Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1958-1: moderate: update for MozillaThunderbird
openSUSE Security Update: update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1958-1
Rating: moderate
References: #854370
Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5613
CVE-2013-5615 CVE-2013-5616 CVE-2013-5618
CVE-2013-6629 CVE-2013-6630 CVE-2013-6671
CVE-2013-6673
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:


- update to Thunderbird 24.2.0 (bnc#854370)
* requires NSS 3.15.3.1 or higher
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous
memory safety hazards
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free
in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free
during Table Editing
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation
violation when replacing ordered list elements
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings
for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC
typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI
certificate (fixed via NSS 3.15.3.1)

- update to Thunderbird 24.1.1
* requires NSPR 4.10.2 and NSS 3.15.3 for security reasons
* fix binary compatibility issues for patch level updates
(bmo#927073)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2013-1022

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

MozillaThunderbird-24.2.0-70.7.2
MozillaThunderbird-buildsymbols-24.2.0-70.7.2
MozillaThunderbird-debuginfo-24.2.0-70.7.2
MozillaThunderbird-debugsource-24.2.0-70.7.2
MozillaThunderbird-devel-24.2.0-70.7.2
MozillaThunderbird-translations-common-24.2.0-70.7.2
MozillaThunderbird-translations-other-24.2.0-70.7.2
enigmail-1.6.0+24.2.0-70.7.2
enigmail-debuginfo-1.6.0+24.2.0-70.7.2


References:

http://support.novell.com/security/cve/CVE-2013-5609.html
http://support.novell.com/security/cve/CVE-2013-5610.html
http://support.novell.com/security/cve/CVE-2013-5613.html
http://support.novell.com/security/cve/CVE-2013-5615.html
http://support.novell.com/security/cve/CVE-2013-5616.html
http://support.novell.com/security/cve/CVE-2013-5618.html
http://support.novell.com/security/cve/CVE-2013-6629.html
http://support.novell.com/security/cve/CVE-2013-6630.html
http://support.novell.com/security/cve/CVE-2013-6671.html
http://support.novell.com/security/cve/CVE-2013-6673.html
https://bugzilla.novell.com/854370


< Previous Next >
This Thread
  • No further messages