SUSE-SU-2019:1495-1

Опубликовано: 14 июн. 2019

Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following security issues:

CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595).
CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595).
CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595).
CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595).

Список пакетов

SUSE Linux Enterprise Workstation Extension 15

MozillaThunderbird-60.7.0-3.36.1

MozillaThunderbird-translations-common-60.7.0-3.36.1

MozillaThunderbird-translations-other-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1

MozillaThunderbird-60.7.0-3.36.1

MozillaThunderbird-translations-common-60.7.0-3.36.1

MozillaThunderbird-translations-other-60.7.0-3.36.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191495-1/
Link for SUSE-SU-2019:1495-1
https://lists.suse.com/pipermail/sle-security-updates/2019-June/005558.html
E-Mail link for SUSE-SU-2019:1495-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1137595
SUSE Bug 1137595
https://www.suse.com/security/cve/CVE-2019-11703/
SUSE CVE CVE-2019-11703 page
https://www.suse.com/security/cve/CVE-2019-11704/
SUSE CVE CVE-2019-11704 page
https://www.suse.com/security/cve/CVE-2019-11705/
SUSE CVE CVE-2019-11705 page
https://www.suse.com/security/cve/CVE-2019-11706/
SUSE CVE CVE-2019-11706 page

Описание

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.7.0-3.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11703.html
CVE-2019-11703
https://bugzilla.suse.com/1137595
SUSE Bug 1137595

Описание

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.7.0-3.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11704.html
CVE-2019-11704
https://bugzilla.suse.com/1137595
SUSE Bug 1137595

Описание

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.7.0-3.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11705.html
CVE-2019-11705
https://bugzilla.suse.com/1137595
SUSE Bug 1137595

Описание

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-60.7.0-3.36.1

SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.7.0-3.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11706.html
CVE-2019-11706
https://bugzilla.suse.com/1137595
SUSE Bug 1137595

SUSE-SU-2019:1495-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 15

SUSE Linux Enterprise Workstation Extension 15 SP1

Ссылки

Уязвимость: CVE-2019-11703

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11704

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11705

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11706

Описание

Затронутые продукты

Ссылки