You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa MozillaThunderbird

Sigurnosni nedostaci programskog paketa MozillaThunderbird

openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0231-1
Rating: important
References: #1162777 #1163368
Cross-References: CVE-2020-6792 CVE-2020-6793 CVE-2020-6794
CVE-2020-6795 CVE-2020-6797 CVE-2020-6798
CVE-2020-6800
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for MozillaThunderbird fixes the following issues:

– Mozilla Thunderbird 68.5 (bsc#1162777) MFSA 2020-07 (bsc#1163368)
* CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain
email messages
* CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird
52 does not delete unencrypted previously stored passwords
* CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with
multiple signatures
* CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open
permission could open arbitrary applications on Mac OSX
* CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could
result in JavaScript injection
* CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on
uninitialized data
* CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851,
bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in
Thunderbird 68.5

* new: Support for Client Identity IMAP/SMTP Service Extension
(bmo#1532388)
* new: Support for OAuth 2.0 authentication for POP3 accounts
(bmo#1538409)
* fixed: Status area goes blank during account setup (bmo#1593122)
* fixed: Calendar: Could not remove color for default categories
(bmo#1584853)
* fixed: Calendar: Prevent calendar component loading multiple times
(bmo#1606375)
* fixed: Calendar: Today pane did not retain width between sessions
(bmo#1610207)
* unresolved: When upgrading from Thunderbird version 60 to version 68,
add-ons are not automatically updated during the upgrade process. They
will however be updated during the add-
on update check. It is of course possible to reinstall compatible
add-ons via the Add-ons Manager or via addons.thunderbird.net.
(bmo#1574183)
* changed: Calendar: Task and Event tree colours adjusted for the dark
theme (bmo#1608344)
* fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773)
* fixed: Address-parsing crash on some IMAP servers when preference
mail.imap.use_envelope_cmd was set (bmo#1609690)
* fixed: Incorrect forwarding of HTML messages caused SMTP servers to
respond with a timeout (bmo#1222046)
* fixed: Calendar: Various parts of the calendar UI stopped working when
a second Thunderbird window opened (bmo#1608407)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-231=1

Package List:

– openSUSE Leap 15.1 (x86_64):

MozillaThunderbird-68.5.0-lp151.2.25.1
MozillaThunderbird-debuginfo-68.5.0-lp151.2.25.1
MozillaThunderbird-debugsource-68.5.0-lp151.2.25.1
MozillaThunderbird-translations-common-68.5.0-lp151.2.25.1
MozillaThunderbird-translations-other-68.5.0-lp151.2.25.1

References:

https://www.suse.com/security/cve/CVE-2020-6792.html
https://www.suse.com/security/cve/CVE-2020-6793.html
https://www.suse.com/security/cve/CVE-2020-6794.html
https://www.suse.com/security/cve/CVE-2020-6795.html
https://www.suse.com/security/cve/CVE-2020-6797.html
https://www.suse.com/security/cve/CVE-2020-6798.html
https://www.suse.com/security/cve/CVE-2020-6800.html
https://bugzilla.suse.com/1162777
https://bugzilla.suse.com/1163368


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili zaobilaženje sigurnosnih ograničenja....

Close