJRMsDJRqTVhrSH8+ubJcfuhIV/4opWyi+1w1iweM/E+Yq2UaleYkTr2c
aqWEMb+K6FDuL608n5Meqk141uuP6A==
=GKgX
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close