[opensuse-security] RE: [security-announce] openSUSE-SU-2014:0976-1: important: MozillaThunderbird: Update to 24.7.0
See below. Does this apply to us?
Toby Miller | ISO | Enterprise Services (ES) Unisys | 50 W. Washington St | LL12 | 630-391-2345 | 312-983-0232
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
-----Original Message----- From: opensuse-security@opensuse.org [mailto:opensuse-security@opensuse.org] Sent: Monday, August 11, 2014 3:05 AM To: opensuse-security-announce@opensuse.org Subject: [security-announce] openSUSE-SU-2014:0976-1: important: MozillaThunderbird: Update to 24.7.0
openSUSE Security Update: MozillaThunderbird: Update to 24.7.0 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0976-1 Rating: important References: #887746 Cross-References: CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557
Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images
A standalone enigmail 1.7 package that was previously built as part of MozillaThunderbird was added.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-487
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-487
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
MozillaThunderbird-24.7.0-70.27.1 MozillaThunderbird-buildsymbols-24.7.0-70.27.1 MozillaThunderbird-debuginfo-24.7.0-70.27.1 MozillaThunderbird-debugsource-24.7.0-70.27.1 MozillaThunderbird-devel-24.7.0-70.27.1 MozillaThunderbird-translations-common-24.7.0-70.27.1 MozillaThunderbird-translations-other-24.7.0-70.27.1 enigmail-1.7-2.1 enigmail-debuginfo-1.7-2.1 enigmail-debugsource-1.7-2.1
- openSUSE 12.3 (i586 x86_64):
MozillaThunderbird-24.7.0-61.55.1 MozillaThunderbird-buildsymbols-24.7.0-61.55.1 MozillaThunderbird-debuginfo-24.7.0-61.55.1 MozillaThunderbird-debugsource-24.7.0-61.55.1 MozillaThunderbird-devel-24.7.0-61.55.1 MozillaThunderbird-translations-common-24.7.0-61.55.1 MozillaThunderbird-translations-other-24.7.0-61.55.1 enigmail-1.7-2.1 enigmail-debuginfo-1.7-2.1 enigmail-debugsource-1.7-2.1
References:
http://support.novell.com/security/cve/CVE-2014-1544.html http://support.novell.com/security/cve/CVE-2014-1547.html http://support.novell.com/security/cve/CVE-2014-1548.html http://support.novell.com/security/cve/CVE-2014-1555.html http://support.novell.com/security/cve/CVE-2014-1556.html http://support.novell.com/security/cve/CVE-2014-1557.html https://bugzilla.novell.com/887746
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Content-ID: alpine.LSU.2.11.1408141006400.2676@minas-tirith.valinor
El 2014-08-11 a las 11:47 -0500, Miller, William Toby escribió:
See below. Does this apply to us?
Which is "us"? openSUSE? Yes, of course it does.
This is an open mail list, not a business support line. Probably thousands of people may read this and respond, or not.
The opensuse-security-announce@opensuse.org is a read-only mail list, where information about several openSUSE and SUSE distributions are posted by authorized people and robots. Replies there by people like you are automatically forwarded to opensuse-security@opensuse.org, that is, here.
And here, help is provided mostly by volunteers. So... what is your question, please? :-)
Toby Miller | ISO | Enterprise Services (ES) Unisys | 50 W. Washington St | LL12 | 630-391-2345 | 312-983-0232
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Utterly irrelevant and disregarded when you post to a worl-wide, international mail list >:-P
- -- Cheers Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith))
On Thu, Aug 14, 2014 at 10:07:29AM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Content-ID: alpine.LSU.2.11.1408141006400.2676@minas-tirith.valinor
El 2014-08-11 a las 11:47 -0500, Miller, William Toby escribió:
See below. Does this apply to us?
Which is "us"? openSUSE? Yes, of course it does.
The problem is that this email was most likely intended for an internal address there, just confused by the set Reply-To.
Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2014-08-14 a las 10:27 +0200, Marcus Meissner escribió:
On Thu, Aug 14, 2014 at 10:07:29AM +0200, Carlos E. R. wrote:
El 2014-08-11 a las 11:47 -0500, Miller, William Toby escribió:
See below. Does this apply to us?
Which is "us"? openSUSE? Yes, of course it does.
The problem is that this email was most likely intended for an internal address there, just confused by the set Reply-To.
LOL.
- -- Cheers Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith))
-
Carlos E. R. -
Carlos E. R. -
Marcus Meissner -
Miller, William Toby