—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2019:4195-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:4195
Issue date: 2019-12-10
CVE Names: CVE-2019-17005 CVE-2019-17008 CVE-2019-17010
CVE-2019-17011 CVE-2019-17012
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) – ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.3.0.
Security Fix(es):
* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)
* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
(CVE-2019-17012)
* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)
* Mozilla: Use-after-free when performing device orientation checks
(CVE-2019-17010)
* Mozilla: Use-after-free when retrieving a document in antitracking
(CVE-2019-17011)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1779431 – CVE-2019-17008 Mozilla: Use-after-free in worker destruction
1779434 – CVE-2019-17010 Mozilla: Use-after-free when performing device orientation checks
1779435 – CVE-2019-17005 Mozilla: Buffer overflow in plain text serializer
1779436 – CVE-2019-17011 Mozilla: Use-after-free when retrieving a document in antitracking
1779437 – CVE-2019-17012 Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-68.3.0-2.el8_1.src.rpm
ppc64le:
thunderbird-68.3.0-2.el8_1.ppc64le.rpm
thunderbird-debuginfo-68.3.0-2.el8_1.ppc64le.rpm
thunderbird-debugsource-68.3.0-2.el8_1.ppc64le.rpm
x86_64:
thunderbird-68.3.0-2.el8_1.x86_64.rpm
thunderbird-debuginfo-68.3.0-2.el8_1.x86_64.rpm
thunderbird-debugsource-68.3.0-2.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-17005
https://access.redhat.com/security/cve/CVE-2019-17008
https://access.redhat.com/security/cve/CVE-2019-17010
https://access.redhat.com/security/cve/CVE-2019-17011
https://access.redhat.com/security/cve/CVE-2019-17012
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXe/xxtzjgjWX9erEAQj4gQ//f9AW1PxJlo8qvHNOCLaDSjIhr+6Y3o3o
5HkybOmzkVds2ZRoJumTIvCHfAjCWdlP1SPN7SIh8i6qnHqIMjtawt5+/urR4ABj
iXszp6AivY/kZ8tVl5yuQNDCJ3PEGEd0QRUgdgzFBkf9x6wvR5H9BA96JB+Su3/C
IsGhS2SsA6qh/fhCbTkzfdiTJAcmKyMvnDzKxhH60UrWucTHqT00jTfmM+r6n+1c
S0dA38/935WETP5+zwei7LfOukX54tZ59zdh+Hz+ZGHu8JgVF+wfhNBWUmLo5B6K
mWakfL8Q390QC9+xObsQ6/gA3vYbU/YSU9Us0uwJOcRkWSbLGyrgmwGNnmHTO6B6
HxD5bXyYbvpY1qCMO5Q6YTYaMrYpDJMwFew/G/XvPL4nl1tFhYqPCmK4Z5JdbLll
8AWNjZpaCTldBIOSHgCZFNNygv+LGLy6g45690ZYhNOxM0vT3IkKKYc7IC5dK2dE
97bJy/qqiQIVVgNxyGQcjBjYF8yabrbqG4zg8TYu9mmDbaQIec4uyZQpuW6wBAub
2wgzZ0rbZPYraO4Gxm3Gxkk/sgWzhJ4w2nt2Yla2+O6Q/El8JR5ahi/4+znL9lJk
FX8/tIpAW8k17n9zdnHI/u3m3GohcnomIWEV8nreGB6sxKlCIoJy8JvObMVZMM7b
Konwg8viQeo=
=3Yoz
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2019:4148-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:4148
Issue date: 2019-12-10
CVE Names: CVE-2019-17005 CVE-2019-17008 CVE-2019-17010
CVE-2019-17011 CVE-2019-17012
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.3.0.
Security Fix(es):
* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)
* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
(CVE-2019-17012)
* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)
* Mozilla: Use-after-free when performing device orientation checks
(CVE-2019-17010)
* Mozilla: Use-after-free when retrieving a document in antitracking
(CVE-2019-17011)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1779431 – CVE-2019-17008 Mozilla: Use-after-free in worker destruction
1779434 – CVE-2019-17010 Mozilla: Use-after-free when performing device orientation checks
1779435 – CVE-2019-17005 Mozilla: Buffer overflow in plain text serializer
1779436 – CVE-2019-17011 Mozilla: Use-after-free when retrieving a document in antitracking
1779437 – CVE-2019-17012 Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-68.3.0-1.el7_7.src.rpm
x86_64:
thunderbird-68.3.0-1.el7_7.x86_64.rpm
thunderbird-debuginfo-68.3.0-1.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-68.3.0-1.el7_7.src.rpm
ppc64le:
thunderbird-68.3.0-1.el7_7.ppc64le.rpm
thunderbird-debuginfo-68.3.0-1.el7_7.ppc64le.rpm
x86_64:
thunderbird-68.3.0-1.el7_7.x86_64.rpm
thunderbird-debuginfo-68.3.0-1.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-68.3.0-1.el7_7.src.rpm
x86_64:
thunderbird-68.3.0-1.el7_7.x86_64.rpm
thunderbird-debuginfo-68.3.0-1.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-17005
https://access.redhat.com/security/cve/CVE-2019-17008
https://access.redhat.com/security/cve/CVE-2019-17010
https://access.redhat.com/security/cve/CVE-2019-17011
https://access.redhat.com/security/cve/CVE-2019-17012
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXe+IlNzjgjWX9erEAQhMCQ//XkbUPHLcbI0bYuMtAHIMKRG0CGm7omjD
YpCwt8hJoI0jn1TYEdiTdv6oh4Wabaxs6x88mp8WPvTn1G2rdbuFP8KxyMz1LeIW
WzqBMiQ5uBiMWlC7BPluGzQ9DSFJ3bSLhLLNy1gbQIO7yb42mwbvKJeivm36+bJO
R5Ylh80g+r7F8MYeLJtiKKcbmpISciYhdrvjHlnH22mwMRreymCffDECobjud8Pa
ugPMZFR+Fu4XmjmfGL6NEEJaTRY95Le9eAML4GuXivq5h4YPfImWoFiPWiLr2VHs
656Dd5n8ii8MHTei+X38MQC5hS2PqAVlnLd9CCwhmLvstxROM1zaUHdlXjcocjgt
uqSIJDl1MldQQtHOkTPHoCArf21qpcEsAIYSx0W+zRrWZUaKvAlSJqWuCPpp0vI+
/WhAjzDgM6i4gdf4s6g7u/qHJ0VR+R+V3xQR7ENMdnDFWRdS1lfPciM1FN1st2dO
9rGOkzsmBJYlvOHILu6aexGLTkDdxLeSs+TZ4S7W9mqcKhrUTzhqLNqB85mJw5Nd
PVb4ytsGoOZIC3uO6gry+Uuns4gvwnO3Edh5EysNDEvQmoSKreTqQwq3z0zpATiJ
Ws1vXfFgnymcZz2ELOHBAmBhM6BTR6l4NRaYpHN/iKHOzUDNYQlV+K1F3nXF7+BY
1mWsXUkTUss=
=Et5F
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce