Scientific Linux alert SLSA-2016:2973-1 (thunderbird)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Important: thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 
Date:
    	       Wed, 21 Dec 2016 16:01:28 +0000
Message-ID:
    	       <20161221160128.20912.87197@slpackages.fnal.gov>
Synopsis:          Important: thunderbird security update
Advisory ID:       SLSA-2016:2973-1
Issue Date:        2016-12-21
CVE Numbers:       CVE-2016-9899
                   CVE-2016-9895
                   CVE-2016-9900
                   CVE-2016-9905
                   CVE-2016-9893
                   CVE-2016-9901
                   CVE-2016-9902
--

This update upgrades Thunderbird to version 45.6.0.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895,
CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9905)
--

SL5
  x86_64
    thunderbird-45.6.0-1.el5_11.x86_64.rpm
    thunderbird-debuginfo-45.6.0-1.el5_11.x86_64.rpm
  i386
    thunderbird-45.6.0-1.el5_11.i386.rpm
    thunderbird-debuginfo-45.6.0-1.el5_11.i386.rpm
SL6
  x86_64
    thunderbird-45.6.0-1.el6_8.x86_64.rpm
    thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm
  i386
    thunderbird-45.6.0-1.el6_8.i686.rpm
    thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm
SL7
  x86_64
    thunderbird-45.6.0-1.el7_3.x86_64.rpm
    thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64
Date:		Wed, 21 Dec 2016 16:01:28 +0000
Message-ID:		<20161221160128.20912.87197@slpackages.fnal.gov>