openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1635-1 Rating: important References: #1182863 #1189547 #1190244 #1190269 #1191332 #1192250 #1193485 Cross-References: CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546
CVSS scores: CVE-2021-29991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-32810 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-32810 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-38492 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38497 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38498 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38501 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38507 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-38509 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-43536 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43538 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-43539 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-43543 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-43545 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes 33 vulnerabilities is now available.
This update for MozillaThunderbird fixes the following issues:
- Update to version 91.3.2 - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244)
- Update to version 91.2 MFSA 2021-47 (bsc#1191332) - CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion - CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux - CVE-2021-32810: Data race in crossbeam-deque - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 - CVE-2021-38496: Use-after-free in MessageTask - CVE-2021-38497: Validation message could have been overlaid on another origin - CVE-2021-38498: Use-after-free of nsLanguageAtomService object - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections
- Update to version 91.1.0 MFSA 2021-41 (bsc#1190269) - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1
- Update to version 91.0.1 MFSA 2021-37 (bsc#1189547) - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
This update was imported from the SUSE:SLE-15-SP2:Update update project.
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1635=1
- openSUSE Leap 15.2 (x86_64):
MozillaThunderbird-91.4.0-lp188.8.131.52 MozillaThunderbird-debuginfo-91.4.0-lp184.108.40.206 MozillaThunderbird-debugsource-91.4.0-lp220.127.116.11 MozillaThunderbird-translations-common-91.4.0-lp18.104.22.168 MozillaThunderbird-translations-other-91.4.0-lp22.214.171.124
https://www.suse.com/security/cve/CVE-2021-29981.html https://www.suse.com/security/cve/CVE-2021-29982.html https://www.suse.com/security/cve/CVE-2021-29987.html https://www.suse.com/security/cve/CVE-2021-29991.html https://www.suse.com/security/cve/CVE-2021-32810.html https://www.suse.com/security/cve/CVE-2021-38492.html https://www.suse.com/security/cve/CVE-2021-38493.html https://www.suse.com/security/cve/CVE-2021-38495.html https://www.suse.com/security/cve/CVE-2021-38496.html https://www.suse.com/security/cve/CVE-2021-38497.html https://www.suse.com/security/cve/CVE-2021-38498.html https://www.suse.com/security/cve/CVE-2021-38500.html https://www.suse.com/security/cve/CVE-2021-38501.html https://www.suse.com/security/cve/CVE-2021-38502.html https://www.suse.com/security/cve/CVE-2021-38503.html https://www.suse.com/security/cve/CVE-2021-38504.html https://www.suse.com/security/cve/CVE-2021-38505.html https://www.suse.com/security/cve/CVE-2021-38506.html https://www.suse.com/security/cve/CVE-2021-38507.html https://www.suse.com/security/cve/CVE-2021-38508.html https://www.suse.com/security/cve/CVE-2021-38509.html https://www.suse.com/security/cve/CVE-2021-38510.html https://www.suse.com/security/cve/CVE-2021-40529.html https://www.suse.com/security/cve/CVE-2021-43528.html https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1182863 https://bugzilla.suse.com/1189547 https://bugzilla.suse.com/1190244 https://bugzilla.suse.com/1190269 https://bugzilla.suse.com/1191332 https://bugzilla.suse.com/1192250 https://bugzilla.suse.com/1193485