Mailinglist Archive: opensuse-updates (116 mails)

< Previous Next >
openSUSE-SU-2017:1579-1: moderate: Security update for Mozilla Thunderbird
openSUSE Security Update: Security update for Mozilla Thunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:1579-1
Rating: moderate
References: #1040105 #1042090 #1043960
Cross-References: CVE-2017-5470 CVE-2017-5472 CVE-2017-7749
CVE-2017-7750 CVE-2017-7751 CVE-2017-7752
CVE-2017-7754 CVE-2017-7756 CVE-2017-7757
CVE-2017-7758 CVE-2017-7763 CVE-2017-7764
CVE-2017-7765 CVE-2017-7771 CVE-2017-7772
CVE-2017-7773 CVE-2017-7774 CVE-2017-7775
CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 21 vulnerabilities is now available.

Description:

This update to Thunderbird 52.2 fixes security issues and bugs.

The following vulnerabilities were fixed:

* CVE-2017-5472: Use-after-free using destroyed node when regenerating
trees
* CVE-2017-7749: Use-after-free during docshell reloading
* CVE-2017-7750: Use-after-free with track elements
* CVE-2017-7751: Use-after-free with content viewer listeners
* CVE-2017-7752: Use-after-free with IME input
* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
errors
* CVE-2017-7757: Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777: Vulnerabilities in the Graphite 2 library
* CVE-2017-7758: Out-of-bounds read in Opus encoder
* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics
and other unicode blocks
* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR
52.2

Mozilla Thunderbird now requires NSS 3.28.5.

The following bugs were fixed:

* Embedded images not shown in email received from Hotmail/Outlook
webmailer
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain circumstances
when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't exist in
the message not opening in external browser


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-694=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

MozillaThunderbird-52.2-36.1
MozillaThunderbird-buildsymbols-52.2-36.1
MozillaThunderbird-devel-52.2-36.1
MozillaThunderbird-translations-common-52.2-36.1
MozillaThunderbird-translations-other-52.2-36.1


References:

https://www.suse.com/security/cve/CVE-2017-5470.html
https://www.suse.com/security/cve/CVE-2017-5472.html
https://www.suse.com/security/cve/CVE-2017-7749.html
https://www.suse.com/security/cve/CVE-2017-7750.html
https://www.suse.com/security/cve/CVE-2017-7751.html
https://www.suse.com/security/cve/CVE-2017-7752.html
https://www.suse.com/security/cve/CVE-2017-7754.html
https://www.suse.com/security/cve/CVE-2017-7756.html
https://www.suse.com/security/cve/CVE-2017-7757.html
https://www.suse.com/security/cve/CVE-2017-7758.html
https://www.suse.com/security/cve/CVE-2017-7763.html
https://www.suse.com/security/cve/CVE-2017-7764.html
https://www.suse.com/security/cve/CVE-2017-7765.html
https://www.suse.com/security/cve/CVE-2017-7771.html
https://www.suse.com/security/cve/CVE-2017-7772.html
https://www.suse.com/security/cve/CVE-2017-7773.html
https://www.suse.com/security/cve/CVE-2017-7774.html
https://www.suse.com/security/cve/CVE-2017-7775.html
https://www.suse.com/security/cve/CVE-2017-7776.html
https://www.suse.com/security/cve/CVE-2017-7777.html
https://www.suse.com/security/cve/CVE-2017-7778.html
https://bugzilla.suse.com/1040105
https://bugzilla.suse.com/1042090
https://bugzilla.suse.com/1043960


< Previous Next >
This Thread
  • No further messages