Scientific Linux alert SLSA-2018:1726-1 (thunderbird)
| From: | Pat Riehecky <riehecky@fnal.gov> | |
| To: | <scientific-linux-errata@listserv.fnal.gov> | |
| Subject: | Security ERRATA Important: thunderbird on SL6.x i386/x86_64 | |
| Date: | Thu, 24 May 2018 21:49:24 +0000 | |
| Message-ID: | <20180524214924.3841.42308@slpackages.fnal.gov> |
Synopsis: Important: thunderbird security update Advisory ID: SLSA-2018:1726-1 Issue Date: 2018-05-24 CVE Numbers: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5161 CVE-2018-5162 CVE-2018-5170 CVE-2018-5185 -- This update upgrades Thunderbird to version 52.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184) * Mozilla: Hang via malformed headers (CVE-2018-5161) * Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Filename spoofing for external attachments (CVE-2018-5170) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) * Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185) -- SL6 x86_64 thunderbird-52.8.0-2.el6_9.x86_64.rpm thunderbird-debuginfo-52.8.0-2.el6_9.x86_64.rpm i386 thunderbird-52.8.0-2.el6_9.i686.rpm thunderbird-debuginfo-52.8.0-2.el6_9.i686.rpm - Scientific Linux Development Team