You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa thunderbird

Sigurnosni nedostatak programskog paketa thunderbird

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:5399-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5399
Issue date: 2020-12-14
CVE Names: CVE-2020-26970
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.1.

Security Fix(es):

* Mozilla: Stack overflow due to incorrect parsing of SMTP server response
codes (CVE-2020-26970)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1903443 – CVE-2020-26970 Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
thunderbird-78.5.1-1.el8_2.src.rpm

aarch64:
thunderbird-78.5.1-1.el8_2.aarch64.rpm
thunderbird-debuginfo-78.5.1-1.el8_2.aarch64.rpm
thunderbird-debugsource-78.5.1-1.el8_2.aarch64.rpm

ppc64le:
thunderbird-78.5.1-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.5.1-1.el8_2.ppc64le.rpm
thunderbird-debugsource-78.5.1-1.el8_2.ppc64le.rpm

x86_64:
thunderbird-78.5.1-1.el8_2.x86_64.rpm
thunderbird-debuginfo-78.5.1-1.el8_2.x86_64.rpm
thunderbird-debugsource-78.5.1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26970
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX9daJtzjgjWX9erEAQiH8Q/+Ju0+LOVf8CdZlH2CJUIWOoBC7ysbfSXW
FBU8IJmr0le1Rg2EQ1gNCbM2Ap1fCYaSvDtn8GzM9SQriDZUYaseTPb7l5hyr+nR
3FhPyrC4P1nScEUdWm8rfuXnK22R+Bcpv/9rhNKdRx6UcfdmWyPrxi5GxpwPbI8o
vUUttmxoP/LVf4bOJjPAAeN6M7mjZybRJnhYmBZWWbhvTHitdJ5n0qC0oJksTkoc
hCnrtz7eyLxpaRDs2Mop+gkRNOQE/kyjamEwOfLoD5G0mVBZCgBx1WVtM437kRcY
qAjDX8uSbzZxnp/rxqk7zU3w6tOHLQlht+cuvRqZDZf1TlizYH8PHWahLdrR8T24
H0stHL7uIyWaQrYqSFXze0anUGlF2B057P+8hi3Tx3VBClOFgt0TchpQMI8xIDOg
bhrkjm3eaMe/SFcVt6vhY9txGAQZ9WiJ5UvQcCgFbf1gurG8Aj61sbmjZDAEONTt
mNZlFOFbPEOmqICrAyQkqYgnMD/Khbn/9aMWMXb5Mi2Y6dHAmHHHjy8YwDgu/kzq
/jNeAMzzNbBON/2hCTUw5aEpqCcPDN28Ktmt/sgRWRBx5RsokE8Vko2HEUgbxu5L
e5zh3vYuhWK45YfbaTCn0cpp1idd7tJo6EC5/gr+qMMXg/zFYnTAy6y4csyFkKm0
rqgYX8Rfnd8=
=Hh7U
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:5398-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5398
Issue date: 2020-12-14
CVE Names: CVE-2020-26970
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.1.

Security Fix(es):

* Mozilla: Stack overflow due to incorrect parsing of SMTP server response
codes (CVE-2020-26970)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1903443 – CVE-2020-26970 Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
thunderbird-78.5.1-1.el8_3.src.rpm

aarch64:
thunderbird-78.5.1-1.el8_3.aarch64.rpm
thunderbird-debuginfo-78.5.1-1.el8_3.aarch64.rpm
thunderbird-debugsource-78.5.1-1.el8_3.aarch64.rpm

ppc64le:
thunderbird-78.5.1-1.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.5.1-1.el8_3.ppc64le.rpm
thunderbird-debugsource-78.5.1-1.el8_3.ppc64le.rpm

x86_64:
thunderbird-78.5.1-1.el8_3.x86_64.rpm
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26970
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX9dY+tzjgjWX9erEAQjN7BAAn3vEpl5PFBlvuKoaoWkVY9tgjGBhKnB4
TalWaaMglaU8sx3ExNH0S8i6Uhl4BTN9WjdU00Wdc508NWdnYUUT5nR2HWXUgFYl
gNzK31TRxVge9kx5rt6PwjSr5dzYLg3zveFT3p5Rclc+j1yQZpBV2NXburKktL2S
G0V3F00acUkt4YHDeTWqRoM9IZi5jdsF3Sqt5bKDIF9D0j+U6K60JHJ/cYURaU6+
c/KHJbmPFoGZS6YMqkzrOYOpuTPzVSskVTu/akjUSb/FQXozjtnoA6wlkFSZCq3G
SFX9AMxtc7rOmesKp2z780oZL8vBIRIJ7ayIkOJsxQ/Rcjc0swsrliRvHDy5lYPd
xUKcWZcXUTmEjWU6fc0CTb6K5oC7d2lWuFkLwR9b8Uw8xSBEiF50xEiaf9vnUp35
vUTsENsH9WFPNPlTkDri8nb20sTWL6lccBwAp/tkAkmHFjcaMu5Dg7ohU4+vWarq
8N4+G7noqU8mfPy4FI6e3WESmWYgh4Xy/PWRIqHxVCB4CHVFJKjx/ux34UysfJrT
f7CprsNXUyyn0AXiLpjLgwExFm3z+JIt+9Dcagy31Yrxvaq9LQTPzn1917L1DZOC
4kohS+aVWHwiTqwLezeUhdIciH3GzCYvnf9JbL1NfeK+wQHyWvB4zpM1N65BL7nt
O1P/FcUj7/A=
=KkAA
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:5400-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5400
Issue date: 2020-12-14
CVE Names: CVE-2020-26970
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.1.

Security Fix(es):

* Mozilla: Stack overflow due to incorrect parsing of SMTP server response
codes (CVE-2020-26970)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1903443 – CVE-2020-26970 Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-78.5.1-1.el7_9.src.rpm

x86_64:
thunderbird-78.5.1-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.5.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-78.5.1-1.el7_9.src.rpm

ppc64le:
thunderbird-78.5.1-1.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.5.1-1.el7_9.ppc64le.rpm

x86_64:
thunderbird-78.5.1-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.5.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-78.5.1-1.el7_9.src.rpm

x86_64:
thunderbird-78.5.1-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.5.1-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-26970
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX9dfx9zjgjWX9erEAQhTsw//ans95WyNoRGqOuLNeBnSGP3dcMD5BA4I
3ViEGgbLRE9EHeUfGx77ptLEna7OszARNO6eetH/v7LCeNppkpDNc9q1sC9gsum2
yIj/YJtigh3kpvz2Bkv4GPYeT/SDUpK5LMagkNOCdrRMsNZJl6B+QmJIjQv6cpzK
azQVQauQ/0WGrXEXKk6QkgsPbZPJ+0H6JKkqtG9MgRTC2Ai7Fl/oVVs/KIRIc7Rr
NHpCFZRoXLZGqOwlUCvLQDJmsCRdKb4BuaoGydTc31Orbq8bq137xSANPtzFWbhV
aQtGGbQBTjJtpZ9L1yA4UaDvJK/caBCW3uKNIHlimn4n8u/a0m4R8OQAP23skUc2
K8JgeL/ExF7kOHLwUS1xUuS9A+i3LnVT79kXSQ4uTeKbLiDk62HtmE051Io8TG73
8sXiLiaV57u2t9jxxTa25399smFbC0yl2GVcAMTHFlrVI704ZYUFRHFATOtdwZ/j
27aYdhbrx1HBJ54WAhS7W3oM1u79BWR8JHgpTiYe1fazDg8YuFP7O60HKbHmqW1g
1PaFYJAXD0qkvLSCLdoCM4Y6DUAOKqxGQStYDuKSWR1mCJsc361G9+D/AzbHAGsI
kvKA6PfC5Xekio+hC4u8lVACcWrKXXk1ccRb0WCVerV9ucMrBLSukswyOLYalD5S
gPgaqfSSqlo=
=74/h
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda,...

Close