Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0469-1

Опубликовано: 22 фев. 2019
Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird to version 60.5.1 fixes the following issues:

Security issues fixed (MFSA 2019-06 bsc#1125330):

  • CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions.
  • CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistakenly that emails bring a valid sugnature.
  • CVE-2018-18356: Fixed a Use-after-free in Skia.
  • CVE-2019-5785: Fixed an Integer overflow in Skia.

Список пакетов

SUSE Linux Enterprise Workstation Extension 15
MozillaThunderbird-60.5.1-3.24.1
MozillaThunderbird-translations-common-60.5.1-3.24.1
MozillaThunderbird-translations-other-60.5.1-3.24.1

Ссылки

Описание

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.5.1-3.24.1
Ссылки

Описание

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.5.1-3.24.1
Ссылки

Описание

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.5.1-3.24.1
Ссылки

Описание

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.5.1-3.24.1
SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.5.1-3.24.1
Ссылки